I wanted to share a quick filler post about my status, certifications, and a few posts that I have in the works.
Status, Certifications, and Upcoming Posts - Introduction
If you couldn't already tell, this post was already a few days late. I've been a bit slammed with this long-term engagement for work, among other personal reasons.
That said, I wanted to keep my post streak going, so this will end up being more of a filler post. Feel free to reach out about anything, or new posts ideas!
Status - General
Work wise, I've been working on a multi-month red team assessment that's been quite interesting. This is a very hardened target, and we've done some interesting (and slow) work during the course of it. I'm hoping to maybe release one tool or technique by the end, but we will see.
I've also been dealing with some mental health and personal issues recently. This is nothing that I want/need to talk about openly, but I'm always reachable if you need someone to talk to! I appreciate your support, and I definitely plan on continuing to post.
Other than that, things are going great with this job, and I'm coming up on my 2 year anniversary in February. If I make it there, it will mark the longest that I've ever had any job! We're still hiring for my team, so reach out to me if you like a pentesting referral.
Status - Certifications
I finished up my SLAE course a few weeks ago, and got my passing notification last week!
This was a great course, and I'll have one more review/exam post about it soon.
For my next certification, I decided to finally start the OSCE. I got my materials on 21 October, along with 60 days of lab access. If I knock everything out in time, then there is a chance that I can finish before the beginning of 2019! If not, then I will knock it out in Q1 pretty easily.
I'm hoping to automate everything during the course, so we'll see how much longer that takes me.
Other than that, I'm still trying to narrow down my certifications for next year.
- Ptrace ASE - this looks like a competitor/slight upgrade to the OSCE. I have a coworker enrolled in both, and is constantly singing the praises of the ASE. I'm definitely interested in getting better at exploit development, so maybe I will start with this one after finishing the OSCE.
- OSEE - ah yes, the OSCEE. This is the 3rd level of OffSec's courses, and by far the most brutal. If I want to get into recent exploit development, then this is the course for me. The only downside is that it's only held at BlackHat, and it sells out quickly. I do have pre-approval from my manager to sign-up once registration opens though, and I'm not opposed to going to Vegas again.
- SEC760 - SEC760 would be a nice follow-up to my GXPN. That said, I heard that there is a lot of overlap between this and the OSCE, so I am not sure if it is worth it.
- eCRE - eLearnSecurity's Reverse Engineering course. My reverse engineering skills could definitely use some work, even just for CTFs. I've also already paid for this one, so it's not a bad option.
- FOR610 - another reverse engineering option, only from SANS. I don't know much about this course though, and I still have the eCRE that's already paid for.
- eCPTX - I was SUPER excited for this Red Team oriented version of the eCPPT. That said, I just haven't had the time to start it (also already paid for).
- SEC617 - the SANS wireless course could be interesting, especially as I'm trying to do more wireless assessments. I have no real experience with Zigbee, Z-wave, DECT, or SDR, so this would be valuable there. That said, this is one that I'd want to do in person, so it could get pricey.
If you have any comments or suggestions, then definitely let me know!
I attended BSidesRDU last weekend, and I'm hoping to get my post for that finished as soon as possible. Additionally, I have about 4 or 5 write-ups from the https://twitter.com/EverSecCTF that I helped run.
Beyond that, here is a list of posts that I've at least started writing so far.
- The aforementioned CTF write-ups, plus some more from DerbyCon
- CTF Forensics
- More XSS fun
- Setting up Sysmon + Winlogbeat
- Basic Packer usage
- A recently used malicious Word document
- An SLAE Exam/review post
- SUDO escalation
There are some more in the works, but I'm always open for ideas or suggestions.
There are a few other things that I wanted to mention, that don't really fit in with the above categories.
First, I'm looking at ways to possibly monetize this blog. If you've ever talked to me in person, you know that one of my dreams is to have a 100% research/development or blogging role. While I don't think that this blog can currently replace my salary, I'd love to get started.
If you have any suggestions for methods or platforms, then I'd love to hear them. If you've ever made your entire salary from blogging, then please reach out to me!
There has also been a lot of negativity and toxicity in our industry as of late. Dave does a better job of summing up his feelings on this than I could. I still plan on staying active in the community and social media, but I will be more aware of any potential negativity.
Finally, I've been working on setting up a lab environment for better infrastructure, learning, and hunting myself. I've got the Server 2016 images partly built (Packer post coming soon). I've also got the HELK installation already setup. That said, I still have a lot of learning to do to use Terraform for the instrumentation. I'm hoping to have a fully configured Windows domain to test and learn new red team TTPs, as well as how they appear to the blue side. If you'd like to help, then reach out to me (especially if you've used Terraform before).
Status, Certifications, and Upcoming Posts - Conclusion
I'm hoping to have some time this week to work on more of the above blog posts. That said, at least this post is only a week or so late.
If you would ever like to talk about my job, my blog, or anything else, then you can always reach me here or at Twitter.
I still plan on posting once a week once I catch up and backdate, plus I'm approaching my 200th post in a row!