My Cybersecurity Career > Cracking Code

Recently, I was at the Singapore Airshow to showcase what my firm offers in terms of cybersecurity solutions contextualised to the aviation market. Being a trade show, I was privileged to have met many different partners and stakeholders who would otherwise communicate with us typically via teleconference calls. Being the first huge trade show I…

A Fully Understandable Description (FUD) of PEN-300

*FUD also stands for “Fully UnDetectable”, which describes malware that evades the bulk of commercially used antivirus products. PEN-300 naturally continues where PEN-200 leaves off, for more advanced techniques. After all, OSCP skills alone will not beat modern mitigations; we must try harder. What Do I Really Need Before PEN-300? There has been a trend…

The CRTP Review

I think the Pentester Academy site has covered the syllabus of the Certified Red Team Professional (CRTP) which is somewhat of a misnomer because today’s definition of red-teaming goes far beyond what this course covers: Active Directory penetration testing and defence techniques. Note that the attack methodology and tips given by the instructor, Nikhil Mittal,…

The AWAE/OSWE Journey: A Review

Students who are familiar with the PWK/OSCP understand that the field of penetration testing is broad, and at times, overwhelming because there is a lot to learn. Does the AWAE/OSWE come across as significantly less broad? Well, not exactly, because web applications are extremely diverse. Let us take the white box/black box approach to examine…

Some National Day Reflections

(This isn’t a cybersecurity blog post. This is just some thoughts of a patriotic citizen on National Day.) I remembered ever writing my thoughts when the late LKY passed away in 2015 in a post as part of being a socio-political writer. Those were times when, as a student, one could flirt with many different…

The “Irrational” Human?: Part 2

“Minimum 8 characters, minimum 1 upper case, 1 lower case, 1 number and 1 special character.” Sounds familiar? Yes, this is a fairly common password policy. Users found the shortest password that could meet these requirements, “P@ssw0rd” and used it so widely that one of the biggest data breaches in Singapore documented how the use…