Introduction If you’ve read my last post you’ll know I found a free, self-paced training resource that let you get some experience without needing to leave the house. It turns out that MasterCard has a similar virtual experience available!. These virtual experiences are all run through a platform called theforage.com which seems to offer quite a few of these. Task one: Design a phishing email simulation Here’s the task overview of this task: ...
PortSwigger has a whole ‘academy’ where you can hone your Burpsuite skills. Or in my case - Learn how to actually use BurpSuite. I’ve used Burpsuite before in a few of the CTFs I’ve done, but I’ve not really dug into how to use it properly. Those few instances were just using it to capture a request to pass off the brute-forcing to hydra or blindly hoping that it would get me a flag. Burpsuite is a very useful tool, so it’s about time I train myself specifically on it. ...
I recently passed my SC-200. Go me! My last exam was back in January of last year. I wrote about it in a blog post. The Security+ was a fun one to study for. It was far more about the fundamentals and was vendor agnostic, which is great for an entry level cert. The SC-200 is not that. It’s a Microsoft specific certification, and goes pretty in depth into Licensing, using Azure, and the (often confusing) number of security products that come with their security offerings. It wasn’t fun. It took a lot of time to study and I felt more confused towards the end of some subjects than I did going in. ...
OverTheWire is a great way to learn Linux commands, and a bit of “““hacking”””. From their own site: The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. There are a few wargames/rooms that are offered. I’ll be going through the ‘Bandit’ room, which is the easiest/first. The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. ...
I recently passed the Security+ (SY0-601). This is my first InfoSec related ceritification, so I thought I might write a bit about what I learned along the way. Way back in April of 2023 I was on a month long trip around Europe. I already knew by that point that I wanted to pivot from the helpdesk to the Security team at my current company. I had expressed my interest, but wanted to show that I was willing to learn outside of work. ...