One of the early internet hygiene tips I was told when I created my first email account was to avoid “clicking on random links” in emails that I was not expecting. For a long time, I thought this warning was made to avoid visiting sketchy websites, maybe the kind that would immediately initiate a download without my consent. However, a good part of the logic behind this advice stems from XSS concerns.

When I first began my cybersecurity training, I often fell into the trap of using pre-build tools when attempting to crack into practice boxes. I would often ultimately fall short because I didn’t understand how these tools worked behind the scenes. Recently, I had the great fortune of taking a semester-long offensive security course. This class not only made me aware of own my shortcomings when it came to the fundamentals of exploits, but gave me the opportunity to build my own exploits and really understand vulnerabilites at a low level.