Katlyn Gallo

So you may be wondering one of two things:

  1. Why is she writing a blog?
  2. Why should I read this blog?

Well for starters, writing is something I’ve always loved. I remember being in elementary school and being one of the few kids that secretly enjoyed the essay sections on the CMTs (Connecticut Mastery Test). Fast forward 20 years and I’m now secretly correcting people’s grammar and shaking my head when they mess up there, their, and they’re. Or not so secretly correcting grammar when people ask me to proofread their emails or articles at work!

Second, Cybersecurity has become so important in today’s modern world. For any non-IT reader, think about all of the technology you use today. Your smartphone, maybe a tablet, Amazon Alexa, Google Home, and all your other smart devices. Even if you don’t have all these devices, I bet you have an internet presence, whether on social media, or just for online shopping, your information is out there. Unfortunately, the attackers on the dark-web are after all of that, every second of every day. The scam calls you get, the junk email, the junk mail, it’s always a result of malicious actors trying to trick you into providing personal information. …


It’s no secret that the Cybersecurity industry is booming. According to the U.S. Bureau of Labor Statistics, the growth of security jobs in the next 10 years will be 31% which is classified as “much faster than average”. To make that percentage a little clearer, that’s ~41,000 more jobs by 2029 in the U.S alone.

Throughout the world there are an estimated 2.8 million cybersecurity professionals and according to an article published in September, the industry needs about 4 million more to effectively defend organizations. That is a HUGE gap that we need to fill!

Image for post
Image for post

In order to fill that gap we need to attract individuals and help them find their way. As a security professional, it’s important to understand the threat landscape as a whole and how to defend and protect against those threats, but it’s also important to hone in on your specialty, what interests you, and what you’re most passionate about. This can be overwhelming, especially when you simply don’t know what’s out there. …


Profile refresh? Already? Yes!

As I continue to develop my brand, I’m also trying to hone in on my design style! I’m new to blogging as you may know, so I was still figuring out how to even use Medium when I created my Medium profile.

After browsing around some other pages, I realized I wanted to make my profile more bright, airy, and more “Me”. I took a step back and thought about my style in real life when it comes to my color choices. Anyone that walks into my house will realize right off the bat that I like “Cool Neutrals” and “Dusty” colors. …


This is going to be more of a diary entry, just some things I want to put out on paper (or on screen). And I may or may not publish it…so if you’re reading this then I guess I decided to!

For my Dark Roast readers, don’t worry I’ll be posting more Cybersecurity content soon!

Image for post
Image for post
Photo by Laura Chouette on Unsplash

Feeling Grateful

In the last week or so I’ve found myself feeling especially grateful for the life I’m living. I’m appreciative of the people who have given me a chance in the IT industry, and took part in getting me where I am today. …


I’ve accomplished my first few privilege escalations!

Image for post
Image for post

If you’ve been reading my other Dark Side posts, you’ll know the next room on the list was tmux, a tutorial for learning the popular command line tool, but I ran into some technical difficulties on that one…I couldn’t find the credentials to access the virtual machine in that room, so if anyone has done that room before, let me know!

Instead of getting stuck, I decided to just move on to the next room, Privesc, so let’s dive into it!

Horizontal vs. Vertical

Common Linux Privesc is a room that walks you through a few basic places to start when looking for privilege escalation opportunities. There are two main types of privilege…


When you hear the term sock puppet, the majority of people probably think of something like this:

Image for post
Image for post
njfamily.com

I personally think of sock monkeys:


Level Up!

Image for post
Image for post

Linux Challenges Room completed! If you haven’t read Part One yet, check that one out as well. It’s a precursor to this one where I wrote about the first half of the Linux Challenges.

Third Impression: I no longer hate Linux, but I still don’t love it!

After finishing the Linux Challenges room, I felt super accomplished. Although I’m only halfway through the Linux Fundamentals section, and have only completed 16% of the Beginner path, I’m really proud of myself for pushing through some of the frustrations I’ve faced since starting this learning path a few weeks ago. I’ve always felt so intimidated by Linux because it’s all command-line based, and much like other things I don’t understand, I started not to like it. …


First Impression: Intimidating!!

Linux has always intimidated me. Having grown up using Windows machines, I’m obviously very comfortable with it, so learning Windows Server OS and Active Directory was a breeze. But I can’t say the same about Linux.

Image for post
Image for post
Photo by James Harrison on Unsplash

It’s like being an Apple iOS user since it first came out and then switching to Android. Everything feels so foreign and you find yourself getting frustrated that you don’t know how to use the technology.

Starting my career on a Windows Engineering team was a good way to ease into the IT world, and it was comforting to know how similar the Windows Server operating systems were the computer OS’s I grew up using. …


Image for post
Image for post
Photo by Cookie the Pom on Unsplash

It’s no secret that there’s a skills gap in the IT industry as a whole; from infrastructure to development to security. One of the reasons I’ve been sharing my experiences and knowledge through this blog is to do my part in narrowing that gap. I believe that the more and more we network, share information, and collaborate, that gap will begin to close, but it starts with every single one of us. We must work together to build a community that supports one another.

I decided to write this post for one reason, which is shown below. Last week I posted a question in a Cybersecurity group on Facebook, and here is one of the responses I…


Geeking out over “Google Dorking”.

Image for post
Image for post
TryHackMe.com

In this part I’ll be going over what I’ve learned about Google Hacking (also called Dorking). Google is driven by data analytics so it’d be silly for them not to build in operators that can help us techies optimize our searches.

Researching is one of the primary OSINT techniques, regardless of whether it’s done on Google or another search engine, or within a specific site. Being able to hone in on specifics and ignore the rest of the noise is important to gathering information on whatever target you’re researching.

In order to learn how to leverage Google Dorking for our OSINT scavenges, we first need to understand how search engines work. Here are some of the…

About

Katlyn Gallo

Coffee lover, bookworm, and InfoSec enthusiast! Follow my publication, Dark Roast Security, for Cybersecurity content and technical writing.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store