TryHackMe progress of last week

March 03, 2021 by Jonathan Lemoine

TryHackMe progress of last week:

I was able to get the first 3 Flags from the Easy machine in the Hacker of the Hill CTF challenge, I’m still trying to get the Root Flag, but the CTF room is supposed to end tomorrow(27th).
Since getting at least one flag, I also got an invitation to participate in HackerOne's bounty program.

Also, this week, while I work through the Cyber Defense learning path, I got the 7 Day streak and Wireshark badges.
Worked through several rooms in the learning path, but have lots more to go.

Update: Once the room embargo was lifted I got a hint from the THM discord for the root flag of the easy room. I investigated more and what I needed was staring me right in the face.
I was able to get the root flag.
I did not attempt the medium or hard rooms, because I’m starting to feel a time crunch. The goal to get CySA+ certified by mid April is coming in fast.

I also have the hardware I was waiting for to deploy the HomeLab updates, but I’m re-evaluating the layout at the moment.

Wild West Hackin’ Cast

February 26, 2021 by Jonathan Lemoine

This week I was fortunate to attend a Webcast from Wild West Hacking Fest. It was presented by Matthew Luallen on the subject of (OT) Operational Technology.

It included a download and demonstration using the CybatiWorks Virtual Machine.
This VM hosted a virtual industrial production environment, complete with computers, networks, and production equipment.
The demonstration was to bring awareness of the needed security of these production environments and the types of attacks that are possible. The demonstrated attack was on a bottle filling machine where the attacker was able to bypass the fill limit and start over filling the bottles.

I’m excited to investigate the VM when I can free up some time!

BHIS OPSEC Webcast

February 19, 2021 by Jonathan Lemoine

This week I attended the Black Hills Information Security OPSEC webcast with Michael Allen. It was an amazing webcast with lots of great information. It really made me step back and re-think some things.
As I learn more about #cybersecurity things start making more sense and come together. This webcast showed some of the tactics that a #RedTeam has to use to go undetected by the #BlueTeam . I will 100% be keeping these ideas in mind for times to come.

Home Lab Planning

February 04, 2021 by Jonathan Lemoine

I’ve started acquiring some hardware and planning my home lab. I’m waiting for an SSD to arrive for the PFSense machine. I’ve been watching some videos from Lawrence Systems and IT Security Labs YouTube channels for the setup of PFSense and Security Onion.

I made this diagram in Lucidchart of the way I envision everything connected.

My Journey into Cyber Security, thus far...

January 27, 2021 by Jonathan Lemoine

I’ve been interested in security for quite a while now. Over the past few years, I have learned quite a lot. Past and present employment has not presented me with many security-focused projects, but during my day to day tasks, security always plays some part.

In 2018, I studied for and got Comptia Security+ certified. This was a small step in this journey that I’ve begun. In 2019 I came across penetration testing videos on YouTube. These looked really interesting and were something I definitely wanted to learn more about. YouTube is a great resource for information, but it can be incomplete. I began studying for Comptia’s Pentest+ certification. The materials I used included:

Video Series:

Jason Dion’s Pentest+ course on Udemy
ITProTV’s Pentest+ course
I also watched lots of videos on youtube from The Cyber Mentor, IPPSEC, I.T. Security Labs, and Hackersploit.

Physical books:

CompTIA PenTest+ Certification All-in-One Exam Guide (Exam PT0-001) 1st Edition by Raymond Nutting
https://www.amazon.com/CompTIA-PenTest-Certification-Guide-PT0-001/dp/1260135942
The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy 2nd Edition
https://www.amazon.com/gp/product/0124116442/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

Virtual Labs

I got a Hackthebox subscription for a couple of months and went through walkthroughs on a couple of retired boxes. I also tried a couple on my own but was not successful. Hackthebox has some great challenges but I needed something more basic or instructional.
I tried Tryhackme and I loved it. I'm definitely going to be using this for a while moving forward. I went through some of the basic learning paths on things I was not very comfortable with.
I set up several VMs to run older OS and Vulnhub machines.

Practice tests:

TOTAL: CompTIA PenTest+ (PT0-001) Practice Tests.
https://www.udemy.com/course/comptia-pentest-pt0-001-practice-tests-4-exams/
CompTIA Pentest+ (PT0-001): 6 Practice Exams
https://www.udemy.com/course/draft/2066977/
CompTIA PenTest+ Certification Practice Exams (Exam PT0-001) 1st Edition, Kindle Edition.
https://www.amazon.com/gp/product/B07KTKLFTF/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1

I took the exam in April of 2020, this was just after Pearson Vue released it’s online testing platform, so it was a new experience from what I had in the past, with Comptia exams.
I found the Pentest+ exam to be a difficult one, I took my time and flagged any questions or PBQs was I not confident in. I went over them 2 more times. Submitted the results and Passed :D .

Since becoming Pentest+ certified, I am continuing to use Tryhackme when I can and I regularly watch/listen to Security Podcasts and videos on Youtube.

My next steps are going to be creating a more Blue Team focused home lab with PFSense and Security Onion. I’m currently procuring hardware for this and beginning to study for Comptia’s CySa+ certification.