Tons of stuff going on in the last couple of months. Here is my monthly(ish) update.
As planned, I was able to knock out this certification. It took a little longer than I expected, but I was able to do it. If you haven't read the blog, check out my review of the CompTIA CASP+. TLDR, I recommend skipping it and doing something else. It’s just not worth the effort and money when there are many others even more beneficial. I do have another certification lined up, though. This time I am going technical again with the eLearnSecurity Certified Malware Analysis Professional exam. In a bit, I will explain why.
OSCP Blog Released
I had fun researching the OSCP blog the past couple of weeks. It was a surprisingly tricky blog to write, and I don’t know how many times I rewrote the thing. It started out with too much emphasis on promoting the OSCP and enough on the entire offensive certification landscape. But that wasn’t the type of article I wanted. My goal was to be as scientific as possible and show evidence of which certification was better. I ended up focusing my comparisons on job listings, the type of exam, and the training process.
There are so many certification programs that many entry-level people are confused about which they should pursue. The best thing more experience people can do is help newer folks sift through the pile and sort out the garbage. That is what I wanted the blog to be.
As a quick aside, what I have learned over my almost six years is that reputation of certification providers is everything. Regardless of what you learn from studying, your first certification needs to catch the attention of human resources. But after that first certification, knowledge matters more than reputation. This is especially true for technical roles like pen testing, forensics, malware analysis, and engineering. You have to have more than book knowledge, and you need to be able to perform. The certs are just a box checker in more senior positions, and how you interview seals the deal.
Anyways enough of a rant. TLDR OSCP is still the king, and you should be striving to get that certification on your road to becoming a pen tester. If you are interested in reading more, check out the blog “IS THE OSCP STILL KING OF THE ENTRY-LEVEL PEN TEST CERTIFICATIONS?”
Next Endeavor, Malware Research
So this is my big research project currently. Learning how to craft malware that will subvert both AV and EDR tools. I know, quite the jump from the CASP+. Studying boring management stuff gives me a craving for more technical things.
The reason for this new pursuit is that I have always used someone else’s code to obfuscate or bypass AV in the past. Unfortunately, that is becoming more difficult. I guess the software is just getting better at finding bad.
For those of you, who may not know, malware/payloads/implants are handy. Most exploits require you to have a malicious binary, and any C2 connection needs one. If you use anything that is already out there, like Metasploit, there is already an AV signature for it. This is true even for default bypass methods, such as common AMSI bypasses. If the code is on Github, an anti-virus engine will catch it.
I look at this topic as my next evolution in penetration testing.
So if you have read any of my other update blogs, you know I always have a plan of attack.
My plan is to read The Art of Computer Virus Research and Defense, go through INE’s Malware Analysis course, and complete Codecademy’s C++ course. I know nothing directly related to malware development. But these are all key pieces to the malware development skillset. Unfortunately, there really aren’t any well-known courses devoted to teaching this skill except at maybe at Black Hat in August. Therefore, I made my own approach.
If any of my readers know of solid payload/implant/malware development courses, please let me know in a comment below.
After I am done with the book and the coding course, I will focus on writing malware while finishing up the malware analysis course (Yes, I will take the exam and write a review).
The eLearnSecurity course should give me ideas on techniques and help me better analyze the binaries before deploying them. Thus increasing the likelihood that the payload will run successfully undetected.
So far, the book is incredible. I wish I knew who recommended it so I could give the person a shoutout.
The content is a little dated but acts as an encyclopedia of malware. It’s really cool seeing the evolution of malware over time, and it goes back into the ’70s. Some of the techniques in the book are much older than I realized. Such as mixing the malware code into an executable’s dead space and using jmps to execute the code.
I like seeing what other people have done before me to give me ideas. I don’t feel the need to reinvent the wheel, but maybe I can improve it.
If you have been wondering why blogs have slowed down, well blame my vacation. I took a trip out to southern Utah to visit the amazing national parks with my family. Highly recommend getting out to the national parks and away from the keyboard some time. There is just something about losing signal as soon as you enter the park gates and being disconnected all day while you hike. Such a breath of fresh air. Anyways, now that I have caught up on my post-vacation work, I should have a blog on that experience in the next week or so.
That is pretty much all the major updates this for this month. October you will find me on Twitter talking about my new research and you should see a few blogs as well. Stay tuned.