You know when you have so much information, you don’t know where to start, so you just don’t? That is where I am at the current moment. It’s good, but it’s been 2 weeks, and I really haven’t made progress on Georgia’s book. Today, I will work on it. That is until I get the OSCP material!
I have been doing a few things other than studying – but it’s been good. I have been:
attending the first CSA-DC chapter meeting. I met Anil, the host and founder of the chapter at a Federal Cloud Summit in DC. I really enjoyed it and will go back for their next meetup in January. But I met Martin there! He’s a pentester AND he is from Argentina. That’s awesome – we met up later again to talk about how to get into pentesting and Argentina, which my family and I are vacationing to in February of next year.
Attended the 2018 Cyber Maryland conference. I really had a good time. Some jerk talked my ear off about how idiotic I am for being a federal employee and how he’s racist inherently because he’s white. Just some random stranger. We live in some odd times, folks. But after that, it was awesome! There were three presentations that stood out to me:
One on Snowden and Quantum Computing. It solidified my thoughts on Snowden – he’s a traitor and really F*&#$ up our national security. 99% of what he leaked isn’t even about privacy. It was national secrets, folks. You’re welcome, Russia. I also really enjoyed the discussion on Quantum Computing.
Synthetic Identities on the Dark Web. I never knew how susceptible kids are to identity fraud so easily. Freeze your Kids credit, folks.
Election Security. We need to go to paper ballots. But we are idiots and apparently, West Virginia is going to use blockchain to have votes counted. Mobile Voting in the 2018 elections. It’s a horrible idea.
I met Amber there! Totally awesome person – she told me about some things that she is working on and I really hope to stay in touch.
Decided through Martin and my wife that I am going to just start studying for the OSCP. I have been waffling around books and thinking about getting my Pentest+ (which is so new, no one knows if it’s good), or retake the CEH… Inna stated that if she is going to give me the time to study, just go for the one that matters – and Martin, he thinks the same thing. The test with 3 months of the lab is $1,150.00. That, in hindsight, is nothing, and if I fail, it’s only 60 bucks for a retake. So, I am going to make a case to my boss about taking it, and if that doesn’t work, I’ll just pay for it out of pocket. Work is slowing down for the holidays – I am going for it. I am going to #tryharder 🙂
tldr; I did some stuff, made some friends, F&$%# it, I am going straight for my OSCP.
Well, cybrary is down again this week. This isn’t the first time that this happened to me. There has been another outage to my premium content for a week. They fixed it and gave me 7 days to tack on, but it’s a bit nutty how buggy cybrary can be. Also, I took a beginner network certification test, and the answers/questions weren’t all right. I told Cybrary, and they said that all the tests are going an audit. Hm.
I am going to wait out the time that cybrary is down and go back to Georgia’s book. Chapter 5 is about information gathering and talking to a Pen Tester last week, it’s still a solid book.
The root of the problem is the lack of time that I am spending on this. I need to start ratcheting up my time on this. I am contemplating taking CompTIA’s PenTest+ certification as a starter to OSCP. There is the AIO book to add to my repertoire that is coming out on Oct 22 on PenTest+. I think I am going to get it. Till then, I am focusing on just moving around and adding some tech notes here.
I am a couple days into Cybrary, and here are my initial reactions:
No need to set up the Labs. They are all configured for you and all you have to do is start writing commands
Mentors! I have set up times to start talking to some people who know about the field. I start my first session with a mentor today
On a path for actual certifications. The Penetration Tester Track prepares me for the:
Security+ (most likely not going to do since I have my CISSP)
E-Council CEH (I have v.7 of this one already, but I might retake it since my original go at it is a pitiful story)
CompTIA CySA+ (definitely thinking about this one, but there is a tangent PenTest+ cert – not sure why Cybrary has me going for the analyst cert in the Pen Testing Curriculum. Something to ask the mentors)
CompTIA CASP (for sure this one. I think this one is the CompTIA advanced cert. Also, I need five years of hands-on experience and I am not sure if I qualify there at the moment. Another question for the mentors)
No need to set up the Labs. They are all configured for you and all you have to do is start writing commands. This leads to not learning how to set up your own environment, troubleshooting, etc.
It’s aggravating that when I complete a Lab, it doesn’t mark it as complete as it should. I have asked about this, and they say it’s a small bug/glitch. I hope it can be fixed. It’s irritating and makes it hard to track my progress – for myself and Cybrary.
Money – it’s a little less than $100/month. BUT, if it lands me in a Pen Testing position, I am game. This is something to talk to my mentors again on… how to enter the Pen Testing field without just dropping my current career in policy until I can ramp up Pen Testing. This is a long way from now it feels like, so yeah. Oh, and SecureSet, well, they are $20K which is hefty and their career counselor has flaked out on me.
So TL;DR, the Pros outweigh the cons. But, to continue with my own pursuit of spinning up my own lab, I am going to continue with Georgia Weidman’s book on Penetration Testing. I think there are things to be learned from both approaches.
As I move through Georgia Weidman’s book, Penetration Testing: A Hands-On Introduction to Hacking, it is for one, has moved in a direction that, while good, doesn’t quite do a gradual build that I was hoping, and two, many of the apps and commands just don’t work anymore. They have either been retired or replaced.
I have been eyeing the Cybrary Pro series for quite some time. When they were offering 20% off, I thought I would take the plunge. It’s $79.00/month, and I get a mentor and a structure – the labs should be a bit more up to date as well. Of course, I am taking the penetration testing courses.
I was eyeing SecureSet for a while, but their price tag was high. Like $20K high. I think this is for people fresh out of school – it would be great to have that hand on class interaction, but I just simply can’t afford it. Plus, I have been trying to get them to get a hold of me to talk about classes/courses, and they haven’t. So the door seems to be closing on that one.
My mistake – I tried working with a 64-bit version of Windows 7 for Georgia Weidman’s Penetration Testing Book. If you do that, you are going to have a bad time. So, let’s do this again with a Windows 7 32-bit version.
I downloaded Windows 7 Ultimate 32-bit from Softlayer here. I plan to be done with this book within the 30-day trial window.
For Java 7, Update 6, get it here. I used the x86 version this time.
UPDATE: I tried following Georgia Weidman’s Penetration testing book with a 64-bit version of Windows 7 sp1. IIS just wasn’t installing (I think). I am blowing away the machine and going to try with a 32-bit version. Everything below in the post is when I was running through setting up Windows 7 sp1 x64.
Going through Georgia Weidman’s Penetration testing book, I am almost done with Chapter 1. Looks like the additional software for the Windows 7 target has some issues
Since I had so many problems with IE 8, I downloaded the latest version of Firefox as Georgia directs to do. I used this to download the other software requests.
For Java 7, Update 6, get it here. The link in the book doesn’t work. I had to create an Oracle account to download it.
Winamp 5.55 can be downloaded here. I didn’t even try to download it from http://www.oldapps.com/winamp.php?old_winamp=247/. I haven’t had any luck downloading any application from there.
Supplementary information on this book can be found here. This is where Ubuntu is and the BookApp Georgia asks to install at this point of the book.
I am running a 64-bit version of Windows 7. I started to think this would give me complications when I started seeing x86 versions of files. Everything actually worked until I needed to install SQLXML 4.0 sp1. Since the BookApp folders only have the x86 version of SQLXML 4.0 sp1, I went to Microsoft for the 64-bit version which can be found here.
A quick blurb – one thing about setting up the networks from Georgia Weidman’s Penetration Testing book is that she has the networks as bridged. Which is nice, until you start setting up your own static IPs. I use an Apple Express which has Class A public IPs (10.0.1.1 – 10.0.1.254), so I set my static IPs for XP and Windows 7 in that range. If you hop on a network that is in the Class C public IP space (192.168.1.1 – 192.168.1.254), it isn’t going to work. I remembered this when I started using the VMs at the coffee shop rather than home. The solution? Either revert back to DHCP to get on the Internet or create another network, this one should be a NAT (Network Address Translation). This way the VM creates its own NAT behind the LAN/WLAN router. I am going to then disable it after I get what I need from the Internet.
In Georgia Weidman’s Book, Penetration Testing: A Hands-On Introduction to Hacking, it looks like the link to XAMPP 1.7.2, Adobe Reader 8.12, and mona.py is broken.
I used SourceForge to download XAMPP 1.7.2, direct link here.
I used Brothersoft to download Adobe Reader 8.1.2, direct link here. (Disclaimer: Brothersoft has an executable wrapper around the software, where it downloads a Brothersoft executable which downloads Adobe Reader. Dumb.)
I used corelan’s GitHub repo to download mona.py, raw file here.
I have decided to continue working through Georgia Weidman’s book, Penetration Testing: A Hands-On Introduction to Hacking. I got stuck on page 40, chapter 1 when it Georgia asked me to install Zervit 0.4 on Windows XP sp1. Windows XP sp1 comes with IE6 which is so old, most web servers don’t even support the connections to it. So when I tried going to http://www.exploit-db.com/exploits/12582/ to download Zervit, I was getting a blank page.
So, I had two options, one, I thought about installing VMWare Tools and connecting a folder where I could download Zervit on my host machine, put Zervit in the folder, and then open it in XP. I couldn’t seem to be able to install what was needed on the host machine (when I went to Player -> Manage -> Install VMWare it was greyed out), so plan two, I updated IE 6 to IE 8 through automatic updates but didn’t install any of the security updates (I think I might have don’t killbits along with updating IE 6 to IE 8, I hope this doesn’t come to bite me later). Once I got IE 8 installed, I, of course, used it to install chrome.
Now I have access to many more sites, as chrome for XP is supported a bit better than IE 6. Went to http://www.exploit-db.com/exploits/12582/ for Zervit 0.4 on my shiny new XP sp1 chrome browser and viola, I am able to access it.