Over the last few years, more penetration testing and ethical hacking courses have been popping up across various platforms. Sourcing from both popular and relatively unknown authors. As a budding hacker, how do you choose where to spend your precious time and monetary resources?
This article will discuss a handful of available options and leave you with two that I can highly recommend for your first hacking course.
My audience for this post is particular and aligns with my pen test training path. You should be looking for a training program if you:
These recommendations are a bridge between the first infosec certification and the OSCP
Certification Review: CompTIA CASP+
This certification was a reasonably lengthy study process, about two months in total. By test time, I still didn’t feel prepared for the exam. This blog will let you in on what I used to study, what I thought about the exam, and whether the certification is worth the effort.
Travel Review: Carolina Pines
This past weekend my family and I stayed at the new RV Campground Carolina Pines and had an amazing time. This was the first time in years that I have stayed in an RV campground and the first time ever for us to vacation together. Hopefully, this will be the first of many more to come.
Besides commenting on our experiences, I will also do my best to rate different aspects of the RV park. I'll be looking at the living quarters, entertainment, cost, staff, and location. These areas of interest are important to me when choosing vacation spots. They are also universally applicable, AKA reusable when rating future experiences.
Please know that this review is not a paid advertisement for any of the establishments listed. It is solely based on the experiences of my family and me.
Penetration Testing is one of the most sought-after careers for new cyber security college graduates. I don’t know how many times I have had an intern or mentee who has said that their goal was to be a pen tester. By no means is it an easy road. It takes passion and dedication to put in the hours to gain the required knowledge to just pass an interview. I think just as often, when I discuss the journey, people decide to take a different path.
This blog will discuss my recommendations to go from an infosec college student with no industry experience to a junior pentester. In another blog, we will dive into the career itself and the day to day life.
By no means is this the only method of achieving your dream. But this is my recommended approach based on my experiences completing the journey and mentoring others in the ethical hacker track.
Finding your first job can be a difficult task. Scratch that. Finding any job can be a terrible experience. Full of emails saying no thank you. Never hearing back from a job you thought was perfect. Or just getting destroyed in an interview. I think we have all been there.
Although there is no preventing letdown during the job hunting process in information security, a few things can make the process more productive. This blog is dedicated to the best tips for job hunting provided by a dear friend of mine who happens to be a recruiter, Mr. Derek Iannelli at Samurai Hire, and my experiences.
You may find advice on the internet that is contradictory. Still, in my opinion, these tips are not only more likely to get you hired but help you find a place that you can excel.
Life Updates: August 9, 2021
Hey Everyone, I figured it has been a couple of weeks since my last update. So, why not put another out there. A few of my goals are seeing improvement and I have been knocked on my butt with illness. I will talk about it all in this Life Update.
SMB Series - Null Sessions
Server Message Block (SMB) is a service often overlooked by new penetration testers. An unfortunate result given the valuable information and opportunity for a quick initial foothold on a network. Do yourself a favor and don’t make this mistake as a budding hacker.
This blog will act as the first part in the SMB series to cover avenues for enumeration and paths to getting initial access, both applicable to the world of CTF boxes and to real-life penetration testing. Null sessions are one piece that pops up in CTF's consistently and in the real-world every so often. Regardless, many of the techniques demonstrated here can be used alone or with a limited account.
Enjoy the blog and let me know your favorite technique to pair with a Null Session.