DEV Community: Watiri Kambo

Three simple ways to do Reverse email lookup

Watiri Kambo — Wed, 14 Dec 2022 08:46:17 +0000

What is email lookup?

Email lookup is a tool or technique that allows you to find someone's email address based on their personal data.

For instance, you could type in someone's first and last name or phone number, and the tool will deliver the person's associated email address.

Reverse email lookup refers to a service that helps people find out the identity and background of people via their email address. The application would ask you to enter the email address of that person and then show you matching results

Well wouldn't it be extremely cool if you could verify the identity of that "prince in Nigeria" asking you for money? Performing a simple reverse email lookup can offer great benefits besides scam and fraud detection.

This blog by Steven Goh highlights the merits and different kinds of data you can get from a reverse email lookup.

3 Simple Methods To Do Reverse Email Lookup

There are 3 main ways - free, paid, and an efficient, automated method using API. All 3 are available to everyone, so it's up to you to pick which one suits your use case the best.

nubela.co

I would also recommend trying out Proxycurl for a free trial Reverse Email Lookup API takes a work email address and returns you a Linkedin Profile URL. I had so much fun trying it out !

I hope you enjoy reading this great content. Feel free to share your thoughts in the comment section below.

BUILDING A DECENRALIZED MICROBLOG WITH REACH

Watiri Kambo — Sun, 29 May 2022 10:21:08 +0000

I had the amazing opportunity to yet again participate in the decentralized Umoja 2 Bounty Hackathon. As the name suggests this is a bounty hackathon that is hosted by Reach, Algorand and Africa Blockchain Alliance. Reach is a decentralized programming language that makes use of dockerised images. When writing a Dapp using Reach, you write a program that generates a smart contract and a backend as well as a frontend. The reach primitive publish allows participants to share information with all other participants which then happens automatically without other parties needing to do anything special.

The hackathon runs for a period of six weeks, whereby teams get to compete for prizes as well as beat deadlines to carry home incentives. For my project,I worked on a microblog which lets you share short messages with an online audience to improve engagement.Blockchain is fundamentally a way to provide reliability and safety by redundancy. A new way which can democratize the process of social networking.Anyone that is a believer of open and free media is definitely a benefactor of decentralized microblogging system.

The flow for my project as demonstrated here is that the frontend is hosted on Reach while Reach interacts with the Algorand network. Anyone with an algorand account can join the network and share their thoughts. The algorand address is used as the reference to the user to uniquely identify them and make transactions within the application.

Basic JavaScript and Reach knowledge is required when bulding a Dapp. Overall, Reach is a very easy to learn and use language especially when you are getting started on blockchain development.I would most definitely recommend that you try out Reach as early as NOW so as to max out on the learning opportunities available.

Lastly, I am grateful for my mentor for she always held my hand and made sure that I was jumping hoops over all the challenges that came my way. On top of this, she also made sure that I completed my project on time and she always encouraged me to deliver the best that I could offer.I surely could not have come this far without the support that I got.Reach also has an amazing community on discord that is always so quick to respond to any questions or concerns. Join the family today, I promise you will like it here.

WHAT YOU NEED TO KNOW ABOUT GALAXY COMMUNITY

Watiri Kambo — Wed, 20 Apr 2022 12:09:55 +0000

What is Galaxy Community?
I'm positive this is a question that is already running through your mind. Well, worry no further for this blogpost explains more about the galaxy community and all matters related to open source contribution. Galaxy is a global community project which is made up of researchers, trainers, students, bioinformaticians, software developers and infrastructure providers all using the Galaxy platform to perform and support data-intensive research.

Well then how does Open Source relate to Galaxy community?
Yet another question that may have crossed your mind. To put things into perspective, Open Source projects provide a framework whereby contributors are free to modify and distribute software according to each project guidelines. More often than not, the contributors are usually not usually part of the community members, meaning that they contribute outside their working hours. The contributors could also be located anywhere in the world meaning that they are operating on different time zones. The Galaxy community thrives on the different contributors that are spread all over the world.

My perception about the Galaxy Community

Participating as a contributor within the Galaxy community made me realize a couple of things about the community as a whole. The community members are really friendly and are open to helping new contributors understand how things work. This form of unity really impressed me since its not everywhere that you will meet people that are willing to help you out.

I was lucky enough to work with two mentors that were always ever available to help me out with whatever challenges that I faced during my contribution period. This honestly made me feel that i had all the support needed in achieving my goals.

I was working on a project called "Develop a culture of well-being for open source projects, the galaxy community as a use-case". I choose this project from a very long list of projects made available by Outreachy. The project described some of the challenges posed to core community members. An example of the challenge is that it often becomes difficult for the core community members to accommodate the different work styles and expectations: they are expected to be knowledgeable about all the aspects of the project and be available at any time. This challenge and others such as a lack of diversity in software development provide obstacles for a healthy environment and often contribute to an increased pressure over the community members which has an impact on their mental health.

"Some of the most comforting words in the universe are ‘me too.’ That moment when you find out that your struggle is also someone else’s struggle, that you’re not alone, and that others have been down the same road.”

These challenges are prominent within the community mainly because it is a global open source community. The community has made a point of improving the well-being of the community members and has extensively revised and researched the Galaxy code of conduct. I believe that a lot can be done to improve the mental health and well-being of the community besides extensively revising the code of conduct. A suggestion would be through active communication about emotions and feelings within the community chat channels, having proper time management by using the pomodoro technique so that the members do not get overwhelmed with the amount of work that they have to do. This would mean that they have enough time to focus on work,meditation and other life engagements.By using the eat that frog technique would also encourage the members to focus on the most important goals of the day and end up achieving more in less time.It would be important to conduct surveys and find out how the community members feel about participating in the open source contribution. This is relevant data that can help in customizing methods of improving well-being of the community members.

Diversity, equity, and inclusion (DEI) in the technology space, and notably within open source, is an opportunity we must continue to take advantage of for the benefits it provides. Because open source software, hardware, and standards are established by individuals with diverse backgrounds, nations, orientations, and identities, their participation and well-being is critical. Diverse engagement promotes better outcomes and more robust technologies, according to research after study—diverse communities are just stronger communities. To ensure that communities continue to progress, we must strengthen our collective understanding of DEI by evaluating the existing condition and determining which forms of collaborative actions contribute to improved outcomes. Galaxy community demonstrates a diverse range of contributors from all walks of life around the globe.

I believe that there is more to be done within the community and i look forward to sharing more materials about my experience within the community. Ciao :)

LEARNING A NEW PROGRAMMING LANGUAGE.

Watiri Kambo — Wed, 20 Apr 2022 10:17:05 +0000

Programming, it turns out, is hard. The fundamental rules are simple
and clear, but programs built on top of these rules tend to become complex
enough to introduce their own rules and complexity. in a way, You’re building your own
maze and you might just get lost in it.

There will be times when reading a book feels terribly frustrating. If you
are new to programming, there will be a lot of new material to digest. Much of
this material will then be combined in ways that require you to make additional
connections.
It is up to you to make the necessary effort.
When you are struggling to follow
the book, do not jump to any conclusions about your own capabilities. You are
fine—you just need to keep at it. Take a break, reread some material, and make
sure you read and understand the example programs and exercises. Learning is
hard work, but everything you learn is yours and will make subsequent learning
easier.
The art of programming is the skill of controlling complexity.

A good programming language helps the programmer by allowing them to
talk about the actions that the computer has to perform on a higher level, while taking care of the unintresting details for us.

DECENTRALIZED UMOJA 2021

Watiri Kambo — Fri, 14 Jan 2022 22:34:43 +0000

Review/testimonial of Reach, compiler and deployment.

I had such an amazing experience working on the arbitrary sized tanda club project for the Decentralized Umoja Bounty hack 2021. I used the reach language to develop this particular project.
To make you understand things better, Reach is a domain specific language that lets you build decentralized applications. There exists a documentation that lets you dive in deeper and understand all the language specifics by providing an overview, tutorial, and a guide that lets you understand the overview and a workshop which builds on the tutorial.
I dived into blockchain programming as a complete beginner with no prior experience whatsoever. I had never ever written and deployed a decentralized application. I often wondered how I was going to actually make it especially since I had imagined the learning curve would take long. To my utter dismay, it turns out that it was quite the contrary because I was using the Reach language.
What impressed me the most is that this language is actually really easy to learn. Believe it or not within the first six hours of going through the tutorial I had already started grasping the basics of the language. In addition to this, I joined the discord community and interacted with a team of amazing experts and members of the community that would help me come up with solutions to the problems that I was facing.
Reach has a super amazing compiler which handles most of the tedious tasks unlike other languages. You don’t have to spend so much of your time building smart contracts as it automatically does that for you. In Reach, a programmer only needs to specify the actions of participants---what they do individually and what they do in unison. The Reach compiler automatically derives a contract for the consensus network via a connector that enforces these rules.
You also don’t have to hustle so much when it comes to matters related to the deployment of the applications. Since it has so many inbuilt functions and systems that help you with doing this. It is important to note that reach supports three network connectors which are Algorand, Ethereum and Conflux
Once you are ready to use reach, you have to download it to your machine and prepare to use make & docker. You could also check out my other article on reach basicsto understand the language in a much more efficient manner.

REACH LANGUAGE BASICS

Watiri Kambo — Thu, 28 Oct 2021 09:15:46 +0000

Reach is a programming language that has been designed to work on POSIX systems with make, Docker and Docker Compose installed.

In my case, I am operating on Linux OS. The first thing that I had to do was make sure that I created a directory where I am going to install the necessary files. To do this, I used the command $ mkdir reach.

To run Reach in your project repository you can run the following command : $ curl https://docs.reach.sh/reach -o reach ; chmod +x reach. Run this command within the new directory that you just created. In this case (reach).

To initialize a new Reach project, you can run the command $ reach init or $ ./reach init . This creates a template which contains an index.rsh & a index.mjs file.

Once you have prepared your code and are now ready to run the program, you can go ahead and execute the command $ reach run or $./reach run.

What happens when this command is run is that your program is compiled with reach, a docker image is build. This image depends on the Reach Javascript standard library. A container that is based on that particular image is executed while connected to the network.

You can halt all dockerized Reach apps and devnets by running the command $ ./reach down.

To create templated Dockerfile and package.json files for a simple Reach app use the command $ ./reach scaffold.

To execute a simple react app ,especially for frontend, use the command $ ./reach react. This command assumes that the frontend React JS program is named index.js and the reach program is called index.rsh.

To execute a private Reach devnet, you can use the command $ ./reach devnet. The option --await-background is supported and runs in the background and awaits availability.

The command $ ./reach docker-reset kills and removes all docker containers.

You can upgrade your reach installation by executing $./reach upgrade

Additionally, you can update your docker images by executing the command $ ./reach update.

To check the version on reach that you currently have installed you can run the command $./reach version.

To see the exact version of Reach Docker images that you are using, you can run the command $./reach hashes.

VARIOUS STUDY PLANS DEPENDING ON YOUR BACKGROUND

Watiri Kambo — Sun, 13 Dec 2020 21:00:41 +0000

GROUP ONE: COMPLETELY NEW TO TECH
Learn the basics of programming
Read some basic security content such as web hacking 101
Hack your projects
Begin practicing on ctfs as you learn more about bug hunting
Keep reading and learning immerse yourself into security
Start hacking on a real target

GROUP TWO: A STUDENT IN CS/ SOFTWARE ENGINEERING
Take advantage of any formal security courses your school, university or college offers
Get involved with the local community eg Hacking club in school
Learn more about OWASP top 10
Begin practicing on ctfs as you learn more about bug hunting
Keep reading and learning immerse yourself into security
Start hacking on a real target

GROUP THREE: A DEVELOPER / PROGRAMMING EXPERIENCE
Learn more about OWASP top ten
Read some security write ups which targeted a language you are familiar with
Begin practicing on your CTF’s as you learn more about the common bugs
KEEP READING AND LEARNING IMMERSE YOURSELF INTO SECURITY
START HACKING ON A REAL TARGET

GROUP FOUR: HAVE SOME EXPERIENCE WITH SECURITY
Begin practicing on CTFs
Watch or read content on specific bugs from an attackers side
Keep reading and learning, immerse yourself into security
Start hacking on a real target

GROUP FIVE: A SECURITY SPECIALIST
Watch or read content on specific bugs from an attackers side
Start hacking on a real target

GROUP SIX: ANOTHER SPECIALIST EG DATA SCIENTIST/ENGINEER
Take a look at some beginners content but skip what you are already familiar with
Begin practicing on your CTF’s as you learn more about common bugs
Watch or listen to beginner friendly content to introduce the more technical side of hacking
Keep reading and learning, immerse yourself into security
Start hacking on a real target

NEVER STOP LEARNING.

QUICK TEN STEP GUIDE TO BUG HUNTING

Watiri Kambo — Sun, 13 Dec 2020 20:33:59 +0000

It is important to note that no course/book/video or spell will teach you how to be a bug bounty hunter. Learning is not linear, you could choose to learn about security, do some CTF’s and begin to find bugs. Don’t spend so much time trying to accumulate knowledge just start practicing you are gonna learn along the way. You really need to immerse yourself in hacking, listen to podcasts and read blogs this will help to engage your brain into technical activities. Read disclosure reports, write-ups to understand other people’s line of thinking. Following the top hackers on twitter will also help you get immersed into this hacking mentality.
Top resources
1) OWASP- This is a non-profit organization which publishes a ton of security resources. They have so many resources eg OWASP Top 10, information on bug classes.
2) CTFs- This lets you practice your skills and get a small reward for doing so. They are extremely vulnerable and can’t be trusted eg Hacker101 CTF, Damn Vulnerable Web Application and Juice shop.
3) Structured courses- they let you learn security from the start to the finish. Online courses are a great place to do this. The cyber mento, pentester lab and portswiggers web security academy are just few of them. Bug bounties are usually course independent.
4) Videos- They allow for security concepts to be delivered in more bitesized pieces. Some good creators are such as STOK, The Cyber Mentor, InsiderPHP among others. Some lecture style videos are such as CS50 and MIT Open Course Ware among others.
5) Podcasts- These let you listen to material when you are doing other things like travelling or household chores. A surprising amount of security podcasts such as The Bug Bounty podcast, Darknet Diaries, Security now and risky business are just among the few.
6) Books- These allow you to get through material at your own pace in your own time some of them are free eg- web hacking 101, OWASP Testing guide, Bug bounty cheat sheet Books.
7) Certificates can prove your expertise and prove you useful to your employer. The offensive security certified professional is considered the best one.
8) Writeups and disclosures give you an insight on how hackers think and what they found. Disclosures help you see what bugs pay out. Write ups give you an insight into the thought process. Google and the twitter are the best places to look.
9) Aggregators and newsletters- These let you find the newest stuff in a bunch of different categories. Pentester land newsletter is easily the best
10) ACTUALLY HACK SOMETHING!!-Just try anyways even if you don’t know. Just take that jump and actually go for it!!You really don’t need to know anything, you just have to start. Good hacking platforms are such as hackerone, bugcrowd, synack and Intigriti. Practical knowledge is highly recommended as compared to reading. Take that jump and just go for it.

TOOLS
It is important to know how to use your tools.
1) Burpsuite
2) Github Repos
CONFERENCES- are also a good place to learn specific techniques or just to be amazed by others. Most conferences record their sessions and put them up on youtube.
COMMUNITY ENGAGEMENT
Speaking to other bug bounty people can help you become more immersed, discuss cool resources you’ve found, bounce ideas off if you are stuck, and enthuse about new techniques and bugs. Highly recommended platforms are such as #BugBounty #bugbountytips on twitter, Hacker101 Discord and Bug Bounty Forum.
TEACHING OTHERS
Teaching others will help you solidify your knowledge of concepts, it can be through helping someone solve a CTF, making YouTube videos, writing tutorials or mentoring someone or even better yet creating a study group. This is best organized through the community on twitter, discord or slack.

Introduction to Cybersecurity Journey

Watiri Kambo — Tue, 08 Dec 2020 05:36:33 +0000

Cybersecurity is a journey that if often walked alone one may end up giving up. Fortunately, this field has so many amazing experts that are more than willing to share their skills through various social platforms. It is imperative that one understands that infosec has so many paths that one would probably chose to follow for example forensics,reverse engineering, bug bounty hunting, malware analysis,cryptography among many others. For me I chose to begin with bug bounty hunting. Over the next couple of weeks I will be posting my journey on how I found my first bug, the various tools I used and my experience along the way. I will also recommend various cybersec experts that one should follow for indispensable information. Meanwhile I would highly recommend that one remains extremely passionate and resilient about whatever path they are undertaking no matter how rough it gets. In all honesty it's not always easy as our minds make it look like but with impeccable effort all will always fall into place.

I am extremely thrilled to be sharing my experience with you, I hope one way or another I will help you become a better version of yourself and help you understand various concepts in a much easier way.