New Great Tool – Web Hacking

I am trying to focus on both Web App Security and Threat Intelligence for the next few months.  I would love to work on bug bounties in my spare time, but I am not a programmer and know only just enough web app development stuff to do my job.  That is, I have a base knowledge from my certification studies (and lab work), and from running Burp Suite for pen testing, but I don’t feel ready to participate in any type of bug bounty programs.

So far, I have only signed up for a couple of Udemy Classes and purchased the book that was recommended,  The Web Application Hacker’s Handbook:  Finding and Exploiting Security Flaws, 2nd Edition.  But I was looking around the bugcrowd website  this morning and found a site I love.  Hacksplaining is a great resource and should be included in your learning list if you too need to get up to speed quickly.  The site is awesome, and super easy to follow.  There are pictures and walk-thrus and is really a great way to learn.

Advertisements

May 29-PowerShell and OverTheWire

Today is a short day for me.  I have class tonight for three hours, leaving only 5 for other study and work today.  The CISSP class, which I won via a scholarship, is through CyberVista, and the jury is still out on how good or bad this class may be. . .I am leaning toward not so good, but I need to finish before I judge.

I found a couple of decent PowerShell tutorial options last week that I will be working on for a bit.  I am watching this set of videos to learn PowerShell Scripting.  Then, as a slower more comprehensive look, I am also reading and working through the Manning book here.

I read somewhere recently (forgot to write down where, hence the new focus and me posting my work daily now) that CTF type events are crucial for really learning infosec, so I am having some fun on the OverTheWire site learning how to do this.

For the drive home, I will be listening to several youtube videos on BurpSuite for my external pen testing date tomorrow.  Someday I will know what I am doing, right?!

New Focus For the Blog

Blogging isn’t my favorite, but I need a way to keep track of what I’m doing, where I go each day, what I read, what I try, and what I learn.  My blog, this one here, will be all about what I am learning each day.   It is my goal to blog each day about all I did that day.  I am literally drowning in information since being promoted to Security Analyst and I have to start documenting and making a clear path.  I can’t do that if I can’t see where I’ve been and where I am headed.

I am the lone security person at my organization, I am the first security hire at the non-profit I work for.  The pressure I am putting on myself to become the best security employee I can is great.  I need to be the red team, the blue team, the IR team, the SOC team and the CISO the best I can as quickly as I can.  That leads to days and nights filled with searching and learning, and I am loosing track of what I have completed, and working on and have planned to do.  This is where I will be documenting that for the foreseeable future here.  Just a warning. . .

Time for an update! New Job

It has been a crazy busy wacky kind of fall for me.  It is a long story that no one really needs to know, but to make the story short, I am now an IT Data Security Analyst!  I made a plan a little over a year ago to either move into web design or Security, and all the doors kept opening for security, so I kept going through them, and now here I am, in a security job!!

I have tons of updates to post, and I want to start tracking my progress here even if it only ever helps me remember where I came from and where I am heading.

The first order of business is to pass the CEH v9 exam/certification.  I sat for the class last week and will be studying for the next few weeks in order to hopefully take the test in mid – late January.  Fingers crossed. . .

Learning CodeBuilder was tricky, Stackoverflow to the rescue!

I spent, sadly, a bunch of time today going over one single lesson on creating a project in CodeBuilder to fix two small issues so I could get my project to build.  One error was my own spelling, and I should know by now that if something in code isn’t working for me, I HAVE to check my spelling first.  It is indeed crucial for elements of my buildspec yaml file to be spelled correctly.  Sadly, they were not, they are now, but wowza that sucks a bit.

My second error arrived today when my artifacts, now spelled correctly, wouldn’t upload.  Played with that a bit, deleted and re-did my project with the same errors.  Had to delete and re-add roles, that didn’t help.  Finally decided to take a chance and see if the googler had any ideas and of course the first search object linked to a Stackoverflow thread gave me the answer I needed.  Turns out, I was in the wrong region with my project.  I quickly fixed my error and suddenly I have a build that works!

My head is spinning and I am sure I explained all of that horribly. . .but it is all just here to remind me that I need to just stick with this.  I might need to get up and walk, have a coffee, take a day off, but I can figure things out if I just retrace my steps, check my spelling, and always google errors (AND endpoint errors in AWS might be related to region mismatches).

Monday Learning – AWS CodeBuild

I started using CodeBuild today in AWS.  I love it, and thought I understood all I was doing, until I didn’t.  Isn’t that just the way it is when learning to code things?  You take a class and all is going well for a bit, then you hit a snag and things don’t work like you expect, and suddenly not having a live person to ask questions becomes the biggest obstacle to your forward movement!

I am taking a break, and then I will do what I usually do to fix my broken code and things online. . .

  1.  Back track and repeat the steps I took to get to the broken part.
  2. Search the notes to see if others have had the same trouble.
  3. Search Google for answers (hello stackoverflow).
  4. Quit for today, cry about my failure, and try again tomorrow.

Maybe it is time to sign up for some live classes instead of all of this online “virtual” learning, cause all is fine until someone quits learning for lack of a simple answer and a bit of help.  Any CodeBuild experts listening??

 

New Things to See and Do and Learn

Its been a long summer of classes and learning, and instead of being too tired to learn more this fall, I find I am driven to learn and do more.  I want to know more things, I want to learn about the Cloud and Web Development and DevOps while I’m at it.  I am not sure where all of this is leading, but I am mesmerized by what I can do over on AWS (Amazon Web Services).

I found this site, A Cloud Guru, and I really like learning from them, so I have signed up for a couple of their classes.  I chose the Associate Certified Solutions Architect for the long haul, and the Create A Serverless Portfolio with AWS and React for the quick and dirty how to.  I can’t wait to finish both of these and get to work and get certified.  Not only does this address all three areas above that I am interested in, but it is all about building stuff, and I love that so much.

After that. . .on to Azure, Office365 and Google Cloud. . .I am not slowing down or giving up on the dream of more. . .

Final CISSP Class Tonight

About 9 weeks ago I began the CyberVista CISSP Training Course.  I knew going in that I might not be able to sit for the test for a while, mostly due to the fact that I don’t yet have a job in security, and that is a requirement.  I could try and get some entry level security type job, but the fact of the matter is, I’m not ready.

I have been on a couple of interviews, mostly for jobs just outside security, and I realize that the elephant in the room for me is routing and switching.  I am scared to death of it, I am letting it intimidate me, and I am done not knowing all the things I need to know solid.   It is time to face this fear and knock it down.  So I will finish my class this week, but starting today, I am going to start studying for the CCNA Routing & Switching.  I will sit for both tests by the end of January.  After that, I plan to study for and take the CCNA Security test by the beginning of March.  When I have completed that, I will have gotten my CCNA CyberOps, CCNA Routing & Switching and my CCNA Security in a year.  Once I have those certifications in my pocket, I will get a Security job which should then allow me to study for a couple of months and then take the CISSP Exam.  It is then my plan to start focusing on Cloud Technology by getting Amazon Certifications next year.

I will change my future, and I can do this!

CCNA in Cyber Ops, check

I did it. . I got certified this weekend!  After only 3 LONG months of studying every single day I finally took the second test and passed this weekend!

I won’t lie, it was hard for me.  I took a Security+ class back in December and knew that I couldn’t test for that right away because all of those ideas were just bouncing around in my head without any feet to hold them down, if that makes sense.  So I was pretty scared when I started listening to online classes and reading the material for the CCNA test.  I knew I was going to have to supplement and really dig in to understand, and I did.

So now, I am doubling back and re-reading my Security+ book so I can test for that in two weeks.  I also started a 12-week online class to prep for the CISSP Exam that I plan to take in October or November.  I am going to do this Security thing no matter what. . .I may have to start my own company if no one will hire me. . .but watch out. . .I will do this!

Ladies. . do hard things!  If there is something you want, go for it.  You CAN do it no matter what they told you!!  Have confidence, sit down, and do it. . .even if it’s hard and doesn’t click the first time. . .keep trying!!

First step is complete

I haven’t written much lately, have had my nose in either a book or my computer studying to take the two test that will earn me my CCNA in Cybersecurity.  It has been very hard.  I started the adventure back on April 1 and have studied every single day since then.  I has been hard, fun, challenging, exciting, and miserable all together.  I knew next to nothing going into this about security, and I now know a bit more.  I have gone deeper into the Windows OS, worked long hours in Linux, used some awesome OpenSource tools and will now sit for my first of two tests tomorrow morning.

I am nervous, but feel moderately prepared.  I have heard from others that this test is the easier of the two, but that is from people who have been working in Networking for a while so I am not sure their opinions are relevant for me.

I promised myself a bit over a year ago now that I would dive in and try some new tech skills until something stuck that inspired and amazed me.  I have tried web development and security now and I love them both.  Cybersecurity is probably the best fit of all.  Some development with a bunch of security is exactly what I love.  Do hard things, make a change, believe in yourself. . and wish me luck tomorrow!

« Older entries