The perspective that once personal identifiable information (PII) or personal health information (PHI) has been leaked, subsequent leaks are less significant is a common one. However, there are several reasons why each new data breach remains a significant concern, regardless of past breaches. So why does each individual data breach matter?

I’m so sick of the Hack The Box Academy website. It’s such a horrible, horrible website. Contacting them to report a problem is no help either. The people that respond are all about blaming the problem on you, or your computer, or your browser, or your ISP. They don’t even treat you like a paying customer. They act like you’re spending your own valuable free time to write them an email to lie about their website being broken.

The Zed Attack Proxy is junk. The interface is not intuitive and worst of all, it leaks memory. It has crashed my computer twice today while performing scans on Hack The Box Web Proxies targets. What is it doing to prevent Linux from killing it off when it consumes all my memory?

As I delve deeper into the field of cybersecurity and penetration testing I’ve discovered that if you search Google or Youtube for “penetration testing note-taking applications” you’ll see there are a surprising number of opinions out there on which application is best. I agree with them, that a reliable note-taking app is indispensable for this sort of work, and so I’ve been on a quest to find which application actually works best for me.

There are so many penetration testing tools to learn. I’m not sure if it’s even possible to learn them all. I’m actually starting to wonder if I’ll end up using a smaller set of “favorites” in the end. Do real penetration testers use all these tools all the time? It’s a lot, to me at least.

The most annoying part of penetration testing so far is the training box instability. For example on Hack The Box Academy, I’ll be working on a box and then it will go down and stop responding, for no apparent reason. It’s not just an occasional thing, it happens all the time. I’ve tried re-downloading my VPN config file and I’ve tried avoiding different times of day, etc., but nothing seem to make a difference.

During my penetration testing studies I’ve come to realize the need for strong passwords is now more important than ever. I only realized recently just how easy it is to crack a weak password.

Today I got a 90-day badge on TryHackMe! It doesn’t feel like 90 days have passed since I started there. It feels more like a few weeks. I’ve been working on the “Complete Beginner” learning path. I’ve completed a lot of rooms and I’m really enjoying the course so far.

First post! So what’s a secure way to blog about cybersecurity and pen-testing? I’m not entirely sure, but I’m figuring it out. I think a good start is to use a static site generator instead of something like Wordpress. I’m using Jekyll, which is a Ruby-based static site generator. It has had a couple of CVEs, but overall, being a static site generator, it’s just not that exploitable. I’m still not sure if this is the best setup, but it’s a good start for now. I’m continuing to tweak things as I go.