Saihat's NetSec Self-Assessment (Mid-October 2020)

Saihat's NetSec Self-Assessment (Mid-October 2020)

Desired Position

Junior Penetration Tester / Junior Security Analyst


Projected Career Goals

Acquire all required skills for Junior Pentester position by end of 2020.


Relevant Job Experience

None


To Mentor Reviewers

I am very interested in learning which areas in my "areas to improve on" and "future topics to learn" are common topics or unnecessary topics in reference to my desired junior pentester goal.  From a hiring standpoint, I am also interested in filling in gaps in my training to feel sufficiently equipped for the job at hand.  However, any and all feedback is appreciated, and I appreciate you taking the time to review my humble resume.


Familiar Programs and Topics

Netcat

Nmap

Nikto

Nessus

Metasploit

SQLmap

SMBclient

John the Ripper

Hydra

Dirb / Gobuster

WPscan

SQL Injection


Areas to Improve On

Local File Inclusion Attacks

Windows System Enumeration and Privilege Escalation

Burpsuite / OWASP ZAP

Cryptography 

Javascript


Future Topics to Learn

MacOS System Exploitation

Post-Exploitation

Report Writing

AV / Firewall Mitigation

Reverse Engineering

Buffer Overflow Attacks

Network Attack Pivoting

Wifi Hacking

Windows Active Directory


Trackable Training

Try Hack Me

36 Rooms Completed

https://tryhackme.com/p/Saihat

Vulnhub

16 Vulnerable Machine Walkthroughs

https://saihatnetsec.blogspot.com/search/label/vulnhub


Certifications

eLearn Security eJPT (in progress)

https://www.elearnsecurity.com/course/penetration_testing_student/

Desired Certifications

Offensive Security OSCP PWK

eLearn Security eCPPT


Self-Analysis (Non-Technical)

Strengths

Strong motivation to learn new techniques, skills, and complete training exercises.  Genuine interest in the industry.  Good communication skills (written and verbal).  Good note-taking ability.

Weaknesses

As a self-taught operator, there are bound to be knowledge gaps which will appear during the work process, either as a result of insufficient industry experience, unconventional training, or both.  Remediation for this issue includes research of required skills, on the job training, and ability to pick up ad hoc skills quickly.



Comments

Post a Comment

Popular posts from this blog

TryHackMe - Windows PrivEsc - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Windows PrivEsc room hosted at https://tryhackme.com/room/w indows10privesc . For this walkthrough, we'll be using two virtual machines (VMs), a Kali Linux VM as our attacking machine, and the deployed Windows 10 client as the the victim machine. Task 1 - Deploy the Vulnerable Windows VM Press the green button here: The Windows machine should come online after a minute or two. The IP address of the machine can be found here: Of course, the actual IP address will probably be a different one from the one in the screenshot.  For the examples, however, we will use the IP address of 10.10.227.113 RDP should be available on port 3389 (it may take a few minutes for the service to start). You can login to the "user" account using the password "password321": xfreerdp /u:user /p:password321 /cert:ignore /v:10.10.227.113 Questions: Deploy the Windows VM and login using the "user" ...
Read more

TryHackMe - Reversing Elf - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the Reversing ELF room hosted at https://tryhackme.com/room/ reverselfiles . For this walkthrough, we'll be using one virtual machine (VMs), a Kali Linux VM as our attacking machine. Task 1 - Crackme1 Questions What is the flag? Download the Task 1 Task File Copy it to your working directory Give the file executable permissions Run the file chmod +x crackme1 ./crackme1 Task 2 - Crackme2 Questions What is the super secret password ? Give the file executable permissions Run Ltrace on the file with a test string chmod +x crackme2 ltrace ./crackme2 test ./crackme2 passwordFoundInPreviousStep Task 3 - Crackme3 Questions What is the flag? Give the file executable permissions Run strings on the file Echo the base64 string you found, pipe it into Base64 decode chmod +x crackme3 strings crackme3 echo “ base64stringFoundInPreviousStep ” | base64 -d Task 4 - Crackme4 Questions What is the password ? Give the file execu...
Read more

TryHackMe - XSS - Walkthrough

Image
Introduction Today we're going to be doing a walkthrough for the XSS room hosted at https://tryhackme.com/room/ xss . For this walkthrough, we'll be using two virtual machines (VMs), the TryHackMe AttackBox VM as our attacking machine, and the deployed XSS vulnerable web client as the the victim machine. Task 1 - Introduction Questions: Read the introduction. No answer needed Task 2 - Deploy your XSS Playground Questions Deploy the machine and navigate to http://<ip> No answer needed Task 3 - Stored XSS Questions The machine you deployed earlier will guide you though exploiting some cool vulnerabilities, stored XSS has to offer. There are hints for answering these questions on the machine. No answer needed Add a comment and see if you can insert some of your own HTML. Doing so will reveal the answer to this question. Register for the web-app with the following parameters Username: test Password: test Click the Register button  Click the “hamburger menu” button Click the ...
Read more