date_range 04/27/2020This blogpost is a work of over a week’s worth of full-time research using publicly available sources of information. I’m not associated with the CIA and my sources are limited to Google, news media and leaks. That said, even with a limited number of sources, there is too much information on the topic and it’s impossible to include all of it without making the blogpost impossibly long. I tried to condense the material as much as I could and provide as many references as I could, so that you could all examine the information I used to draw conclusions, if you would like to. Many of the sources I list are in Russian, but you should still be able to examine most of them with Google’s page translation. Please report any broken links and I’ll do my best to fix them. Overall, the blogpost describes how Russia’s disinformation and bot infrastructure came to be. Due to its nature, we may lack crucial information that will come out in later years and if it does, I’ll correct my article. The blogpost isn’t intended to instill some kind of hate against Russians, in fact, if you read through it, you’ll realize that Russian citizens are oppressed and put down by Kremlin’s propaganda infrastructure in a way that people in the West will never be. If you have any feedback, I’ll be happy to hear it out.
I went ahead and counted all the information security resources I have hoarded over the years of learning it and the numbers are staggering:
- 96 courses saved on LinkedIn Learning, most of which I haven’t even started
- 40 e-books that were purchased from bundles on Humble Bundle that I’ve never read
- 6 more hardcopy books lying around my house that I haven’t finished
- 6 Udemy courses that were purchased, but never finished
- 3 months of CodeAcademy Pro that I got for free and have barely used
- 1 free month of Pluralsight that I haven’t used at all
TG:HACK CTF 2020 has been very interesting and intellectually challenging. It made me bang my head on the desk repeatedly in the hopes of numbing the pain of not being able to solve some of the challenges. In the end, I managed to figure out all but the two of the hardest challenges. My writeups are intended to cover the whole process of solving a challenge, so if you don’t want a detailed explanation, just scroll to the payloads.
VolgaCTF 2020 was a pleasant surprise to me as a fan of web application challenges. College and work had taken away my free time to do CTF’s, so coming into these challenges I was extremely rusty. Thankfully it was engaging enough for me to stick around for the whole duration of the CTF and I enjoyed “Library” in particular. As always with my writeups, i’ll try to not just provide the payloads you need, but the logic behind them and how the vulnerabilities were discovered. The challenge started off a bit rough on Friday - people were bruteforcing the website so much, they caused a denial of service and it would refuse connections for half of the first day. Me being the dumbass that I am, thought it was an error that’s part of the challenge, so I spent an unhealthy number of hours trying to get a hold of the token to authenticate. This writeup is intended for beginners, which I myself am, so if you don’t want a detailed explanation of steps, this writeup isn’t for you.
Less than a year after passing the Security+, I can finally proudly say that I passed CySA+ as well. I set my sights on this exam the same day I passed the Security+ and I focused on studying for it extensively over the past two months. I passed it with 845 out of 900 and was really surprised at how well it went despite the fact that CompTIA recommends you to have 3-4 years of technical experience minimum. I’ve got 0. I have no IT or Security work experience, but what I do have is determination and the will to succeed. If such an underqualified 20 year old could pass this exam thanks to those two things, you can as well. The purpose of this blogpost is to share some of the things I found helpful during my studies for it. I explored a diverse range of study materials and I will tell you which ones worked for me and which ones didn’t.