I picked up another book, recommended by Tim Ferriss called The Obstacle Is The Way and I can’t put it down. I’ll most likely finish it up here by this weekend. it’s by Ryan Holiday, the same guy who wrote The Daily Stoic which is a good book if you are interested in what the stoics might have to say about life, bitten into little daily pieces. All this good information about people who had adversity and how they overcame, persisted, and here I am, still working on my OSCP. Look, I get it. Life. I have two kids, and it’s hard. But I am not persisting. TBH, I am reading a lot of these and falling short of a bit of action. Much of it is because I haven’t changed my angle. So I am going to do that again – this time with eCPPTv2 studying. I have been working on the System Security portion of the INE material, and I am not going to lie, it suxs. It’s very technical and not fun when all I want to do is start popping shells. So let’s move to Network Security. I got the idea from a dude on the Internet’s blog about it, and I need to do something. Also, gotta stop eating so much. I am trying Noom to count calories. June started, so let’s start studying again and get back to weight control. Like Gary John Bishop said “You are wired to win”. You will win at everything you decide to do. So let’s do it.
Hell World –
Daylight savings begins today, which means it’s spring and the weather is getting much warmer. I took a bike ride with my son yesterday, and fell back in love with living in the city. I think a lot of people are – well, actually everyone, is pretty tired of being cooped up due to COVID. It was nice to see people out and about outside, but a bit cautious because we aren’t all vaccinated yet.
I joined an ISACA book club, and read “Hackable” by Ted Harrington.
It was a pretty easy read, but did highlight issues with application security – specifically black-box testing and app scanning. Basically, just scanning for vulnerabilities is not enough. You have to do application security testing. Also, never do a black-box test. You won’t get enough information, so white-box testing is the way to go. Overall, a good read, and I recommend it if you are looking for something light to read.
On another note, I am picking back up PTSv4. I don’t know why I haven’t gone for my eJPT yet. I think if I can get some more solid studying in – basically finish the black boxes, I will give it a go. Pen testing has been such a journey for me, but having the time to do it has been hard when the kids are up and about. I’ll get there!
Well, the Matebook X Pro didn’t fair well to a dual boot with Kali and Windows. I think it had something to do with the weird 3000×2000 resolution and the fact that grub couldn’t understand that to boot into an installer for Kali. I tried working on different grub commands, but eh, I did so much that I couldn’t get the machine to boot back into the original install.
So I took it back to the store and decided VM only – no dual booting. I mean, OSCP is set up to work within a VM, all my practice books are with VMs. So VM it is – and I need a good supported VM app, so Windows with VMWare Workstation was the way to go. I also wanted a laptop that will last, so I put up the extra cash for the new Surface Laptop 2. I am happy so far. I do wish it has a USB-C as the MXP did, but it wasn’t a deal breaker. Back to studying!
You know when you have so much information, you don’t know where to start, so you just don’t? That is where I am at the current moment. It’s good, but it’s been 2 weeks, and I really haven’t made progress on Georgia’s book. Today, I will work on it. That is until I get the OSCP material!
I have been doing a few things other than studying – but it’s been good. I have been:
- attending the first CSA-DC chapter meeting. I met Anil, the host and founder of the chapter at a Federal Cloud Summit in DC. I really enjoyed it and will go back for their next meetup in January. But I met Martin there! He’s a pentester AND he is from Argentina. That’s awesome – we met up later again to talk about how to get into pentesting and Argentina, which my family and I are vacationing to in February of next year.
- Attended the 2018 Cyber Maryland conference. I really had a good time. Some jerk talked my ear off about how idiotic I am for being a federal employee and how he’s racist inherently because he’s white. Just some random stranger. We live in some odd times, folks. But after that, it was awesome! There were three presentations that stood out to me:
- One on Snowden and Quantum Computing. It solidified my thoughts on Snowden – he’s a traitor and really F*&#$ up our national security. 99% of what he leaked isn’t even about privacy. It was national secrets, folks. You’re welcome, Russia. I also really enjoyed the discussion on Quantum Computing.
- Synthetic Identities on the Dark Web. I never knew how susceptible kids are to identity fraud so easily. Freeze your Kids credit, folks.
- Election Security. We need to go to paper ballots. But we are idiots and apparently, West Virginia is going to use blockchain to have votes counted. Mobile Voting in the 2018 elections. It’s a horrible idea.
I met Amber there! Totally awesome person – she told me about some things that she is working on and I really hope to stay in touch.
- Decided through Martin and my wife that I am going to just start studying for the OSCP. I have been waffling around books and thinking about getting my Pentest+ (which is so new, no one knows if it’s good), or retake the CEH… Inna stated that if she is going to give me the time to study, just go for the one that matters – and Martin, he thinks the same thing. The test with 3 months of the lab is $1,150.00. That, in hindsight, is nothing, and if I fail, it’s only 60 bucks for a retake. So, I am going to make a case to my boss about taking it, and if that doesn’t work, I’ll just pay for it out of pocket. Work is slowing down for the holidays – I am going for it. I am going to #tryharder 🙂
tldr; I did some stuff, made some friends, F&$%# it, I am going straight for my OSCP.
Well, cybrary is down again this week. This isn’t the first time that this happened to me. There has been another outage to my premium content for a week. They fixed it and gave me 7 days to tack on, but it’s a bit nutty how buggy cybrary can be. Also, I took a beginner network certification test, and the answers/questions weren’t all right. I told Cybrary, and they said that all the tests are going an audit. Hm.
I am going to wait out the time that cybrary is down and go back to Georgia’s book. Chapter 5 is about information gathering and talking to a Pen Tester last week, it’s still a solid book.
The root of the problem is the lack of time that I am spending on this. I need to start ratcheting up my time on this. I am contemplating taking CompTIA’s PenTest+ certification as a starter to OSCP. There is the AIO book to add to my repertoire that is coming out on Oct 22 on PenTest+. I think I am going to get it. Till then, I am focusing on just moving around and adding some tech notes here.
I sometimes tease my wife for starting things, and then never really finishing through on them. Like starting a project, and then it falls by the wayside. It’s very hypocritical of me, as I myself start so many things, with a passion that later dwindles. Not this time.
Case in point. This isn’t my first blog. I have little blogs stored in the crevices of the Internet that I am not sure where they all are. I have been a Web Design Studio (fully equipped as an LLC), I have done DJing, I have been a radio broadcaster, and a podcaster all under the iMova “umbrella” of my online identity. This part of the Internet, imova.com, has been patiently “under construction” for what feels like an eternity.
When I started as a “photographer” by creating a flickr account, it was in Bettles, Alaska at 2 am on my birthday when the sun was still in a haze above the arctic circle. How fitting would it is then to start my “cybersecurity blog” on my birthday. 2 am today.
See, I want to be a Penetration Tester. I want to be a good, confident (that’s half the battle), technical penetration tester. So I have been picking up books and committing to someday, get a real technical certification under my belt, my Offensive Security Certified Penetration Tester (OSCP) certification. I just picked up The Hacker Playbook 3, as working through Georgia’s Penetration Testing book has been good, I got stuck sometimes as the tech is getting old in that book.
Reading the introduction to The Hacker Playbook, Peter Kim harps on the criticality to have your own site, that your own public blog speaks volumes. I always knew this. Following up, I am inspired by the richest man on the planet, Jeff Bezos, who said that if he never tried this Internet thing, he would never know he could ever do it.
So here it is, my attempt to try to work into Penetration Testing. I think this is what iMova.com should be used for. I might chat about other things too, but I aim to tag my postings to filter relevancy.