Full Report
There are a number of key questions which are always asked by people wanting to get into security research, find out more about how others go about it or just generally improve their processes. In this post I want to highlight some of things which work for me and some guidance which may help for others. This is a rare less technical post by me as it feels like a lot of the time people see the end results of the research but the process of getting there and the challenges faced is less obvious.
Analysis Summary
# Main Topic
Guidance on methodology, topic selection, and process for individuals interested in or currently conducting security research, emphasizing the less technical aspects often unseen by the public.
## Key Points
- The post aims to answer common questions regarding how to start, what topics to research, and effective approaches for security research.
- It emphasizes that security research varies widely, spanning from bug hunting to academic publications.
- **Topic Selection Criterion 1 (Enjoyment):** The most important factor is researching something the individual genuinely cares about and is personally interested in.
- **Effective Topic Inspiration Sources:**
- Technologies encountered during penetration testing lacking public documentation or tools.
- Leveraging in-depth knowledge from previous industries.
- Assisting others encountering problems in a specific area.
- Attempting to prove existing statements or assumptions wrong (adversarial mindset).
- Investigating in-the-wild tools, techniques, and procedures (TTPs) used by threat actors.
- Identifying common organizational problems from either a defensive or offensive perspective.
- Being inspired by talks or presentations.
- **Trending Topics Note:** While trends (e.g., Web3, Cloud) exist, a strong foundation in computing fundamentals (programming, networking, operating systems) makes skill transfer easier.
- **Research Documentation:** Stresses the importance of scalable research note-keeping, advocating for organized documentation using markdown and version control for iterative review.
- **Background Research:** The first concrete step is reviewing existing material (conference output, blog posts, academic papers, bug trackers, source code history) on the chosen subject.
## Threat Actors
- Investigation of in the wild tools, techniques and procedures used by **threat actors** is listed as a valid source of research inspiration, but no specific actors or campaigns are detailed in this section.
## TTPs
- Investigation of in the wild tools, techniques and procedures (TTPs) used by threat actors is highlighted as a research area.
- Specific attack methods or technical findings are deferred to Part 2 or a future concrete example.
## Affected Systems
- The discussion covers general technology areas that could be researched (e.g., Web3, Cloud, Windows Kernel, macOS) but names **no specific affected systems or victims** related to a defined threat incident.
## Mitigations
- No specific technical mitigations for a defined threat are provided, as the article focuses on research process orientation.
## Conclusion
The article serves as foundational advice for budding security researchers, stressing personal motivation, core technical skills, and diligent process documentation as critical elements for success, particularly when diving into novel security areas. Specific technical analysis and countermeasures are outlined as future content.