Who Says the News is Boring!

Howdy Hackers, I hope everyone is doing well!

This marks the first "News" post rather than a technical one. To help my readers decide if they want to invest their time, I do plan on giving the less Technical articles a clear naming scheme, including [Brackets] around the name to help identify the informal posts.

Given the recent launch of my blog, and the AMAZING shout-out from the TCM Team, I figured the best thing I can do is take a moment to highlight what I plan to cover in upcoming releases and what exactly For Fox Sake is.

With that said -- thanks for checking out my site! I appreciate each and every one of you greatly!

--Eru

For Fox Sake - What to Expect

Subscriptions:

I'm sure if you're reading this, you've noticed that nice, blue "Subscribe" button. Let me be direct in promising that everything I write for this blog that is of a technical nature will always be free. No ads, no BS, no paywall.

That said, I am planning on adding in two optional tiers:

• Buy me a Coffee – This will help me pay for this site, my domain and other continued education related expenses. Everything I do and am working on is entirely out of my own pocket, so this really goes a long way for helping me balance Work, Learning and Life.
• Chaos Included – Genuinely? This is more of a joke tier, as an ex-bartender and a cook of several years, I’m sure I can come up with something exciting. This is entirely non-technical content, likely to include my custom board and bar recipes and nothing else.

HTB Write-ups:

The cornerstone on which this blog is being built, I plan to work through various Hack the Box machines, and include detailed Write-Ups of my experience in each. A common trend I've noticed is that while walkthroughs for established boxes become common over time, the more immediately available materials for Seasonal challenges tend to be very "Copy Pasta" with lower emphasis on the thought process and methodology beyond what the correct answer was.

I hope to round this out by providing more context and details, this will often include where my methodology fails and the steps I take to refine it for future endeavors. These Write-ups should be expected each Tuesday after the relevant room has closed!

CTF Write-ups:

While less regular, I do plan on creating a similar vein of Write-ups rather than walkthroughs for my experience in CTF competitions throughout the year. These will include information on how Team Heckler as a whole did, as well as my individual contributions and problem solving.

Independent Research:

As the year goes on, I plan on moving away from a dependency on curated materials and instead focus on developing my ability to independently pull materials together. This will give me longer lasting results as my education begins to outpace readily available materials and will ensure I have a solid foundation to rely on once I become the person that people come to with questions.

Year-to-Date

At the start of 2024, I took the time to set myself a few New Year's Resolutions. Normally, I'm not much for the tradition, but this time around I had a goal in sight.

1) PJWT:

My first goal of the New Year was to knock out the Practical Junior Web Tester (PJWT) certificate from TCM-Security. I had ended 2023 strong by passing the PJPT on Christmas morning and knew I had to keep the momentum going. In an effort to ensure my foundations were well rounded, I set my sights on the PJWT and managed to pass the exam on my first attempt before the end of February!

2) Being a Cyber Mentor:

My second goal for 2024 was a bit less concrete. I wanted to reach a point of confidence in my own ability that I felt comfortable and able to help others. It's been proven time and time again that one of the most effective ways to master new knowledge is to teach it to another -- and beyond even that, I wanted to pay forward the time and effort so many individuals invested into me as I worked towards my first few certificates. If you ever hang around the TCM discord (and why wouldn't you? Go join!) you're likely to recognize the iconic fox mask that is my pfp.

While I lack the depth of knowledge that some of my peers are able to provide, I have grown to excel in bridging the gap between begineer and advanced. Highlightling the importance of a well-formated question and ensuring that those who provide their help freely also have someone to rely on, are areas where my unique background affords me an advantage.

3) Give Back to the Community:

Very closely tied to my second goal, I wanted to commit to the idea of producing something helpful. Thus, For Fox Sake. While I am certainly not top of the leaderboards, my goal is to provide a unique, methodology focused view on content that is traditionally answered with exacting, literal answers.

If one person is able to learn better from how I've phrased my material, then I can be satisfied that my effort was well spent.

What’s up Next

Q2 - Certifications:

As Q2 begins to reach it's half-way mark, I am setting myself the goal of taking both the CompTia Security+ and the TCM Practical Network Penetration Tester (PNPT) certificates.

Now Eru, two full exams in less than two months? A heavy load certainly, but one I feel confident I will be able to achieve before the end of July (and yes, that is technically part of Q3, shhh!)

Q3 - Reiterate and Master:

Given the uphill battle I'm setting for myself in Q2, I plan to take Q3 to slow down and deepend my understanding of what I've learned to date. Ideally, this will include:

• Projects such as solidifying and publicizing my notes
• Scripting and tooling for areas of my methodology that I've found lacking
• Overall working to smooth out the areas I find the most friction in.

Q4 - Bug Bounty:

To end the year on something more fun, I am planning to dedicate the end of the year to security research via Intigriti and HackerOne. While I can't guarantee any results, I believe that pitting my methodology against hardened targets is the best measure of how much growth I've achieved in my first year in Cyber Security.