Preamble

This month there is a variety of interesting subjects that caught my eye:

1. Passed the OSCP
   First and foremost, I am most excited to report that I passed my third attempt at the Offensive Security Certified Professional (OSCP) exam. I already drafted a post on the experience leading up to and through the exam, but it bears repeating: this was the most difficult cyber security credential I have obtained. This certification is not one for the remotely interested; there are a variety of other certifications available for testing the waters first, such as CEH and eJPT. For those who really want to knuckle down and commit to their offensive education, however - achieving this certification is its own cyber agoge.
2. Javascript for Penetration Testers
   This course - offered by Pentester Academy - is an oft recommended primer for those who want to prepare for eventually tackling Offensive Security’s Web Expert (OSWE) examination. I’m currently in limbo between professional education programs (not counting my Masters program and the entry-level Amazon Web Services exam next month) and trying to determine where best to allocate my efforts. Since Offensive Security is in the midst of overhauling several of their core training programs (to include the OSWE and their exploit-development certification, the OSED), I’m leaning towards pressing on in this direction. This has the added benefit of providing tangential education towards independent work, such as Bug Bounty programs.
3. CISA ICS training
   I recently sought to extend my knowledge of how Industrial Control Systems (ICS) could be targeted by cyber attacks. The Cybersecurity & Industrial Security Agency (CISA) hosts an online virtual course that addresses this topic for free. The course is very well organized (if not a little rushed) as it walks through a variety of topics, including an introduction to how Programmable Logic Controllers (PLCs) work and how penetration testing of ICS differs from typical networks. Completing the course within the allotted 2 weeks grants a certificate of completion and satisfies the prerequisite needed to attend CISA’s 2-day long hands-on course in Idaho. I liked the course, although I would have liked to have had more time to ingest the course material.

4. Free SANS events
   SANS is hosting an array of events in the coming months that are free to the general public to (virtually) attend. They include:

   • The ICS Cybersecurity Summit
   • The New to Cyber Summit
   • The Purple Team Summit & Training
   • The CloudSec Next Summit

Since they are all free, it’s well worth checking them out to discover and expand my knowledge base.

1. Programming in C
   I hate to plug my Masters program time-and-again, but a good thing that keeps adding value is worth mentioning. I’m enrolled in a Graduate Introduction to Operating Systems (OS) course; at this point I’ve completed my first project, began my second, and am getting ready to take my midterm exam. The course thus far is a balancing act: the lecture content and academic white papers focus on abstracting OS concepts - such as the way user-level processes pass to-and-from the kernel - while the projects themselves progressively build up on those concepts, including the creation of multi-threaded client/server programs. All of this, I should add, is written in C (an added challenge, given that my programming experience is mostly restricted to java and python).

• ← Previous Post
• Next Post →