Experience Diary: Doing infosec research the right way

Let me share my experience on how I do research on a topic. I would be happy to know your methodology as well :)

SecurityGOAT
5 min readAug 15, 2021
Photo by Dan Dimmock on Unsplash

Today was a bit tough, just because I was struggling to get a topic for a post which would be insigthful and valuable for you all.

And after I had left Twitter, for some peace of mind, I am having quite a lot of time at hand now — since there’s no time getting wasted. But at the same time, I am not able to find some sustainable source of idea right now…

Side Note: If you think you have some topics you wish to learn, send them my way and I will make them more digestible :)

After a lot of thought, I thought to just give away a valuable lesson on how I research into a topic. I think it’s quite important so you can become experts in the field of your choosing, be it RE, Cloud, Web or what not…

Some Important Points

First of all, it all starts with finding out which topic you wish to master.

  1. Start small, don’t rush.
  2. Define what you wish to learn and stick to it, don’t wander around in a day or 2!
    It’s easy to get distracted the second day you found a cool new post or video on a bug someone found! Don’t get distracted. Make sure to stick to what you started, else you won’t be able to reap the benefits. I’ve been in this position a lot of times and I do realize how bad this can be — it wastes a lot of time and nothing gets done!
  3. Try to list all the relevant sources — blogs, talks, research papers on the topic and shortlist a few interesting/popular ones and go through them thoroughly. This will give you a foundation to build upon!
  4. If you wish to learn something well, then try to practice it practically as well. Theoretical knowledge doesn’t lasts for so long my friend. So make sure to try it out and see what it feels like.
    Especially in infosec, knowing about XSS, Command Injection, HTTP Parameter Pollution and so on won’t get you any bugs! It’s the practice of these issues that will make you master in them. That’s why there’s a lot of emphasis being made on online labs, CTFs and Bug Bounty Programs for helping you learn hand-on!
  5. CTFs or labs only give you 1-sided view — how to attack/exploit something. But you won’t know how the vulnerability found it’s way into the code in the first place right (unless you check the source code!).
    So what I try to do is — I also create labs sometimes, so I can try to emulate what I learnt by introducing some bug and then attacking it. Sometimes it leads to quite a lot of interesting finds, that you otherwise wouldn’t have known!
  6. Move away from the labs and do some real work — pentests or bug bounties, whatever works for you.
    Why I say so? Because if you just stick to the labs, you would develop a lab mentality. And that mindset is quite bad! I am sure FB/Google/Microsoft/… don’t have a login page saying hey come exploit SQL Injections here, but the labs you play do hint you over that right!
    In case of a lab, there’s definitely an answer — some issue that you have to exploit. In case of a real-world application, that’s not a necessary thing. And that’s why I say, don’t build a lab mentality — doesn’t helps on a longer run!
  7. Once you think you understand the concept both theoretically & practically, try to teach it to someone who is new to that topic.
    Did you explained them the topic well enough that they can in turn explain it to someone else? If so, well done my friend — you deeply understand the topic and have mastered it quite well!
  8. Next step is to see if you can use this topic in your pentesting or bug bounty journey (if applicable) and try to look out for the relevant issues in different applications.
    Found any? Great! Now you can claim yourself to be an accomplished person in that topic.
  9. Wait… There’s more — don’t stop learning. Now since you know this topic quite well, it’s better to understand this topic from different angles and also try to experiment — maybe coming up with new payloads for the same issue? Try to see if the specifications on the topic (if any) have any gaps that you can leverage to your advantage. Implementation issues? Hunt for them!
    Also, try to look for any projects on GitHub/GitLab and see if you can find any relevant issues in those projects. This will give you much deeper understanding and is definitely something to go for, if you wish to be a GOAT!
  10. Celebrate! It’s important to celebrate this win. Ofcourse it’s not the end of the journey but merely a beginning, but it’s important to reward yourself :)

Closing Thoughts

So how was this post? Insightful? I do hope that.

I would love to hear your methodologies as well. Feel free to share those in the comments below. I will make sure to read those :)

If you enjoyed this post, then please share it with all your friends and colleagues in the infosec community. That would help me get some audience for my blog and would validate that you all are really enjoying the posts. And thus, I could invest more into it and write more in-depth and juicy posts relevant to infosec and pentesting in general!

So help me spread these posts around to help make infosec more approachable for the beginners and more fun for the GOATS ;)

And also, get ready for more fun posts! I have more fun ideas lately and planning to expand more, with more technical content for your brain muscles!

Let me know your feedback in the comments below and feel free to connect on twitter: @_SecurityGOAT

You can also send any topic you wish to learn more about. Send me DM on Twitter or let me know in the comments :)

Lastly, the line which should mostly be a plain ol’ boring one which I have to copy from my previous post every single time!!!! — if you have been enjoying my work and would love to support me, consider checking my Patreon page or you can even Buy Me a Coffee :)

See ya!
Until next time my friend, keep learning and happy hacking.

--

--