Where I am at in my training process
So this is supposed to be a technical blog, yet here i am and haven’t written much about my actual progress towards working in Cyber Security.
I am sure you have had enough of the soppy-ass emotional and feeling and thoughts writing. So for the rest of this post I will refrain and stick to cyber stuff.
As of today, June 3rd, I have completed, prework for Flatiron Cyber Sec Course, The Cyber Mentor Ethical Hacking Class, TRYHACKME’s Complete Beginner Path, Defensive Path, and their Pentesting+ prep course. I am about 85% of the way through their Web Fundamentals path, and I plan to finish it as soon as I am finished writing this post.
My strategy coming into this learning process has been to first get my feet wet prior to my enrollment in actual classes at insitutions. I had intended originally to load up as much knowledge as i could prior to my boot camp (that i am no longer taking :/). I first did this with the prework for the Cyber course at Flatiron. This was decent and gave me a deeper knowledge of the basics.
The prework was definitely a view from 10000 feet of cyber. It was more an introduction to the processes and knowledge needed to be sucessfull. I was able to breeze through it in a weekend, due to my prior experience as a professional and as a hobbyist.
TCM Practical Ethical Hacking
Once I completed my prework, I moved onto TCM Security Practical Ethical Hacking course. This has been my favorite of the courses I have taken so far. It really introduced me to all of the different paths to exploits as well as taught me some really good enumeration methods. My favorite part of the course was Active Directory Exploitation. It is probably due to my familiarity of the AD environemht from my previosu role, but I also enjoyed the idea of not breaking things, but instead abusing existing policies and misconfigurations.
I started the class not really knowing to in depth of how exploitation and pen testing works and left with a solid basis for moving forward. With my new knowledge I could even take on some boxes in the HackTheBox catalog. That felt pretty good because I remember trying years ago before giving up. I am now able to move through them quickly. Although the course taught me so many technical things, my major takeaway from the course was the part of report writing and note taking. I not only learned how to write a proper post pentest report, but I learned to perfect my notes and find a style that worked best for me. Overall I cant recommend the TCM PEH class enough!
TryHackMe Defensive Path
My next step was to take the Defensive Path course in TryHackMe. When I had originally looked at Cyber Security, I had looked in the defensive side, and since I had just completed a “red” side I decided to give “blue” team a try.
This class was very interesting to me as it got more into the nitty gritty of the logs and systems of the machines. I learned how to read logs and and properly configure domains to try and prevent AD exploitation. When it came down to my favorite part of the course, I would have to say it is splunk. I love being able to customize my own dashboard with queries that I know work best for my use case.
Another part I really enjoyed was the malware analysis. I really enjoyed having to dig through the code to try and determine what it is and how it works. Overall, I feel as though the Defensive Path gave me a good overview of the knowledge I would need to be successful as a Blue Teamer.
Red or Blue?
After completing both a Red and Blue Team class, I am leaning a little bit more towards Red Teaming. I like the challenge and freedom of being just presented with a target, and you need to find a way to exploit it. There is not right or wrong answer because each person has their own process. I really like this.
Also if I’m being completely honest, I also enjoy the just the ability to break things and manipulate them to get a desired output. I guess it kinda feels powerful.
Although I am leaning Red, I do enjoy some aspects of Blue Teaming. I really enjoy the analysis part as well as threat hunting as it feels like being a digital detective.
Its definitely something I am going to continue learning about as I can see how it will help me get better as a red teamer and when I am writing reports, I can actually suggest in detailed fixes.
TryHackMe Beginner’s path
During the other two courses, there were occasionally things that I was not familiar with and they seemed to be building off of other things. Having paid for the THM premium membership for the month i decided I would take advantage of their Beginners Path Course. Most of it was a review of stuff I had went over in the previous two courses, so it went fairly quick for me. However there were many things that I learned that I was missing from the previous two classes.
Although this was mostly review, I did come away with some amazing insight. I really saw the value of the notes I was taking as well as the value of reviewing things. There were so many concepts that I had covered prior and had a solid idea of, but being taught in a slightly different way, the same subject, really helped me go from a concept in my head to being able to consistently execute said principal.
TryHackMe Pentesting+ prep
As I was going through other courses, I had completed the majority of the rooms for this course, So i figured I might as well continue and finish it. This was my first course that was almost just focused on exploiting boxes. I really enjoyed it and am looking forward to the time when I can just attack boxes for practice and fun, but for now I need to keep on chugging away on the education train.
Plans for the future
As for classes I am going to sit down and focus on before my real classes start, I am planning on finishing the Web Fundamentals.
I have been enjoying this, as web vulns are probably going to be the most common thing i come across. I really enjoy xss and filter evasion. I am hoping to finish this course soon :)
After that I am going to start on the hacker101 course for hackerone. I am looking at this due to the fact that it could possibly lead to me working in their bug bounty program. This could be a good way to get exposure working on real world applications and really seeing if I have what it takes.
I have also heard amazing things about their report writing and rules of engagements segments of their course. I am looking at really beng able to take my report writing to the next level. I believe that if i can master report writing I can really stand out amongst the field and be more succesfull. As for the rules of engagement. This is one area in paticular that I know I am lacking in.
Anyway, Ill talk be back soon. Off to go finish Web Fundamentals.
If you are on TryHackMe, add me! @mwnsec