Cyber Security/Red Teaming Path

Caveat: I know this isn’t our usual posts where we show some random thing we’ve had to do to make something work. However, I’ve been struggling to find a solid path of how to progress in the following part of the Cyber Security industry so I thought I would post it on here so others could see what I’m planning on doing. I will provide an update later on in the year with how I’m getting on and what I’ve found needs additional research/training.

As discussed in one of my previous posts I’ve been getting into Cyber Security again specifically Red Teaming/Penetration Testing. I’ve spent the past few months trying to figure out how to go about expanding my knowledge and enjoying what I’ve been doing.

I’ve struggled over the past month or so to try and figure out what way I want to go with this and how I go about getting there. I’ve read people mention that OSCP by Offensive Security: https://www.offensive-security.com/pwk-oscp/ is a good certification to get however, my research suggests that it’s quite complex and requires a lot of knowledge which I don’t have. Further to this, it seems like a significant leap from where I am now and where I have to be to become certified with no real way of realising how far or close you are without taking the exam.

So here is a bit about me and what path I plan to follow in 2022 to hopefully get to the level where I can pass OSCP.

My Background

So, a little bit about me in case anyone stumbles across this and wants to understand what I’ve learned and where I am planning on taking the next steps.

I graduated in 2012 with a Computer, Networks & Security degree. This degree primarily focused on Cisco’s CCNP certification at the time which included Switching, Routing, Network Security (VPNs and some Firewalling) and Network Optimisation (Quality of Service). Whilst going through this degree I did get the opportunity to expand on some of the security aspects so I elected to take Biometrics, as well as Computer System Security which focused on Encryption and another module that focused on Anti Virus. Both of these last two modules ended up having coding assignments which from memory I wrote in Java.

After that, I spent a couple of years working with a consultancy firm gaining experience and focusing on Network Security gaining my CCNP Security in the process. At this point, I was pretty proficient in a lot of the networking technologies having my CCNP Routing & Switching as well as the Security track. Then it all stopped. I ended up moving jobs due to personal reasons and moving into an infrastructure based role doing all sorts of other things becoming more of a generalist rather than focused on a specific path. However, I was granted the opportunity to get my Certified Ethical Hacker (CEH) from EC-Council back in 2015 which I passed but never used again.

So this pretty much brings me up to 2021 where I discovered the Darknet Diaries podcast which I mentioned in a previous post. Since catching up with this podcast I have undertaken the following training/expierence.

• Signed up to Try Hack Me and successfully completed the following free rooms:
  • Advent of Cyber 3
  • Vulnversity
  • Blue
  • Kenobi
  • Daily Bugle
  • Overpass 2
  • Relevant
• Using my account from my CEH days I have signed up and paid for the following courses on their continuous learning platform CodeRed:
  • Wireshark for Hackers $1.99
  • Blackhat Python: Python for PenTesters $1.99
  • Practical Cyber Threat Intelligence $2.99
• I brought a variety of books which John Hammond recommended on his YouTube channel. In total it was 13 books which worked out to about $15 I haven’t really started these but have them available to get into.
  • The Tangled Web – https://www.amazon.co.uk/Tangled-Web-Securing-Modern-Applications/dp/1593273886
  • Serious Cryptography – https://www.amazon.co.uk/Serious-Cryptography-Jean-Philippe-Aumasson/dp/1593278268
  • Rootkits and BootKits – https://www.amazon.co.uk/Rootkits-Bootkits-Reversing-Malware-Generation/dp/1593277164/ref=sr_1_1?keywords=rootkits+and+bootkits&qid=1641382210&sprefix=rootkits+and+%2Caps%2C50&sr=8-1
  • Real-World Bug Hunting – https://www.amazon.co.uk/Real-World-Web-Hacking-Field-Hunting/dp/1593278616/ref=sr_1_1?crid=LPR4HJLF7U64&keywords=real-world+bug+hunting&qid=1641382232&sprefix=real-world+bug+hunting%2Caps%2C52&sr=8-1
  • Pratical Malware Analysis – https://www.amazon.co.uk/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/ref=sr_1_1?keywords=practical+malware+analysis&qid=1641382260&sprefix=practical+malware%2Caps%2C77&sr=8-1
  • Practical IoT Hacking – https://www.amazon.co.uk/Practical-IoT-Hacking-F-Chantzis/dp/1718500904/ref=sr_1_1?keywords=practical+iot+hacking&qid=1641382277&sprefix=practical+IOT%2Caps%2C50&sr=8-1
  • Practical Forensic Imaging – https://www.amazon.co.uk/Practical-Forensic-Imaging-Bruce-Nikkel/dp/1593277938/ref=sr_1_1?keywords=practical+forensic+imaging&qid=1641382295&sprefix=practical+foren%2Caps%2C56&sr=8-1
  • Pentesting Azure Applications – https://www.amazon.co.uk/Pentesting-Azure-Applications-Definitive-Deployments-ebook/dp/B072SS34CP/ref=sr_1_1?crid=OEMB16361B3W&keywords=pentesting+azure+applications&qid=1641382315&sprefix=pentesting+azure+applications%2Caps%2C68&sr=8-1
  • Malware Data Science – https://www.amazon.co.uk/Malware-Data-Science-Detection-Attribution/dp/1593278594/ref=sr_1_1?keywords=malware+data+science&qid=1641382333&sprefix=malware+data%2Caps%2C59&sr=8-1
  • How to hack like a Ghost – https://www.amazon.co.uk/Hack-Like-Ghost-Sparc-Flow/dp/1718501269/ref=sr_1_1?crid=XDOWTATQZIGJ&keywords=how+to+hack+like+a+ghost&qid=1641382352&sprefix=how+to+hack+like+a+ghost%2Caps%2C54&sr=8-1
  • Foundations of Information Security – https://www.amazon.co.uk/Foundations-Information-Security-Jason-Andress/dp/1718500041/ref=sr_1_1?keywords=foundations+of+information+security&qid=1641382375&sprefix=foundations+of+inform%2Caps%2C59&sr=8-1
  • Cyberjutsu – https://www.amazon.co.uk/Cyberjutsu-Ben-McCarty/dp/1718500548/ref=sr_1_1?crid=1KGQC4W786UDD&keywords=cyberjutsu&qid=1641382393&sprefix=cyberjutsu%2Caps%2C59&sr=8-1
  • Crypto Dictonary – https://www.amazon.co.uk/Crypto-Dictionary-Cryptographic-Tidbits-Cryptographer/dp/1718501404/ref=sr_1_1?keywords=crypto+dictionary&qid=1641382407&sprefix=crypto+dic%2Caps%2C58&sr=8-1
  • Black Hat Python 2nd Edition – https://www.amazon.co.uk/Black-Hat-Python-2nd-Programming/dp/1718501129/ref=sr_1_1?keywords=black+hat+python+2nd+edition&qid=1641382423&sprefix=black+hat+python%2Caps%2C68&sr=8-1
  • Black Hat Go – https://www.amazon.co.uk/Black-Hat-Go-Programming-Pentesters/dp/1593278659/ref=sr_1_1?crid=26MF4LYLGUK4J&keywords=black+hat+go&qid=1641382443&sprefix=black+hat+go%2Caps%2C57&sr=8-1
  • Attacking Network protocols – https://www.amazon.co.uk/Attacking-Network-Protocols-James-Forshaw/dp/1593277504/ref=sr_1_1?crid=1Y19UYI87YANP&keywords=attacking+network+protocols&qid=1641382466&sprefix=attacking+network+protocols%2Caps%2C58&sr=8-1

As you can see I haven’t done too much since deciding to go down this path and my previous experience as a consultant has all but illuded me now with it being over 7 years ago that I was doing it. Nor have I spent too much money.

The Path

So now to the path I have chosen. First of all, I am going to take the certification eJPT which is e-Learn Junior Pen Tester: https://elearnsecurity.com/product/ejpt-certification/. This should be a nice starter into the field and as I have a lot of experience in my day job at networking so I’m hoping that taking this exam will allow me to pass it to keep my motivation up whilst allowing me to see where I need to improve. This one costs $200 and the training is free through INE.

Then once I have passed that, I am going to move on with the following objectives:

• Read the books I purchased above.
• Complete more of the Try Hack Me rooms
• Sign up to and complete some of the Hack the Box rooms. Will need to check what costs are involved with this.

Once confident in my abilities I am going to attempt the following qualification from e-Learn: https://elearnsecurity.com/product/ecpptv2-certification/. This certification costs $400 plus if you want access to any of the training material you have to sign up for a paid version of INE, which is $49/Month. This from what I can see is a good stepping stone towards the OSCP which is my goal.

Hopefully, at this point and passing both of these, I will be more confident to have an attempt at OSCP.

For further information on how I came up with this plan please look at this security certification roadmap that I found which from what I can see is pretty current at the time of writing – Jan 2022: https://pauljerimy.com/security-certification-roadmap/

Update – 14/01/2022

So today I took my eJPT lab exam. The exam itself was really good with 20 multi-choice questions which you could answer depending on how far you got and how much you managed to compromise. You get 3 full days to access the lab and go through the pen test and need to get 75% correct. I started at 8:30am, went through all 20 questions and downloaded the engagement pack.

You get a VPN file that drops you onto a network for you to begin your work. Within 3 hours I had compromised everything on one network and had pivoted to another, by this point I had answered 19 questions and three of those I couldn’t be 100% sure on. At that point, I was fairly sure I had already passed as I was very confident or completely sure on 16 answers but wanted more.

I spent another three hours trying to compromise another server to no avail. I went through everything I could think of and because it’s open book even researched different exploits/techniques I could use to try and get access. After spending this time work got in the way and I needed to get back to the day job so I guessed on the final question I didn’t have an answer for and clicked submit. I passed with 85% which is great. You get your result instantly.

Whilst I’m glad I passed and got to experience this lab and felt that the lab was a fantastic environment to implement and test my skills, I am annoyed. I’m annoyed because I couldn’t compromise the last piece in this puzzle and get the answers to all of the questions. Unfortunately, you do not get any feedback from the exam which I wish eLearnSecurity would provide that was I could be confident on what I need to brush upon. I feel I have a good idea of what I need to refresh but some clarification would have been nice.

Anyway onto the next one: eCPPTv2.

Update – 05/07/2022

So it’s been about six months since I last posted on here. Unfortunately, life has got in the way and as a result, I’m not much further along this path. I have been busy though. In the time since my last update, I’ve been working on a couple of personal DIY projects which has been fun, probably a write-up for another post.

Regarding the Cyber training and experience. I’ve been reading the Serious Cryptography book linked above which has been highly technical and also highly mathematical. I’ve also managed to finish the Black Hat Python book which was way more fun for me and with the experience gained, I’ve managed to create a port scanner using Python which does both TCP and UDP which seems to be non-existent. I’ve also created a Command & Control system but at the moment it’s very basic and any further development has been put on the back foot. I’ve also been developing an RFID scanner/cloner which makes use of an Arduino Uno which is mostly there and I’ve even created a 3D printed case for it, so I’ve been learning to 3D model as well. As you can see it’s been a bit haphazard since my last update.

One final thing I’ve been up to is TryHackMe, I’ve spent a considerable amount of hours going through some of the rooms learning different techniques and tactics. It’s been very enjoyable going through these rooms, so much that at the beginning of April three months ago I became ranked in the top 1% of the platform. I wasn’t quite sure how I managed it to be honest, but since then my rank has only got higher, so high I’m around the top 6000 mark which is incredible considering I’ve not really been trying.

Now that some of my personal projects are of out the way I’m hoping to spend some money on the PTP course from INE which should prepare me for the CPPTv2. I’ll try and update this more often.