THE CU
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
  • Land A Job
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Finance Resources
    • CTFs and Cons
    • Training
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers

 

November 2021 Update

12/7/2021

0 Comments

 
Today's blog is all about last month. Join me as I tell you about what has been happening on the blog and in my life.

Blog Series Conclusion

So yeah, November was a blast. I finished the “Getting Into InfoSec series” with blogs that covered what I think are the most important parts of landing the first cyber security role. Resumes, interviews, job listings, and online course options were just a few things covered.

I wanted to start my big content push with something that newcomers in the cyber security industry struggle with. Hopefully, the series helped a few of you get a new gig! If you can land your first job, things in the job market get easier.
​
If you have any other requests, please let me know in a comment below. I want to make sure everyone gets what they need to be successful.

​Back On YouTube

After a long hiatus, I got my first video on YouTube last month. In it, I spoke on tips for during an interview. Hopefully, the video gave you some ideas and shined a light on what is going through the interviewer's mind. It is essential to look at the hiring process through the eyes of those interviewing you. If you can figure out what they are worried about and do an excellent job of alleviating their fears, you get hired.

Hint, their fear is that you will be hard to train and a time sink. Show them you have already put the leg work in, and you are willing to put in even more effort to master the skills required to be successful.
​
Look for the next one on December 13. I’m not sure what I will cover, but the topic will be SOC-focused.

Finished ​Reading The Art of Computer Virus Research and Defense

I finished reading this awesomely timeless book on malware. If you are interested in becoming a malware analyst, make sure to add this to your bookshelf. The content is a little dry like most technical books but highly worth your time.

I recommend reading 10 to 20 pages a day to keep from falling asleep. You should get through the book at that pace in under a month.

If you are looking to get into malware analysis, I definitely recommend getting a separate system set up for examination. VM’s are the easiest and cheapest way to accomplish this, but an isolated, separate device is even better.
​
For samples, check out vx-underground.org. As always, be safe when handling explosives.

​December’s Theme

This month we are in the SOC. It is the place that many of you will start, but you might not have the clearest mental models for the role. In December’s blogs, you will better understand the role, why I always recommend starting in the SOC, and how to become a better practitioner after you land your first gig.

My goal is to put together a couple of free game plans for SOC Analysts. One to use as a guide to additional course work while looking for your first job and the other to help you grow after you land the gig.
​
Keep an eye out for these. I’m not sure what form the courses will take yet.

​My Current Research

Currently, I am working on reverse engineering and web application security. My goal was to gain enough skills to answer more CTF RE questions. So, last month, I spent some time learning to patch programs and work my way through some of the HTB RE challenges. Check them out yourself if you are curious about the RE skillset. They are pretty close to what you will see in CTF’s and best of all, there are walkthroughs to help you learn.

One bit of advice is that I would look at multiple walkthroughs. Everyone has their favorite tools and methods. Learn various ways until you find what works for you.

For instance, some people use IDA and GDB. I find myself preferring Ghidra for analysis and Radare2 for debugging/patching.

On the topic of web security, I am using Port Swigger’s Academy, various bug bounty folks, and Team Tree House’s coding courses. It has been a while since I have done anything heavy in web and my skills have atrophied. I figured I would start from the ground up before diving into looking for bounties myself.
​
If you haven’t been to Port Swigger’s Academy, check it out. The training is free, the labs are good, and the explanations are fantastic. Definitely a great place to start your web app journey.

​Appalachian Trail

If you haven’t heard yet, I will be taking a sabbatical to hike the Appalachian Trail in 2022. It will be one of the craziest adventures I have been on. Four months of walking from Springer Mountain, Georgia, to Mount Katahdin, Maine is no small feat. It takes a ton of preparation.

One of the things I am working on is how to stay in touch with everyone. More than likely, Instagram will be the primary communication method. I’ll be able to share pictures of the journey and fun messages while we hike. Which will be fun for family and friends alike. I figure, who doesn’t want to see awesome pictures of nature.

One can’t just go and hike. You have to buy gear. Since last year, I have been purchasing items, and I am just about done.

During Black Friday, I was able to nab a personal locator beacon at a nice discount. These devices can be used to send an SOS to responders and send your family regular location updates. With that, all my major purchases are out of the way, and my loved ones will be able to sleep peacefully.
​
What a relief that my purchases are almost complete. Thru-hiking can be pretty expensive. I am aiming to finish in four months. For speed, I went with lighter gear that tends to be costly. But it will be worth it once I summit Mount Katahdin. 

​Conclusion

​Thanks for catching up with my happenings, and I will see you around TheCyberUnion.com.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Silverbits
    - Infosec Enthusiast
    - Traveler
    - Future AT Thru-Hiker
    - CTFer
    - Red and Blue Teamer

      signup!

    Subscribe to Newsletter

    Categories

    All
    Book Review
    Certifications
    Coding
    Conferences
    Course Review
    Cracking
    Defense
    Finance
    Fire
    Forensics
    Hacking
    Hashes
    Incident Response
    Job Hunting
    Malware
    Mindset
    OSCP
    Pen Testing
    Tools
    Travel
    Updates
    Web Hacking

    Archives

    January 2023
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    May 2018
    April 2018

    RSS Feed

Home      Blogs    Disclaimers    Copyright Notice   Cookie Policy ​
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
  • Land A Job
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Finance Resources
    • CTFs and Cons
    • Training
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers