Learning

Introduction Just like my last two posts, today I’ll be going through Tata’s job simulation, also available through theforage.com. Where the Mastercard simulator focused on Phishing, and the Deloitte one had a focus on network logs, this simulator is more focused on Identity and Access Management. I’ve not heard of Tata before. After a quick search I found out they’re an Indian multinational. They look like a Tesla competitor based on how their EVs look. What the company does doesn’t really matter. A phishing email is a phishing email at the end of the day. We’ll not be looking at Phishing today though (Unfortunately), time to delve into IAM. ...

Introduction If you’ve read my last post you’ll know I found a free, self-paced training resource that let you get some experience without needing to leave the house. It turns out that MasterCard has a similar virtual experience available!. These virtual experiences are all run through a platform called theforage.com which seems to offer quite a few of these. Task one: Design a phishing email simulation Here’s the task overview of this task: ...

PortSwigger has a whole ‘academy’ where you can hone your Burpsuite skills. Or in my case - Learn how to actually use BurpSuite. I’ve used Burpsuite before in a few of the CTFs I’ve done, but I’ve not really dug into how to use it properly. Those few instances were just using it to capture a request to pass off the brute-forcing to hydra or blindly hoping that it would get me a flag. Burpsuite is a very useful tool, so it’s about time I train myself specifically on it. ...

I recently passed my SC-200. Go me! My last exam was back in January of last year. I wrote about it in a blog post. The Security+ was a fun one to study for. It was far more about the fundamentals and was vendor agnostic, which is great for an entry level cert. The SC-200 is not that. It’s a Microsoft specific certification, and goes pretty in depth into Licensing, using Azure, and the (often confusing) number of security products that come with their security offerings. It wasn’t fun. It took a lot of time to study and I felt more confused towards the end of some subjects than I did going in. ...

OverTheWire is a great way to learn Linux commands, and a bit of “““hacking”””. From their own site: The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games. There are a few wargames/rooms that are offered. I’ll be going through the ‘Bandit’ room, which is the easiest/first. The Bandit wargame is aimed at absolute beginners. It will teach the basics needed to be able to play other wargames. ...