So I guess an introduction is in order here.

Hello, my name is cinder, otherwise know as "cenereh" on GitHub. I just turned 20 (yes i am getting old) and I have decided to start my own blog! I've made cybersecurity research my passion a long time ago, probably around secondary school. At the moment, I am a SOC analyst, working as a blue team operator. My main research field is the Windows kernel, its internals and anything that runs at ring 0. I'm mostly interested in AV/EDR solutions and I am currently trying to further refine my skills as a security analyst.

I mostly hang around crow's discord community and I've noticed that plenty of people had personal blogs there, so I decided to join in on the fun and try to make some posts of my own. Not only will it motivate me to improve my research skillset, but it may also pique others' interest in the topic of cybersecurity, particularly the aspects I enjoy most: offensive security!

My goal in cyber:

My goal is to get specialized in the field of vulnerability research and exploit development. You may be wondering why, so I'll let the following quote answer your question:

"Cybersecurity experts can be divided into two groups: those who can discover zero-day vulnerabilities and those who can't."

Cybersecurity is pretty much a pyramid: on top sit the ones doing all the research work and writing papers about their findings: bug hunters, reverse engineers and so on. They sit at the top because their work consist of finding something that does not exist yet, hence why they are called "researchers". In the knowledge pyramid, they are the ones that get access to a new methodology or vulnerability first since they are the ones discovering it. Below them sit the rest of cybersecurity: threat intelligence operators, pentesters, SOC analysts and so on.

Now, the concept of "pyramid" should never be mistaken for "researchers are the best and everyone else is a moron": it's just to give a nice representation of who gets their hands first on a new piece of knowledge, and it being at the top of the "pyramid" isn't even the reason I am pursuing a career in this field. It simply represents me the best: someone that, no matter the subject, always wants to know everything about it. Unveiling the unknown is the feeling I love the most, and pursuing a career as a researcher allows me to do exactly that for a living! I also like to break stuff, hence why I want to become a cybersecurity researcher and not do the same thing in aereospace or farming (even though in aereospace research you could break stuff anyway, just look at the F22)

Why I'm starting this blog:

Honestly, I don't know either. Maybe it's because I need a public diary to waffle about the things I discover or I work on. It allows me to showcase my passion regarding the vast world of cybersecurity. It's also a nice way for me to keep track about my projects: it allows me to document my work and create a record of my projects, which I can refer back to if I need to pause for a while. Plus, it looks really good on my resume.

The best way of learning something new is to explain it to someone else (see the concept of the learning pyramid), and this blog allows me to explain what I learn and discover to my readers! (implying that someone will read this blog, lol)

What's to come?

I'd like to dedicate this blog to my projects: documenting and explaining the thought process behind them. There will be some "pundit" posts where I express my personal opinion about certain subjects: for example how shite is the weather in Milan or me ranting about my football team. And before you ask: no politics. I'll stay as politically neutral as possible since I hardly believe that you are here for politics. If you are, check this out instead.

Jokes aside, I don't want to post strictly technical content here. I don't want this to look like a boring piece of documentation about what I find or create, I also want to show a bit of personal side with some off-topic waffling as well, like we are best mates at a pub in front of a couple of pints.

I'm still figuring out the best way to sign off my blog posts, just as with my emails. In the meantime, stay tuned for more content!

Welcome to the club!