Master's in Cybersecurity and Information Assurance

Class of 2021

Obtained Skills Through the Degree

  • Information security and assurance
  • Cybersecurity architecture and engineering
  • Secure network design
  • Cybersecurity management
  • Secure software design
  • Ethical hacking
  • Forensics and network intrusion

My OSCP Journey

Practicing with CTF-type platforms  

Like everyone else, I started watching walkthrough videos and reading blog posts in the beginning to familiarize myself with methodologies while taking detailed notes and follow along with them with my Kali Linux machine. 

PEN-200 Labs 
  • 18 boxes completed as of 03/26/2022
  • Besides working on lab machines, I've learned some core penetration testing methodologies. Below is not the complete list but the summary of the learning progress.
  • Port scanning with Nmap
  • Directory busting with gobuster/dirsearch 
  • HTTP enumeration with Nikto and CMS scanning tools such as WPscan 
  • SMB enumeration
  • Active Directory enumeration and attacks using popular tools like mimikatz and powerview, obtaining domain controller's kerberos tickets and cracking them offline to access it.
  • Cracking passwords with patator/john 
  • Creating malicious executables with msfvenom
  • PHP command injection 
  • Exploitation with Powersploit 
  • SQL injection (Union attacks, login bypass)
  • LFI/RFI
  • Using Burpsuite to observe network traffics and brute force logins
  • Privilege Escalation techniques such as spawning a tty shell/utilizing GTFO bins to get root shells/cross compiling exploits/modifying and exploiting cron jobs) 
  • Various Antivirus evasion techniques
  • Finding public exploits for vulnerable services, modifying them if needed to exploit machines
  • Buffer Overflow exploitation
  • Transferring files between Kali and the Target using different techniques 

Check out the CTF boxes I've completed so far here 

My extensive Pentesting notes can be found here 

Web Application Penetration Testing 

While getting ready for OSCP, I discovered that I was interested in the particular filed. Here's some of the resourced I've used to educate myself on the topic.

PortSwigger's Academy 

  • SQL injection (login bypass, UNION attack for different database types)
  • XSS(Reflected, Stored, DOM)
  • CSRF

The WAHH

  • I'm in the middle of going through The Web Application Hacker's Handbook while I go through PortSwigger's web academy.

Bugcrowd University

  • Bugcrowd has youtube videos on some basic Web App pentesting methods. 
  • Some topics covered were  Burp Suite, Broken Access Control Testing, XSS, How to make a good bug submission.

BLOG

I post CTF Walkthroughs and OSCP Preparation Content.

Check out my blog!

Cyber Security Projects 

I believe in learning by doing.

 

  • Created a PiVPN with a Raspberry Pi
  • Overthewire's Bandit(Learned Linux Commands)
  • Directory busting with a dirbuster
  • Created Windows Firewall Rules
  • Wrote a Password Generator Program with Python
  • The information Gathering Project

I want to stay in touch with you! Follow me on social media!