Hello everyone! It appears I was reminded by some cool people that having blogs is a thing some people do on the internet. Given that I already had this kind of working a while back (by following Gatsby's tutorials on setting up a simple website) I thought I'd get it into shape and start rambling about stuff I do online. Exciting, right? (Note: This article is the first of hopefully many, but since it's the first I'm writing, I think it will have poor or no structure, so sorry in advance if it gets a bit rambly at times :)
So, a slight whoami: I am currently a Masters in Informatics and Computation Engineering (MIEIC) student at FEUP, having recently finished my 4th year of this course, and getting ready for my fifth and final year in it. I enjoy a lot of things in technology, especially (but not limited to) software development. Since a couple of years ago, I have been gaining interest in the area of Cyber Security, which is something I am now thinking of trying to pursue a career in. This was also a major motivator of getting the blog online, since I will probably post some writeups on challenges I end up doing. I also like reading fantasy books and listening to a broad spectrum of music genres, always with a special place in my heart for jazz :)
Recently, I have been doing some cleaning and catching up. I cleaned up some code that I had been wanting to improve for about a year or more now, since it was a tool that was actually (used and) useful for scheduling the students' exams by checking the overlapping students between N course units. Previously this used selenium and crawled the course unit pages for students one by one, which was considerably slow since SIGARRA is not exactly the fastest website ever. The existence of an API to retrieve this information motivated a rewrite using only python's requests module. I eventually even created a web app with similar features using React, as a way to make this tool more readily available to non-Informatics students which are unlikely to know the tooling involved in making the tool work. They might have ran python scripts or even created some - this is increasingly common, thankfully - but they are unlikely to be familiarized with packages and installing stuff via pip, command line programs, etc. You can check out the tool as well (requires a valid UP account to fully work, but the first steps are still possible without one). Possible future work would be to have a list of courses to schedule exams for (with possibly a predetermined preferred order due to the difficulty of the exams) and use the information retrieved by the tool to reach an optimal solution, reducing the number of collisions automatically. This could probably be implemented in a naïve fashion via some genetic algorithms. I might do this in the future if I see that it can be useful.
Additionally, since I finished my final exams for this semester I got back on my journey on security again. I had left it on hold basically since a little while before the pandemic hit and have since put it off. It was time to catch back up, so I did. I went back to doing HackTheBox challenges, which I thoroughly enjoy. Since coming back I have managed to root all of the Active Machines rated Easy running Linux (Blunder, Traceback, Tabby and Admirer). This has been a great learning experience for me, and one not without its challenges! I am thinking of sharing writeups for these boxes here once they become inactive (or maybe the ones I did before - Traverxec, OpenAdmin, Postman, but the notes I took on those are not as good I believe). Since I cleared every easy active linux box, I am currently thinking of either moving up to medium difficulty linux boxes or starting to learn Windows pentesting (which is also very important in "the biz" - LDAP, SMB, Kerberos, etc.) which is something I still know nearly nothing about. Stay tuned to learn where I'll end up going... ;)
Other than the HTB boxes, I also participated in some portuguese CTFs: BSidesPorto 2020 CTF and 0xOPOSEC Summer Challenge 2020. I participated in the iamroot team in the former, finishing in 3rd place. The latter is still ongoing with me currently holding 6th place, almost placing 3rd but the final challenge getting the best of me and making me lose my spot after a couple of days :)
Other than that, in the meantime I've also had to troubleshoot some issues that came with a kernel upgrade on my laptop not working well with my network card's drivers (which was causing a system hang, resolved by getting updated firmware for it from the respective repo) and started helping NIAEFEUP's new board set up the new server (since the old one's HDDs died just before the pandemic hit, leaving the branch without a website for a while, RIP). I might write up something about the server's setup and how I do it, but I doubt there's enough exploratory content for me to do so, since I already built niployments for situations like this, and the largest difficulties I anticipate are recreating the service's secrets to access external services for example.
Finally, I've been updating my personal website (the one you're looking at!). It has been both bothersome to reconfigure some things that were a bit hammered on, but also interesting to see what I had and how I now can improve it. The biggest pain was probably updating all the information everywhere. I like having a place to dump information about projects and stuff I'm doing, and I think that this blog and the online CV will be useful for that, since there's not a lot of content restrictions either on brevity or context when compared to a LinkedIn profile or a Résumé, for example. It is a bit bothersome to see all this information replicated in several places. However, I don't think that there is a better mechanism to allow me to have my CV/LinkedIn up to date and also have this website where I can drop more "random" things and thoughts. (Thinking of this reminded me that I still have to update some of my information on LinkedIn 🙃)
I think this concludes my first blog post. This might leave you with a decent idea of what this blog will be about while (hopefully) not being overly boring.
Thanks for reading!