Answering a noob's questions
- Tadi
- Newsletter
- February 6, 2025
Table of Contents
Yoo Welcome to Issue #20 of Navigating Security.
đQuote of the week:
Iâm too lazy to lookup quotes.
 Tadi
What To Expect đŤĄ
- Answering questions from the previous issue by Byron, the ânoobâ đ
- A new series coming out soon as well? đ¤
This Weekâs YouTube Video:
What I learned from 300+ days of being a hacker (so far)
â ď¸ The newsletter is currently not sponsored
Answering questions from the last post đ
As you may have seen, I have a friend helping me out with the newsletter now because I canât do anything consistently. If you havenât read the previous newsletter issue, I suggest you do so, but you can probably get away with just following along.
[How a Noob follows the ultimate hacker roadmap.
Take small steps towards your goals.
âHow do you build muscle memory when it comes to OWASP-related vulnerabilities, even when youâre expecting SQL injection itâs almost like each time youâre doing something completely different.
 Byron
đ °ď¸ Muscle memory is built with practice, just like everything else. The more you do it, the more youâll know how to approach different situations because in reality no situation is the same. The principal concept is what matters.
âHow do you maintain patience and precision when using time-based blind SQL injections?
 Byron
đ °ď¸ Youâre literally shooting in the dark. Patience is a virtue.
âCan you explain why the classic payload ' OR '1'='1 works, and in what scenarios it might fail?
 Byron
đ °ď¸ What I can tell you is it doesnât work anymore in modern applications, especially considering that most developers know how to write âsafeâ code against those types of attacks. SQLi still exists, itâs just a little more complicated than before. The following articles might be helpful:
- https://pentesterlab.com/blog/or-1=1-is-dying
- https://www.reddit.com/r/programming/comments/1h4wm6a/sql_injection_in_2024_the_vulnerability_that_wont/
âDoes experience with app development help with web app hacking?
 Byron
đ °ď¸ Yes. As a beginner, probably not, but when you reach a point where youâve progressed past being a scriptkiddie itâll be harder to hack without some knowledge of how applications are built.
âWhatâs the best approach to mastering OWASP-related vulnerabilities, since they seem to be a common requirement on job postings?
 Byron
đ °ď¸ Practice, practice, practice. Do CTFs, do labs, read disclosure reports. Pick a few things you are most interested in and go as deep as possible.
New Year, New Series đ¤
https://imgflip.com/tag/new+year+new+me
I might just be back from my many frequent hiatuses.
When I started creating content, I never intended to come across as a teacher in any way. I didnât know much, so I wanted it to feel more like, “Hereâs what Iâm learningâcome learn with me.”
Iâd like to return to that approach and show you how Iâm now growing into a more mid-level professionalânot necessarily a noob anymore.
The series will be called How Iâm Learning to Be a Better Pentester. Iâll primarily be highlighting what Iâm learning, how Iâm being intentional about my growth, and how you can be too. The first post should be on LinkedIn soon, if itâs not alreadyâso catch me there as well!
As always, if you have any questions or suggestions, feel free to hit me up on LinkedIn or Discord. Cheers!
âąď¸Incase you missed the previous issue, here you go:
[How a Noob follows the ultimate hacker roadmap.
Take small steps towards your goals.
Suggestions
Hit me up on Discord or LinkedIn if you have anything you feel would be cool to include. Thanks, Cheers.
