And so it begins...
I've always had a keen interest in computing. Not just as a user, but also in understanding how everything works. This developed into a specific interest in Information Security, particularly the areas of ethical hacking and web application security. Over the past 12 months I have actively taken steps to develop new skills in these areas, with an ultimate aim of enhancing my career in Information Security. As with many things in life, there are no shortcuts, but I am determined to "try harder" and put in the effort... and learn some cool stuff along the way!
So, what have I done so far?
Without a doubt, my highlight of the year has been completing the Hands-on-Hacking training from Hacker House. This was a superb introduction to the art of ethical hacking, with real-world simulations, and has inspired me to continue to develop my skills going forward. I will post a more detailed (spoiler-free) review of this training in the near future. For now though, if you are thinking of taking this course then my advice is to just go for it, you won't regret it!
Secondly, I attended my first InfoSec conference - BSides Manchester. This was another fantastic experience, which contained talks on a variety of interesting subjects. It was also a good opportunity to network by meeting the sponsors and other attendees from the InfoSec community. If you have never been to one of these conferences it is definitely something that is worth attending. I will be returning next year for sure.
I also attended IP EXPO Manchester, part of Europe's number one Enterprise IT event series. The keynote speech came from Robert Hannigan, former GCHQ Director, and there were plenty of informative talks relating to cyber security from various other excellent speakers too. This is another event that I am hoping to attend again next year.
Cybrary.it has been a useful resource which has a variety of free courses on offer. I worked my way through the Penetration Testing and Ethical Hacking course earlier this year and I also completed the Advanced Penetration Testing course. Both offered some good insights into various tools and techniques that should prove useful. I particularly enjoyed the introduction to buffer overflows that formed part of the Advanced Penetration Testing course delivered by Georgia Weidman.
I have also been working my way through a number of virtual machines from VulnHub and HackTheBox. These sites have proven to be a great resource to test and further develop my skills. I aim to write-up some of the VulnHub walkthroughs in the near future.
Finally, as an early Christmas treat, I decided to take advantage of the recent Black Friday offer from PentesterLab for a years discounted Pro subscription. This looks to be a solid, hands-on resource to learn and develop skills relating to web penetration testing and web security in general. There is plenty of content to work through and lots to learn here.
Which brings me to this blog.
For now, I aim to use this blog to record CTF write-ups, personal projects and interesting topics and tutorials. I am also hoping to start working towards the Offensive Security Certified Professional (OSCP) certification. When the time comes, I will record and share my progress along this journey with the InfoSec community via this blog.
I hope the posts within this blog prove useful for others too.
Please feel free to contact me via Twitter and thanks for reading.