fix typos

content/posts/Hacking-methodology.md

@@ -8,7 +8,7 @@ It's not about the general methodology (you can easily get this one on google) b
 
 ## My Methodology
 
-Took me time to define my own hacking methodology and it might still change (improvements plz). I was very confused as a beginner on my first CTF. Hacking communities are know to be very welcoming nowadays but for teh sake of effort no one will just serve you flags, answers or even hints sometimes. Don't get me wrong that's a very good thing because that's exactly what it's about so you know what to expect. They will instead point you toward general concepts or learning material. Got it already? First thing you need in the cyber is `curiosity`. Seriously, wanna "hack" anything you do not understand yourself? You better learn to `Google` real quick
+Took me time to define my own hacking methodology and it might still change (improvements plz). I was very confused as a beginner on my first CTF. Hacking communities are know to be very welcoming nowadays but for the sake of effort no one will just serve you flags, answers or even hints sometimes. Don't get me wrong that's a very good thing because that's exactly what it's about so you know what to expect. They will instead point you toward general concepts or learning material. Got it already? First thing you need in the cyber is `curiosity`. Seriously, wanna "hack" anything you do not understand yourself? You better learn to `Google` real quick
 
 I won't tell you the generic things like "you need to know this and that..." to get into cybersecurity or play CTFs but there is a general methodology to know.
 
@@ -38,33 +38,34 @@ Basically, that's what I do! mostly Google! I have no shame!
 
 Be it a challenge, a lab, a machine...If I don't know it I Google it! Obviously it doesn't always work (Google-fu is an art)
 
-Now you already noticed I said this first step was about "Reconnaissance"...The mainstream thing to know is how to get `information` about your target. But as not every kind of information is on Google you still need your brain + automated tools. Brain first because you have to know what tool to use. I talk about my tools in [another post]({{< ref "/writeups" >}} "Writeups"). Also I won't teach enumeration or reconnaissance here (it's a huge subject). But how do I do it when Google isn't enough?
+Now you already noticed I said this first step was about "Reconnaissance"...The mainstream thing to know is how to get `information` about your target. But as not every kind of information is on Google you still need your brain + automated tools. Brain first because you have to know what tool to use. I talk about my tools in [another post]({{< ref "/My-Favorite-Tools" >}} "My Favorite Tools").
+Also I won't teach enumeration or reconnaissance here (it's a huge subject). But how do I do it when Google isn't enough?
 
 Every machine starts with a `nmap` scan (or `rustscan` if you are not that patient). But once the scan is over and you see the open ports and available services that's where your "analysis" should kick in! The next steps is the funniest one
 
-## Step 1: Exploitation
+## Step 2: Exploitation
 
 Here again I basically Google everything! It's the part where you take advantage of the information you got (step 1) to solve the problem. But there are many types of problems and solving methods are too specific to be debated here so I will just talk about my favorite ones
 
-- Machines/Systems: So far I know about linux and windows. Those usually need the most enumeration. These types of challenges are usually to showcase a common vulnerabilty (`exploitdb` and `github` got your back) or you get access through a server (web,ssh,rdp...). Once again Google will save you
-- Cryptography: Oh I love those! they go from "`cyberchef`,`boxentriq` or `dcode` will do" to "you have to reverse engineer the whole cypher or encoding method to decode this one" (you might need some `scripting` skills for the reverse engineering part...just...just learn `python`)
+- Machines/Systems: So far I know about Linux and Windows. Those usually need the most enumeration. These types of challenges are usually to showcase a common vulnerability (`exploitdb` and `github` got your back) or you get access through a server (web,ssh,rdp...). Once again Google will save you
+- Cryptography: Oh I love those! they go from "`cyberchef`,`boxentriq` or `dcode` will do" to "you have to reverse engineer the whole Cypher or encoding method to decode this one" (you might need some `scripting` skills for the reverse engineering part...just...just learn `python`)
 - OSINT: This one would go into reconnaissance but it takes more critical thinking than you think so add it to a LOT of Google searches
 - Steganography: You need hints to even think about this one! sometimes the context helps...sometimes the author is just like "f*ck you! here is a picture" (with obviously no exif data). If they were nice you have to `stegseek` the `steghide` passphrase, else you have to deduce it from "context". And if it's not a picture, well you know what to do!
 - Pwn/Binary exploitation: input mad long characters sequences, Learn `C`, Learn some `Assembly`, cry a little, then just run any `decompiler`, `debugger` or `disassembler` you know and hope for the best
 - Android: Install `android studio` first, Learn to decompile `apk` and get familiar with `proxies`
-- Web: Memorize `The OWASP top 10` vulnerabilities and how to exploit them, Fire up `Burpsuite` or your favorite proxy on every input field you ever see
+- Web: Memorize `The OWASP top 10` vulnerabilities and how to exploit them, Fire up `BurpSuite` or your favorite proxy on every input field you ever see
 
-Now to those who expected step 3 to be about `privilege escalation`, SIKE! I put privilege escalation here because it's my methodology steps and not hacking steps!
+Now to those who expected step 3 to be about `privilege escalation`, SIKE! I put privilege escalation here in step 2 because it's my methodology steps and not my hacking steps!
 
-I consider privesc a form of exploitation (just local). You mostly have to learn about this one, because the common vectors are already known. Or use noisy scripts like `linpeas` or `winpeas`
+I consider privesc a form of exploitation (just local). You mostly have to learn about this one, because the common vectors are already known. Or use noisy scripts like `linpeas` or `winpeas` to win some time.
 
 ## Step 3: Writeups
 
 After you did everything (succeed or failed miserably) writeups are an important step (well, for me at least).
 
 If you solved the problem, it's time to write about how you did it! It will help you retain information better. I often re-read my old writeups to solve similar challenges. Also you can help others by doing so, and you should read other's writeups to learn alternative ways of solving the problem. They probably did it differently and you might wanna be aware of that.
 
-If you were just stuck for too long (This is very relative) and wanna move on you can read a writeup (YES you CAN). I personally think learning is the most important thing in all this, so whenever I admit the challenge was too hard for me I look for writeups. But it should usually be a last resort. Most platforms have forums and chatrooms where you can get hints before going for a whole "tutorial". Also never EVER accept writeups that give flags or answers away. That's sh*tty learning material. Even after reading the writeup, close it and re-do the challenge yourself. You retain more by doing than just reading, so that's the whole point
+If you were just stuck for too long (This is very relative) and wanna move on you can read a writeup (YES you CAN). I personally think learning is the most important thing in all this, so whenever I admit the challenge was too hard for me I look for writeups. But it should usually be a last resort. Most platforms have forums and ChatRooms where you can get hints before going for a whole "tutorial". Also never EVER accept writeups that give flags or answers away. That's sh*tty learning material. Even after reading the writeup, close it and re-do the challenge yourself. You retain more by doing than just reading, so that's the whole point
 
 Now what if no writeup is available?
 

content/posts/Learning-Resources.md

@@ -4,19 +4,19 @@ date: 2023-06-19T18:47:31+01:00
 draft: false
 ---
 
-We are at this point where I talk more about my endless learning journey (again). Every living blogger in the tech field once felt the urge to share and talk about his favorite learning places (indeniably). Today I wanna talk about some cool places on internet to learn hacking related skills.
+We are at this point where I talk more about my endless learning journey (again). Every living blogger in the tech field once felt the urge to share and talk about his favorite learning places (undeniably). Today I wanna talk about some cool places on internet to learn hacking related skills.
 
 From what I noticed, most cybersec platforms tend to try and teach you "everything" but cannot really go deep in a particular field. This leave you with a general idea of things and most people also tend to specialize in specific domains. By example when playing CTFs you will always meet those kind of people:
 
-- the web expert: web is his thing and he know more about javascript and php than his own genealogy. He ALWAYS start with web challenges and captures everything he can with burpsuite. he usually also like OSINT but Pwn might not be his best bet.
+- the web expert: web is his thing and he know more about javascript and php than his own genealogy. He ALWAYS start with web challenges and captures everything he can with BurpSuite. he usually also like OSINT but Pwn might not be his best bet.
 
-- the pwn god: he was studying C and assembly since his birth then decided it was not hard enough and mastered machine language. The very essence of hacking flow through his veins and no one know why he input "aaaaaaaaaaaaaaaaaaa" everytime he can. He have no weaknesses but voluntary chose to ignore web and OSINT.
+- the pwn god: he was studying C and assembly since his birth then decided it was not hard enough and mastered machine language. The very essence of hacking flow through his veins and no one know why he input "aaaaaaaaaaaaaaaaaaa" every time he can. He have no weaknesses but voluntary chose to ignore web and OSINT.
 
-- the cryptoanalyst: He know the difference between encryption and encoding and would swear words at you if you misuse any word. Name any cypher or crypto algorythm, he know about them. He probably rewrote most of them in python or created his own. He might also like reverse engineering but might be just decent in Pwn and web. He hates OSINT.
+- the cryptanalyst: He know the difference between encryption and encoding and would swear words at you if you misuse any word. Name any Cypher or crypto algorithm, he know about them. He probably rewrote most of them in python or created his own. He might also like reverse engineering but might be just decent in Pwn and web. He hates OSINT.
 
-- the investigator: probably works for the FBI. OSINT and forensics are his passion. He knows everything about everybody and could easily make a living selling your data on the dark web. Do not ask him to spy on you ex as he might already be spying on your whole neighbourhood.
+- the investigator: probably works for the FBI. OSINT and forensics are his passion. He knows everything about everybody and could easily make a living selling your data on the dark web. Do not ask him to spy on you ex as he might already be spying on your whole neighborhood.
 
-- the network legend: that guy takes the OSI model very seriously and can convert ip addresses to binary mentally. wireshark is constantly running in the background of his machine and scappy is his favorite python library.
+- the network legend: that guy takes the OSI model very seriously and can convert ip addresses to binary mentally. Wireshark is constantly running in the background of his machine and scapy is his favorite python library.
 
 You got the point...most people are decent at everything but tend to be stronger somewhere specific. You rarely meet someone equally strong at everything, but note that the depth of understanding those various fields is also never the same for everybody.
 
@@ -26,7 +26,7 @@ The learning resources I share here are focused on specific topics. I will there
 
 You wanna be a hacker? well... how much do you know about computers?
 
-- [linuxjourney](https://linuxjourney.com/): I like this one alot as they support multiple languages. You can learn linux basics from A to Z in your native language.
+- [Linux journey](https://linuxjourney.com/): I like this one a lot as they support multiple languages. You can learn Linux basics from A to Z in your native language.
 - [ctf101](https://ctf101.org/): this one is self explanatory
 - [hoppers roppers](https://www.roppers.org): the most academic way of introducing you to CTfs
 
@@ -44,12 +44,13 @@ Most CTF platforms are focused on this one already so not many platforms specifi
 
 ## Crypto
 
-I found many platforms that teach crypto but none was purely theorical nor solely focused on crypto. I already share them in my [CTF]({{< ref "/CTFs" >}} "CTF") article
+I found many platforms that teach crypto but none was purely theoretical nor solely focused on crypto. I already share them in my [CTF]({{< ref "/CTFs" >}} "CTF") article
 
 ## Extra
 
-- [hackpack](https://hackpack.club/): ok this one is not just into theory but I thought it deserved to be here
+- [HackPack](https://hackpack.club/): ok this one is not just into theory but I thought it deserved to be here
 - [ctf resources](https://ctfs.github.io/resources/): more resources
 - [Erling Ellngsen's website](http://alf.nu/)
+- [OSU wiki](https://wiki.osucyber.club/en/Bootcamp-CTF/Challenge-Types)
 
-That's mostly what I got so far. I am still looking for more learning resources and I will add them here when I find more. You can contact me anytime if you have any interresting one to share. You can check my other articles to get more "practical" learning resources.
+That's mostly what I got so far. I am still looking for more learning resources and I will add them here when I find more. You can contact me anytime if you have any interesting one to share. You can check my other articles to get more "practical" learning resources.