Understanding the Digital World, and Staying Safe on Cyberspace!
Being my first cybersecurity management certificate (the CISSP), taking this differs from most of my earlier cybersecurity certifications, which focused around various skills in offensive security (penetration testing, exploit development e.t.c.) To some extent, I had to take this with a different approach — one with a stronger foundation in conceptual knowledge, and to a…
While the ChatGPT hype might not be so fervent anymore, many of us have internalised ChatGPT’s capabilities into our everyday life. I tried to provide it ten different types of tasks, and have provided some commentary on how we “might” get ChatGPT to work better for us. (In this post we play with the free…
A few weeks after I signed up for Cracking the Perimeter (CTP), CTP was retired. Some infosec friends thought I got the short end of the stick, because the course content had not changed in a long while. That is half-true; newer exploit development techniques are now in the while, and CTP only covers the…
I think the Pentester Academy site has covered the syllabus of the Certified Red Team Professional (CRTP) which is somewhat of a misnomer because today’s definition of red-teaming goes far beyond what this course covers: Active Directory penetration testing and defence techniques. Note that the attack methodology and tips given by the instructor, Nikhil Mittal,…
Students who are familiar with the PWK/OSCP understand that the field of penetration testing is broad, and at times, overwhelming because there is a lot to learn. Does the AWAE/OSWE come across as significantly less broad? Well, not exactly, because web applications are extremely diverse. Let us take the white box/black box approach to examine…
Dear Offsec, I’ve never quite felt such a magnitude of ph33r in any examination so far, but the thought of facing a L100 behemoth for 48 hours in a week’s time is frightening indeed. I was a L10 servant in infosec before the AWAE course, and now I’m barely a L30 archer. Spending countless days…
(If you have not read Part 2, please click here.) Let us now extend what we did in Parts 1 and 2 to more than one machine. After all, one machine teaches one set of skills; multiple machines can cover a range of skills. This, in effect, is building a cyber range. Before we jump…
Apologies for the delay; I have been away on a “pseudo-holiday”, or “service break” — I’ve been wanting to write something security-related this month, but found myself a little out of time. This series will be broken into three parts. Part 1: General Design Principles Part 2: Building a Machine (with an example) Part 3:…
#offsec #pentest #training #tryharder I want to try harder and earn my OSCP! What should I do? Well, this part of the review is meant for you! How Much Did the Author Know Before Taking the OSCP? Unlike most people who took the OSCP, I took it knowingly that my fundamentals were not good. After all, my background…
#offsec #pentest #training #tryharder (Note to all who have read Part I on my other page — yes, I’m in the midst of shifting my blog; this is a replication of Part I on my previous site, with very minor edits.) (WARNING: This review is very cheesy. If you can’t take it, try harder.) Many a…