I love to learn, break, and fix — usually not in that order. After trying different avenues of security (red team / blue team), I find the most joy being on the red team. The rush of breaking into things, maintaining presence, and snooping outweighs the rest.
As I’m learning more, I’m documenting the entire process, and preparing write-ups. My go-to platform right now is HackTheBox. I just started doing this a few days ago, and so far have made some great process. I’ve learned a lot more about enumeration and privilege escalation. My goal is to root all the easy, medium boxes, and then go for the head/insane ones.
The road to OSCP will be a lengthy process, so I’ll be posting regular updates under a new tag: “oscp” and “oscp-study-tips” as I learn. By the end of the year I’d like to be able to obtain the lab, and start testing on the lab.
Part of my study process is HackTheBox, just trying and iterating until I nail it, I’m also using Pluralsight and ITPro.tv, on ITPro I’m watching CySA+/Security+/Network+, while on Pluralsight I’m doing the Ethical Hacking track, from Beginner to Expert. I’m skipping over parts I’m confident in, however, making note to refer to them should I get stuck.
I’m also opening up my own netsec forum this week, it’s mainly focused on CTF/HTB/OSCP study, but I thought it’d be nice to have some free-flow forum to post notes, share tips, study guides, etc. I know there are many communities out there, but this is also doubling as my CTF team’s forum.
On a personal level, it’s been a very stressful week. We’ve had some security incidents at work, and we’re needing to produce an audit report. Having only done them a few times in my past, it’s going to be an interesting challenge to disclose vulnerabilities without giving away too much information.
Here’s to another week!