Categories
Hacking

Cyber Security/Red Teaming Path

Caveat: I know this isn’t our usual posts where we show some random thing we’ve had to do to make something work. However, I’ve been struggling to find a solid path of how to progress in the following part of the Cyber Security industry so I thought I would post it on here so others could see what I’m planning on doing. I will provide an update later on in the year with how I’m getting on and what I’ve found needs additional research/training.

As discussed in one of my previous posts I’ve been getting into Cyber Security again specifically Red Teaming/Penetration Testing. I’ve spent the past few months trying to figure out how to go about expanding my knowledge and enjoying what I’ve been doing.

I’ve struggled over the past month or so to try and figure out what way I want to go with this and how I go about getting there. I’ve read people mention that OSCP by Offensive Security: https://www.offensive-security.com/pwk-oscp/ is a good certification to get however, my research suggests that it’s quite complex and requires a lot of knowledge which I don’t have. Further to this, it seems like a significant leap from where I am now and where I have to be to become certified with no real way of realising how far or close you are without taking the exam.

So here is a bit about me and what path I plan to follow in 2022 to hopefully get to the level where I can pass OSCP.

My Background

So, a little bit about me in case anyone stumbles across this and wants to understand what I’ve learned and where I am planning on taking the next steps.

I graduated in 2012 with a Computer, Networks & Security degree. This degree primarily focused on Cisco’s CCNP certification at the time which included Switching, Routing, Network Security (VPNs and some Firewalling) and Network Optimisation (Quality of Service). Whilst going through this degree I did get the opportunity to expand on some of the security aspects so I elected to take Biometrics, as well as Computer System Security which focused on Encryption and another module that focused on Anti Virus. Both of these last two modules ended up having coding assignments which from memory I wrote in Java.

After that, I spent a couple of years working with a consultancy firm gaining experience and focusing on Network Security gaining my CCNP Security in the process. At this point, I was pretty proficient in a lot of the networking technologies having my CCNP Routing & Switching as well as the Security track. Then it all stopped. I ended up moving jobs due to personal reasons and moving into an infrastructure based role doing all sorts of other things becoming more of a generalist rather than focused on a specific path. However, I was granted the opportunity to get my Certified Ethical Hacker (CEH) from EC-Council back in 2015 which I passed but never used again.

So this pretty much brings me up to 2021 where I discovered the Darknet Diaries podcast which I mentioned in a previous post. Since catching up with this podcast I have undertaken the following training/expierence.

As you can see I haven’t done too much since deciding to go down this path and my previous experience as a consultant has all but illuded me now with it being over 7 years ago that I was doing it. Nor have I spent too much money.

The Path

So now to the path I have chosen. First of all, I am going to take the certification eJPT which is e-Learn Junior Pen Tester: https://elearnsecurity.com/product/ejpt-certification/. This should be a nice starter into the field and as I have a lot of experience in my day job at networking so I’m hoping that taking this exam will allow me to pass it to keep my motivation up whilst allowing me to see where I need to improve. This one costs $200 and the training is free through INE.

Then once I have passed that, I am going to move on with the following objectives:

  • Read the books I purchased above.
  • Complete more of the Try Hack Me rooms
  • Sign up to and complete some of the Hack the Box rooms. Will need to check what costs are involved with this.

Once confident in my abilities I am going to attempt the following qualification from e-Learn: https://elearnsecurity.com/product/ecpptv2-certification/. This certification costs $400 plus if you want access to any of the training material you have to sign up for a paid version of INE, which is $49/Month. This from what I can see is a good stepping stone towards the OSCP which is my goal.

Hopefully, at this point and passing both of these, I will be more confident to have an attempt at OSCP.

For further information on how I came up with this plan please look at this security certification roadmap that I found which from what I can see is pretty current at the time of writing – Jan 2022: https://pauljerimy.com/security-certification-roadmap/

Update – 14/01/2022

So today I took my eJPT lab exam. The exam itself was really good with 20 multi-choice questions which you could answer depending on how far you got and how much you managed to compromise. You get 3 full days to access the lab and go through the pen test and need to get 75% correct. I started at 8:30am, went through all 20 questions and downloaded the engagement pack.

You get a VPN file that drops you onto a network for you to begin your work. Within 3 hours I had compromised everything on one network and had pivoted to another, by this point I had answered 19 questions and three of those I couldn’t be 100% sure on. At that point, I was fairly sure I had already passed as I was very confident or completely sure on 16 answers but wanted more.

I spent another three hours trying to compromise another server to no avail. I went through everything I could think of and because it’s open book even researched different exploits/techniques I could use to try and get access. After spending this time work got in the way and I needed to get back to the day job so I guessed on the final question I didn’t have an answer for and clicked submit. I passed with 85% which is great. You get your result instantly.

Whilst I’m glad I passed and got to experience this lab and felt that the lab was a fantastic environment to implement and test my skills, I am annoyed. I’m annoyed because I couldn’t compromise the last piece in this puzzle and get the answers to all of the questions. Unfortunately, you do not get any feedback from the exam which I wish eLearnSecurity would provide that was I could be confident on what I need to brush upon. I feel I have a good idea of what I need to refresh but some clarification would have been nice.

Anyway onto the next one: eCPPTv2.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s