It has been awhile since I last posted I hope everyone had a Happy Thanksgiving and is getting into the holiday spirit. Aside from stuffing my face with food I also have been continuing the lessons that have been laid out for me to become a better security professional and prepare myself to take the OSCP. After my introduction to Linux I continued learning more Linux commands such as how to compare files using "diff" and how to change passwords for a specific user. It was eye opening to learn about the diff command as in the past I have usually copied the files to notepad and use Notepad++ to do compare. The training covered everything from extracting and compressing gzip files, setting up SSH, partitioning with GParted, shell scripting and process, jobs and killing processes.
The next lesson was learning how to use Metasploit. I have always known that Metasploit was a powerful tool and I had always wanted to learn how to use it. The YouTube videos covered using tools and exploits such as SSH scanner and FTP Login to creating and using payloads and backdoors. It helped that Metasploit gives you a vulnerable box to test with and I cannot wait to crack open my Metasploit book once I am finished with my lessons.
BURP Suite was up next. BURP is a suite of tools used to detect vulnerabilities in web applications. Unfortunately I could only use the community version which didn't allow me to try the full suite of tools it has. I am hoping that once I add it to my tools at my company I can go back and practice the things I could not do. The one thing I would ask the company that manages BURP is that if I am using the community addition I should be able to modify the settings for the tools that I have access to.
Currently I am working on the basics of exploit development. I am watching a series of videos on Assembly for Hackers. This is my first dive into Assembly and it is a lot to take in and remember. From understanding the memory space your application runs in to writing an assembly program and the various sections of initialized and uninitialized data and registers. It is a lengthy video series in terms of minutes per video but it is a lot of information. I am excited to see how the rest of the videos are and then begin the video series on exploit research.
Well that is it for now. I hope to post more frequently and include articles and stories on top of the things I am learning.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.