Not long after my last blog post I was hired as a professional penetration tester for the first time in my IT Security career. This had been a dream of mine for some time, so I was full of excitement and motivation to learn everything I could. I completed the eLearnSecurity Junior Penetration Tester (EJPT) certification in May and immediately started working on my next cert, the Certified Red Team Professional (CRTP) from PentesterAcademy. I quickly learned that although the description says it is for beginners, it actually felt quite advanced for me in the beginning. I even took a Udemy course called Advanced Scripting & Tool Making using Windows PowerShell to improve my comfort level with PowerShell. The CRTP course focuses on attacking and defending Windows Active Directory. Some of the things you will learn as a student:
- Active Directory Architecture
- Kerberos
- Active Directory Enumeration
- Local Privilege Escalation
- Domain Privilege Escalation
- Domain Persistence and Dominance
- Cross Trust Attacks
- Forest Persistence and Dominance
- Defensive Monitoring
- Bypassing Defenses
- Deception Techniques
- PowerShell
- Mimikatz
- BloodHound
- PowerView
- Custom Obfuscation
Just yesterday I submitted my final exam report, and hours later I received confirmation that I passed! For me this is the result of four months of effort and hundreds of hours of practice. In addition to the CRTP I also completed these Windows Active Directory challenges:
On the TryHackMe platform
On the HackTheBox platform
These allowed me to practice the techniques I learned in the course, and refine my hacking methodology. None of them were nearly as challenging or well designed as the lab that you have access to when enrolled. While I was working through the course and searching the internet for answers, I often found myself stumbling upon an old blog post or code snippet from the teacher himself, Nikhil Mittal, who is one of the top Active Directory hackers out there. He created a collection of PowerShell penetration testing tools called Nishang (which are quite useful!).
As a former network defender myself I was impressed at how stealthy most of the techniques you learn are. You learn how to use built-in tools and misconfigurations that can be abused with very little or no trace left behind (many attacks are only loaded into memory and never touch the disk). He goes into great detail about what a defender might see as well as techniques to avoid detection. You also learn about how to detect and defend against these attacks.
I have really enjoyed my journey into the world of hacking, and will have to think about my next goal... Maybe it's time for the OSCP? 🤔
In closing, here are my recently obtained certs for the world to see:
Hi Arthur. I hope you don't mind me reaching out, I just wanted to give you some feedback on your blog. I came across it via Hack the Box.
ReplyDeleteI'm studying for a career change into cybersecurity. While I'm not quite sure which pathway to follow yet, I found your earlier posts (particularly the dummy pentest report) to be really inciteful and helpful.
I've always believed its important to let someone know when they've made a positive impression, not only to say thanks, but also reinforce that their efforts were valued and appreciated.
I've bookmarked your blog and will keep an eye out for new posts.
Cheers!
Hi Michael,
ReplyDeleteI appreciate your feedback and am thrilled that you found some of the content helpful. I hope to find the time and energy to write more, and your feedback helps me figure out what people find worth reading.
If you are able to message me on Twitter ( https://twitter.com/ArthurHewitt ) perhaps I can offer more specific advice for your security career.
Thank you,
-Arthur