feat: hacking apis

7 files changed, 129 insertions, 42 deletions

diff --git a/assets/content_images/hacking-apis.jpg b/assets/content_images/hacking-apis.jpg
new file mode 100644
index 0000000..0f1b7c6
--- /dev/null
+++ b/assets/content_images/hacking-apis.jpg
diff --git a/content-org/blog.org b/content-org/blog.org
index 8508d6c..fc49950 100644
--- a/content-org/blog.org
+++ b/content-org/blog.org
@@ -7,59 +7,54 @@
 #+HUGO_WEIGHT: auto
 #+HUGO_SECTION: blog
 
-* 2024  [3/3]                                                         :@blog:
+* 2024  [4/4]                                                         :@blog:
 :PROPERTIES:
 :EXPORT_HUGO_SECTION: blog/2024
 :END:
-** DONE Links for week #01
-CLOSED: [2024-01-03 Wed 18:12]
+** DONE Technical book review: Hacking APIs
+CLOSED: [2024-01-19 Fri 20:01]
 :PROPERTIES:
-:EXPORT_FILE_NAME: links-01
-:EXPORT_HUGO_CUSTOM_FRONT_MATTER: abstract Cool links from week 01 of 2024
+:EXPORT_FILE_NAME: hacking-apis
+:EXPORT_HUGO_CUSTOM_FRONT_MATTER: abstract Short impression of 2600 magazine
+:EXPORT_HUGO_PAIRED_SHORTCODES: img-r
 :END:
 
-It's the New Year, so here are some cool links I've stumbled upon recently:
-- **[[https://www.anildash.com/2024/01/03/human-web-renaissance/][The Web Renaissance Takes Off]]** -
-  Maybe the web is not lost?
-  A very short opinion piece.
-- **[[https://www.jwz.org/blog/2023/12/remember-when-mozilla-made-a-web-browser/][Remember when Mozilla made a web browser?]]** -
-  I use Firefox, I promote Firefox, and I am very sad to have to agree with author
-- **[[https://garymarcus.substack.com/p/things-are-about-to-get-a-lot-worse][Things are about to get a lot worse for Generative AI]]** -
-  Guess who got caught training on and recreating copyrighted content?
-  Spoiler: it's AI
-- **[[https://blogsystem5.substack.com/p/the-ides-we-had-30-years-ago-and][The IDEs we had 30 years ago... and we lost]]** -
-  A cool, short article on IDEs of the past and how little have they progressed
-- **[[https://aftermath.site/true-lies-4k-uhd-blu-ray-james-cameron-peter-jackson-park-road-post][They Want You To Forget What A Film Looks Like]]** -
-  jump from VHS to DVD was huge; from DVD to HD big; from HD to 4k was incremental at best.
-  In this article we explore a few recent upscales and how bad they are.
-  Spoiler: it's AI
+#+attr_shortcode: "hacking-apis.jpg" 
+#+begin_img-r
+Cover
+#+end_img-r
+I am a software developer with a new-found interest in security.
+Childhood spent watching hacking-related entertainment didn't go to waste.
+When I saw the /hacking/ humble bundle, I knew I needed it.
+My first read[fn:smnet] from that bundle was not a love at first sight I expected it to be.
+Luckily, /Hacking APIs/ is a completely different beast.
 
-But, most importantly, The Weaver published _TWO_ new articles on computer history:
-- [[http://wovenmemories.net/2023/12/30/First.Operating.System_Part.2.html][First Operating System -- Part Two]]
-- [[http://wovenmemories.net/2024/01/02/Subroutines.html][Subroutines]]
+The title says it all: it's about hacking web APIs.
+The target audience seems to be aspiring pentesters.
+I may even say that no prior experience is expected, as the author explains /a lot/.
+You will learn how those APIs work, what to look when testing them and how to exploit them.
 
-** DONE The Email Project
-CLOSED: [2024-01-03 Wed 18:26]
-:PROPERTIES:
-:EXPORT_FILE_NAME: email-project
-:EXPORT_HUGO_CUSTOM_FRONT_MATTER: abstract This year I want to rely on Email even more!
-:END:
-I have no resolutions for 2024, as the last ones were dropped long before December.
-There is however one thing I wanted to do for a long time: to rely on Email more.
+The book gives a really nice overview of most common vulnerabilities types, giving me new ways to be smug.
+It is always welcomed.
 
-So my project for 2024 is as simple as sending email.
-I will not use any other means (sigh, social media) to reach people I want to contact.
-Instead, I will use plain, old email.
+Still, I will not benefit from a huge part of this book as it reads like a commercial for Burp Suite.
+Yes, it is a standard and learning what one can do with it is great.
+But I am not a pentester, so I will not need all that practical knowledge.
+It's a great exercise for me, nothing more.
 
-Last year one person (won't name publicly due to respect and privacy) emailed me, and we've been exchanging messages since then.
-It was the surprise of the year and I met a person I would never have a chance otherwise.
-I would like it to happen more, as this is a great growth experience.
+It will also come in handy if I decide to switch trades.
 
-I'm not leaving [[https://emacs.ch/@mms][Mastodon]], but I will not approach people using it.
-Furthermore, I'd love to leave Discord and Messenger, but folks there are pretty stubborn :)
+Highly recommended book!
+
+*** Meta
+- Read as PDF on Onyx Boox Note Air 2.
+- Issues bought from Humble Bundle
+- Next up: back to "Absolute FreeBSD".
+[fn:smnet] [[/blog/2023/cybersecurity-for-small-networks/][Cybersecurity for Small Networks]]
 
 ** DONE 2600
 CLOSED: [2024-01-12 Thu 21:23]
+
 :PROPERTIES:
 :EXPORT_FILE_NAME: 2600-magazine
 :EXPORT_HUGO_CUSTOM_FRONT_MATTER: abstract Short impression of 2600 magazine
@@ -146,7 +141,7 @@ Cover of issue 40-4
 - Book Review: Pegasus
 - Book Review: Fancy Bear Goes Phishing
 
-***  Contents of Autumn 2023 issue (40-3)
+*** Contents of Autumn 2023 issue (40-3)
 #+attr_shortcode: "2600-40-3.webp" 
 #+begin_img-r
 Cover of issue 40-3
@@ -186,3 +181,50 @@ Cover of issue 40-3
 [fn:site] [[https://2600.com][Official website of 2600]]
 [fn:kevin] [[https://www.mitnicksecurity.com/blog/how-the-free-kevin-movement-changed-the-cyber-security-industry][How the Free Kevin Movement Changed the Cyber Security Industry]]
 [fn:1984] that's one year older than me!
+
+** DONE The Email Project
+CLOSED: [2024-01-03 Wed 18:26]
+:PROPERTIES:
+:EXPORT_FILE_NAME: email-project
+:EXPORT_HUGO_CUSTOM_FRONT_MATTER: abstract This year I want to rely on Email even more!
+:END:
+I have no resolutions for 2024, as the last ones were dropped long before December.
+There is however one thing I wanted to do for a long time: to rely on Email more.
+
+So my project for 2024 is as simple as sending email.
+I will not use any other means (sigh, social media) to reach people I want to contact.
+Instead, I will use plain, old email.http://localhost:1313/blog/2023/cybersecurity-for-small-networks/
+
+Last year one person (won't name publicly due to respect and privacy) emailed me, and we've been exchanging messages since then.
+It was the surprise of the year and I met a person I would never have a chance otherwise.
+I would like it to happen more, as this is a great growth experience.
+
+I'm not leaving [[https://emacs.ch/@mms][Mastodon]], but I will not approach people using it.
+Furthermore, I'd love to leave Discord and Messenger, but folks there are pretty stubborn :)
+
+** DONE Links for week #01
+CLOSED: [2024-01-03 Wed 18:12]
+:PROPERTIES:
+:EXPORT_FILE_NAME: links-01
+:EXPORT_HUGO_CUSTOM_FRONT_MATTER: abstract Cool links from week 01 of 2024
+:END:
+
+It's the New Year, so here are some cool links I've stumbled upon recently:
+- **[[https://www.anildash.com/2024/01/03/human-web-renaissance/][The Web Renaissance Takes Off]]** -
+  Maybe the web is not lost?
+  A very short opinion piece.
+- **[[https://www.jwz.org/blog/2023/12/remember-when-mozilla-made-a-web-browser/][Remember when Mozilla made a web browser?]]** -
+  I use Firefox, I promote Firefox, and I am very sad to have to agree with author
+- **[[https://garymarcus.substack.com/p/things-are-about-to-get-a-lot-worse][Things are about to get a lot worse for Generative AI]]** -
+  Guess who got caught training on and recreating copyrighted content?
+  Spoiler: it's AI
+- **[[https://blogsystem5.substack.com/p/the-ides-we-had-30-years-ago-and][The IDEs we had 30 years ago... and we lost]]** -
+  A cool, short article on IDEs of the past and how little have they progressed
+- **[[https://aftermath.site/true-lies-4k-uhd-blu-ray-james-cameron-peter-jackson-park-road-post][They Want You To Forget What A Film Looks Like]]** -
+  jump from VHS to DVD was huge; from DVD to HD big; from HD to 4k was incremental at best.
+  In this article we explore a few recent upscales and how bad they are.
+  Spoiler: it's AI
+
+But, most importantly, The Weaver published _TWO_ new articles on computer history:
+- [[http://wovenmemories.net/2023/12/30/First.Operating.System_Part.2.html][First Operating System -- Part Two]]
+- [[http://wovenmemories.net/2024/01/02/Subroutines.html][Subroutines]]
diff --git a/content/blog/2024/email-project.md b/content/blog/2024/email-project.md
index 9548bed..89ec22d 100644
--- a/content/blog/2024/email-project.md
+++ b/content/blog/2024/email-project.md
@@ -4,7 +4,7 @@ author = ["Michał Sapka"]
 date = 2024-01-03T18:26:00+01:00
 categories = ["blog"]
 draft = false
-weight = 2002
+weight = 2003
 abstract = "This year I want to rely on Email even more!"
 +++
 
diff --git a/content/blog/2024/hacking-apis.md b/content/blog/2024/hacking-apis.md
new file mode 100644
index 0000000..945c893
--- /dev/null
+++ b/content/blog/2024/hacking-apis.md
@@ -0,0 +1,45 @@
++++
+title = "Technical book review: Hacking APIs"
+author = ["Michał Sapka"]
+date = 2024-01-19T20:01:00+01:00
+categories = ["blog"]
+draft = false
+weight = 2001
+abstract = "Short impression of 2600 magazine"
++++
+
+{{< img-r "hacking-apis.jpg" >}}
+Cover
+{{< /img-r >}}
+
+I am a software developer with a new-found interest in security.
+Childhood spent watching hacking-related entertainment didn't go to waste.
+When I saw the _hacking_ humble bundle, I knew I needed it.
+My first read[^fn:1] from that bundle was not a love at first sight I expected it to be.
+Luckily, _Hacking APIs_ is a completely different beast.
+
+The title says it all: it's about hacking web APIs.
+The target audience seems to be aspiring pentesters.
+I may even say that no prior experience is expected, as the author explains _a lot_.
+You will learn how those APIs work, what to look when testing them and how to exploit them.
+
+The book gives a really nice overview of most common vulnerabilities types, giving me new ways to be smug.
+It is always welcomed.
+
+Still, I will not benefit from a huge part of this book as it reads like a commercial for Burp Suite.
+Yes, it is a standard and learning what one can do with it is great.
+But I am not a pentester, so I will not need all that practical knowledge.
+It's a great exercise for me, nothing more.
+
+It will also come in handy if I decide to switch trades.
+
+Highly recommended book!
+
+
+## Meta {#meta}
+
+-   Read as PDF on Onyx Boox Note Air 2.
+-   Issues bought from Humble Bundle
+-   Next up: back to "Absolute FreeBSD".
+
+[^fn:1]: [Cybersecurity for Small Networks](/blog/2023/cybersecurity-for-small-networks/)
\ No newline at end of file
diff --git a/content/blog/2024/links-01.md b/content/blog/2024/links-01.md
index 0e6b5ea..3a9847b 100644
--- a/content/blog/2024/links-01.md
+++ b/content/blog/2024/links-01.md
@@ -4,7 +4,7 @@ author = ["Michał Sapka"]
 date = 2024-01-03T18:12:00+01:00
 categories = ["blog"]
 draft = false
-weight = 2001
+weight = 2004
 abstract = "Cool links from week 01 of 2024"
 +++
 
diff --git a/resources/_gen/images/hacking-apis_hufa094deb5650eb9a5245c4892b859c32_158166_150x0_resize_q75_h2_box.webp b/resources/_gen/images/hacking-apis_hufa094deb5650eb9a5245c4892b859c32_158166_150x0_resize_q75_h2_box.webp
new file mode 100644
index 0000000..fb4b697
--- /dev/null
+++ b/resources/_gen/images/hacking-apis_hufa094deb5650eb9a5245c4892b859c32_158166_150x0_resize_q75_h2_box.webp
diff --git a/resources/_gen/images/hacking-apis_hufa094deb5650eb9a5245c4892b859c32_158166_300x0_resize_q75_h2_box.webp b/resources/_gen/images/hacking-apis_hufa094deb5650eb9a5245c4892b859c32_158166_300x0_resize_q75_h2_box.webp
new file mode 100644
index 0000000..a0dae01
--- /dev/null
+++ b/resources/_gen/images/hacking-apis_hufa094deb5650eb9a5245c4892b859c32_158166_300x0_resize_q75_h2_box.webp