Thursday, 16 March 2017

Qualifications, Certifications, 24 Hour Examinations, Oh My!

It's been a while since my last post. There is so much I could write about but simply haven't found the time. So instead, here is a moderately rambling personal update.

First of all, I neglected to mention that last year I finished my MSc in Cyber Security at Northumbria University and graduated with distinction. Only 4 people out of 20 passed the course, and only one with distinction. Did I mention that might have been me? This is a big deal for me personally and I feel smug and proud to the point that I'm going to take a moment to just sniff my own fart...

OK I'm back. I just submitted a revised version of my thesis as a chapter for an upcoming springer book publication on Cyber Threat Intelligence. If it is accepted, then next steps in this area will be to pick up development of my adaptive tor traffic associations algorithm where I left off.

To add to my CEHv8 certification and my MSc, I've also just signed up for 3 months of lab time for my OSCP. This culminates in a 24 hour examination, in which the objective is to use kali linux to perform a penetration test of an environment, find as much as you can, and produce a pen test report. A 24 hour exam?! WTF man. You know people have been known to die from starting at a screen for 24 hours right? I hope and imagine that there will be time for the odd power nap here and there while waiting for scripts to run, hashes to be cracked etc.

Exciting stuff.

I've had some great exposure to a number of credential harvesting phishing attacks recently, which have really opened my eyes to how brazen these cyber scumbags are prepared to be. How the fuck do they get away with this stuff? "Complete lack of attribution on the internet", and "refusal of service providers to cooperate in investigations and takedown requests" is my conclusion based on observations.

In my recent excursions into the dark web, I found some neat stuff and made a few changes to my opsec. Maybe I'll write this up in a separate post in the not too distant.

Oh... finally, books I'm reading at the moment:

  • Thinking Fast and Slow by Kahneman. This is awesome beyond words but repeatedly mind blowing. Like every couple of pages on average, I need to stop and try to digest what I've just ben told and try to make sure I don't forget it. This makes it quite an exhausting and time-consuming read, at least for me. Highly recommended. Based on my current reading pace, I might have finished reading this in the next two or three months so will write up some thoughts then.
  • Ghost in the Wires by Mitnick. It's not going to win any prizes for great writing, but the story is very compelling. It's a great introduction to social engineering, and just how much security is reliant upon people not falling for confident individuals with the gift of the gab. I'm not finished so can't offer a proper critique. But it's easy and fin reading for when my brain has had enough of Thinking Fast and Slow.

Stay safe people.