Security Research Application

One of the reasons that REplay was developed was to make sure that the owner had a constantly growing environment to train and practice in. This environment was designed to change around the scenarios that the owner came across- such as proprietary encryption algorithms and hybrid network protocols in IoT devices.

With that, I decided to throw in the need to define its application to security research and what the writeups teach you.

1: Documenting

In some of the heavier scenarios, especially in areas like Binary Auditing - 6.4.0 we have to use graphs and formal documents to express our findings and how we can fix them. This helps prepare you for how deeply important documenting findings, conversations, and so much more is during security research.

2: Picking out the little things

In many real world scenarios, when someone who does not do security research is thrown onto a security research project despite them having existing exploitation knowledge, they may run into a block and may only be looking for low hanging fruit. Sometimes, security research can actually be months and months of hex dumps, binary dumps, and nothing but staring at small tiny numbers all day just to turn up with nothing.

Understanding and embedding it in your head that low hanging fruite are not always going to be there out in the open is something that will get you to have a much more wider spectrum of thoughts. In turn, this allows you to actually look for that needle in the haystack- because at times, that is the one thing that can topple entire infrastructure.