This is my corner of the internet to show what I have been doing in cybersecurity outside of professional work. This area contains self-study activities (think CTFs, online courses, books, etc.) , certifications, and projects. I am trying to be more active in showing people what I do and what I know. Enjoy!
Self-Study
I do a lot of learning outside of my professional work to stay competitive in the cybersecurity industry. This usually consists of reading, coursework, and playing on multiple CTF platforms. My methodology for learning new skills is:
Read/Coursework –> Getting a Proof of Concept in TryHackMe –> Testing the skill in HacktheBox –> Add new skill to knowledge base
Here is a practical example of what I mean: Say I wanted to learn more about Server Side Request Forgery (SSRF). I would read a little bit about it in Bug Bounty Bootcamp by Vickie Li. Next, I would complete a SSRF room in TryHackme or in PortSwigger Web Academy. Following that, I would find a retired box in HacktheBox which is vulnerable to SSRF (I use ippsec.rocks for this), and then finally add it to a Web Application methodology checklist. This way I have notes for future reference.
Speaking
BSides Philadelphia 2024: Gave a cool talk on phishing and some of the advanced techniques I use at work. The recording should be posted on the BSides Philly Youtube channel at some point in the near future.
CVEs
CVE-2024-50658, CVE-2024-50659, and CVE-2024-50660
These CVEs were discovered during a penetration test of a self-service ad portal. The vulnerable software is AdPortal 3.0.39 by iPublish Media Solutions. Other versions may be affected. The vendor has been notified, but it is unclear if they will fix the issues. Documentation of the vulnerabilities can be found here.
Certifications
I have the following certifications:
Certified Information Systems Security Professional (CISSP) by (ISC)2
This certification focuses on general security knowledge. The certification can be verified here.
Offensive Security Certified Professional (OSCP) by Offensive Security
This certification focuses on penetration testing. The certification
can be verified here.
System Security Certified Practitioner (SSCP) by the (ISC)2
This focuses on cyber security and IT administration. The
certification can be verified here.
Network+ by CompTIA
This certification focuses on installing, configuring, maintaining,
and managing networks. The certification can be verified here.
Certificates of Completion and Achievement :
I consistently take courses/trainings to further my education and for CEU/CPE credits. Sometimes they come with certificates of completion. These certificates can be viewed here.
Projects
Python Command & Control (C2) Server
As a programming project, I built a fully functional C2 server in Python. This server can interact with multiple connections, create payloads in Windows/Linux, and has capabilities for adding persistence methods. The best part of this project is that I got the chance to learn/refresh myself on different programming aspects such as processes, threading, web sockets, and system calls. I don’t have an opportunity to code every day so this was a great project to keep my skills sharp. The code is available upon request.
Cybrary Video Courses
(ISC)2 SSCP Exam Prep Course 10/18
Created a seven-hour exam prep course for the (ISC)2 SSCP Certification covering the areas of
– Access Control
– Security Operations and Administration
– Risk Identification, Monitoring, and Analysis
– Incident Response
– Cryptography
– Network and Communications Security
– System and Application Security
The course can be found here.
Network Security Course 9/19 – 10/19
Contracted to create and teach a four-hour beginner network security course covering data loss prevention, incident response, network architecture, cyber hygiene, network security devices, and much more! The course can be found here.
Hack the Box Writeups
I am an active participant on Hack the Box and I am starting to do writeups for all of the boxes I have done. They will be added here when the writeup is completed.
– Active
– Precious
– Return
– Sauna – sample penetration test report format
– Soccer
– Stocker