đź”–

Reads I Really Enjoy

Away from Exploit Development

I wanted to get into exploit dev. Though it’s a very “fun” endeavor, I’ve always questioned the practicality of making it into a career. There are definitely jobs out there that pays you to fuzz binaries and develop exploits (VE/VR), but reading this article changed my mind to try to make a career out of it, and these days I’m doing it just for fun instead.

Detection Engineering

In the course of my work, I’m working with writing detection rules. This blog has some pretty good articles on the subject. But one article stood out to me the most, which is one Security Research in the Product Development phase. This really resonated with me because I’ve been having a hard time finding other people in this intersection of Cyber Research and Product Research, so reading an article on it was really refreshing.

DFIR Reports

Should be a familiar one to most of you. I love reading about how APTs are attacking organizations, and what TTPs they use. It’s really great to validate the rules and mindsets I have when working in job that is supposed to come up with detection rules. It also really help with Attack Simulations.

MITRE Evaluations

Not really a blog, but results of evaluations for EDRs based on real world attacks. It’s a really interesting read because
  1. You get to know the TTPs of APTs, and these can be used for simulations.
  1. You get to know how other vendors implement their detections.
Â