Cipher’s Log #5: The End of the Beginning

I thought I’d post after learning web basics. But then I kept going.
I figured—why stop at the gate when the whole castle is in sight?

Yeah… it’s been a minute.

This blog was supposed to drop right after I finished the basics of web exploitation. That was the plan. But something told me to keep pushing—to tie up the arc I unknowingly started months ago when I first chose cybersecurity.

So I did.

I completed Cybersecurity 101 on TryHackMe.

And not just the fun stuff like exploits and payloads—but the full ride.
From digging through memory dumps to patching firewalls.
From dropping reverse shells to understanding what happens when they hit a SOC.

And now that I’m done with the first phase, it’s time to talk.

---

🧱 The Foundation Layer — Built & Battle-Tested

This wasn’t a sprint. It wasn’t even a marathon.
It was more like wandering through a digital wilderness with a flashlight and slowly building a map.

Here’s what this arc gave me:

• Web Exploitation Fundamentals –
  Learned how apps break—through injections, misconfigurations, IDORs, CSRFs.
  Used tools like Burp Suite (finally starting to feel natural), and understood why OWASP Top 10 exists beyond just a list.

• Offensive Tooling –
  Played with reverse shells, privilege escalation, scanning, enumeration, and payload crafting.
  Started automating recon. Got comfortable with digging into CVEs and understanding exploits beyond copy-paste.

• Defensive Security & Forensics –
  Unexpectedly loved this part too.
  Memory analysis, network forensics, SIEM basics, even threat detection.
  Not my main path—but gave me perspective. Understanding how defenders think sharpens how attackers move.

• Security Principles & People –
  Not everything I learned was in a terminal.
  Some lessons came from studying how humans fail—social engineering vectors, poor patch habits, over-trust.
  Others came from late-night self-doubt and showing up anyway.

---

🚪What Comes Next — The Path Ahead

So… now what?

I’ve completed the first chapter of my journey.
But the real game begins here:

⚔️ PortSwigger Web Security Academy –
This will be my new dojo. Focused. In-depth. Methodical.
No more wandering. Now, it’s about mastery—web apps, logic flaws, lab-by-lab refinement.

🕵️ APT Groups & Real-World TTPs –
Studying adversary behavior. Threat reports. Group tactics.
Wanna know how the pros do it? Start by studying what the ghosts leave behind.

🐞 Bug Bounties & Real Targets –
This is where theory meets chaos.
Time to move beyond labs.
Start finding cracks in real systems, documenting properly, and hopefully making enough to afford future certs too 😭
🧠 TryHackMe: Junior Penetration Tester Path –
After PortSwigger, I’ll loop back in and finish this with fresh perspective and sharper skills.

---

💭 This Chapter Ends, But the Book’s Just Begun

It’s wild looking back.

A few months ago, I didn’t even fully understand what a port was. Now I’m debating packet behavior and toolchains in my sleep. I deleted my Steam library, rewired my mind, and rebuilt my routines—not to impress anyone, but because something inside me shifted.

And now, standing at the edge of the next climb, I realize something important:

This wasn’t a side quest. This was the prologue.

📜 Final Echo

The thing about beginnings is…
they rarely look like the start of something grand.

Mine looked like a confused undergrad with too many tabs open, too much caffeine, and a strange obsession with broken systems.

But here I am.

One path closed. Another opens.

And for once, I’m not afraid.
Because this path—however strange, lonely, or wild—is mine.

But I won’t lie—some nights still feel heavy.
There are days where doubt creeps in like a persistent script, whispering “Are you even going the right way?”
I feel it in the silence after the grind, when there’s no flag to chase, just the weight of my own ambition.
I’m often lost.
I’m usually confused.
And yet… I keep walking.

Because even when I don’t know exactly where I’m going—
I know this is the direction that feels real.

That’s all I need right now.

— Bornov | WizB 🧙‍♂️