Category: What I’ve Used

Posted in Cons, Covid, Goals, What I've Used

@CyberjutsuCon 3.0 – 2022

Posted on by Steph

My First Post Covid Con

I’m currently sitting in the basement of a coferemce center, because my battery need a recharge. It’s not quiet, and people a near, but I’m sitting alone and just kinda soaking it all in.

I’m at Cyberjutsu Con which has the distinction of being my first ‘post’ Covid conference as well as my first conference as a speaker (albeit my presentation was pre-recorded and presented online).

Can I just say: Join the professional groups!! They are here for the community and networking everyone says we should be doing. I can definitely appreciate the Cyberjutsu folks for being down-to-earth and pretty chill. Everyone is helping everyone and the talks have been excellent.

I’m glad that they chose my talk and hopefully people are digging it.

Now let me get on my second presentation for this conference season….1 hint, via Las Vegas…..

Posted in Informational, Labs, What I've Used

Splunk Core Certified User – Study Guide

Posted on by Steph

I would advise anyone who wants to learn to use Splunk to actually use Splunk. They offer a really thorough fundamentals class for free and you fan set up a Splunk environment fairly easy.

There’s also hands-on by completing the ‘Boss of the SOC’ challenges.

Furthermore I recommend:

Splunk Certified Study Guide by Deep Mehta published by Apress

I highly recommend the above book to supplement study and test prep.

Posted in Informational, Learning Woes, What I've Used

Broke the Microsoft Curse

Posted on by Steph

Or Passing AZ-900

Last Friday I sat for an passed Microsoft’s Azure Fundamentals (AZ-900) certification test. During my hiatus I had sat for an failed Microsoft’s Security Analyst (SC-200) test.

To be honest I really wasn’t prepared for SC-200. I breezed through the Microsoft Learn coursework and didn’t really study the material. Although I had hands-on with their security tools I’d never used Kusto Query Language. I kinda wanted a feel for how Microsoft tests were comparatively speaking.

Failing SC-200 wasn’t a big hit because I was aware of my shortcomings.

Still to me, Microsoft Cert Tests are trickier and have section blocks that limited the ability to go back and change answers, which I wasn’t prepared for the first time taking one of their exams, but was ready for taking the Fundamental exam.

This is exam is basically theoretical and based on understanding Azure on a high level and the using the cloud as a whole.

I would recommend using the following to test prep:

  • Microsoft Learn for AZ-900 (free Microsoft course)
  • Jim Cheshire book (pictured below)
  • I microsoft also has ‘Virtual Training Days’ which can help.
Jim Cheshire – “Microsoft Azure Fundamentals Exam Ref AZ-900”

Now to get more hands on with Azure!!

Posted in Using, What I've Used

The Road BACK to FreeCodeCamp

Posted on by Steph

and why I’m even going back….

I’m. A very big advocate of first using the free stuff.  If there are free offerings when learning by all means access them.  When I first started to explore my interests in information technology I started with web page design.  One of the biggest contributors to my learning was definitely FreeCodeCamp.

FreeCideCamp assisted in me teaching myself HTML, CSS, and Javascript.  I also began to code Python with the community’s assistance. I did 100 days of code twice with some influence from their curriculum. 

This is also where I first found out about BlackGirlsCode, but I digress…

Once my career in infosec and graduate school really started rolling I really strayed away from FreeCodeCamp–though I still kept and eye on the community/site.  I still advise people to check them out when they’re starting to learn coding, especially since their offering have really grown.

So, now years and two degrees later I find myself back on FreeCodeCamp working through their Data curriculum because data is fun. To be in infotech and infosec is to commit yourself to lifelong learning and discovering things that interest you and maybe how those interests might inform your work. That’s really what made me stroll on back to freecodecamp, because like I said use the free resources before you open your wallet so you can discern between what might be a mild interesting topic or an avenue for career pivot.

Posted in Informational, Using, What I've Used

What I’ve Used 05/2020

Posted on by Steph

Professor Messer

I wish Professor Messer would come out with a CYSA+ series. I’m just putting that out into the ether in hopes that it will be heard and manifest.

5/5

Professor Messer

I passed Network+ and Security+ in part to listening to Professor Messer’s lessons. When asked for resources to taking these certification exams (and A+) I always include the site in recommendations. For one the site is free. I know that people say: “You get what you pay for…” and can be disparaging about free resources, but good free resources are out there and this is one of them. I just don’t think that adage always holds up.
Second, The videos are aligned with the exam sections which make it easy to backtrack or pick out the sections that are giving one trouble or that needs more information or clarification. For example if you pretest and there is section that is an obvious need for improvement on the Professor Messer site you can go directly to that section and review just that section.
Third, there’s an offer for offline notes and recordings and this offer isn’t a pop up or annoying, so it feels like monetary gain is not the main agenda. The offline purchase is exactly what it should be: an aside.
Last, the information is good information and update quickly. This is a super plus because for example A+ has had two fairly recent updates and the information on the site has update just as quickly. By my standards keeping up with exam changes is super important because outdated information is only helpful to a certain point.

Posted in What I've Used

What I’ve Used 04/2020

Posted on by Steph

My Hacker Halted Experience

3.5/5

In October 2019 I attended both an EC-Council Storm class and Hacker Halted. I had really been interested in attending this conference since I found out it existed. The concept and the pictures on their site made it seem fun and interesting and when IBM released the code to pay for women and veterans to attend free I registered.

Prior to my registration I had been speaking with a rep from EC-Council regarding taking classes because I’d filled one of their online contact forms out regarding interest in their exams. With this I’d also looked into their Storm platform and had been interested in a similar build. I figured that taking the class might be killing two birds with one stone so, I registered for a one day Penetration Testing with Storm class.

First the Pros:

  • Hacker Halted is laid back so it feels welcoming to newbies.
  • Everyone at EC-Council was supportive and approachable.
  • The class was informative, but troubleshooting was hard with the time constraints.
  • There were good opportunities for networking
  • Great if you are ready to sit for an EC-Council test that week (I believe discounted attendance to conference is included here)

Cons:

  • Time constraints caused the Storm class to feel incomplete
  • Although there are network opportunities the field felt sparse
  • The hotel set-up was slightly confusing to navigate in order to make it to talks
  • Parking was bad, just bad…
  • Cost (This is subjective, but I feel like the cost of the class might not measure up to what you get) [Also cost is a big deal when it’s coming out of your pockets and not the employer’s pockets]

Posted in Labs, What I've Used

Build A Lab With Me… (#2)

Posted on by Steph

Dualities

The second type of lab I’m currently working on is a dual-boot machine. Some might not advise to building from this type of lab, but it can allow for having a computer that is on a segregated network for analysis and then having that computer also be set with a deep freeze program that resets the computer after logging off cleaning it or having a windows computer that can run Fireye Flare VM again in a double segregated environment.

The idea for this Lab came from interactions with similar set-ups without the dual-booting in which the lab was set-up for analysis on a segregated network. The dual-booting for me was kind of a bonus, because I had wanted to try doing it for a while and then also because it allows me a computer to run Linux away from my main computer while also running Windows. It gives me access to use tools that might be made for either platform in the same computer giving it a singular purpose.

Currently, this lab is not in it’s completed iteration. I still mainly use the VM lab to work on CTFs or do classwork, but this lab is coming 1.0 before the end of summer. So look forward to 2.a, etc in the near future.

PROS:

  • Keeps Lab separate from main computer
  • Allows for practicing from both a Linux and Windows Environment
  • Deep Freeze Software can be used to reset computer after analysis

CONS:

  • Separating would require another system
  • Not as cost effective as VM
  • Dualbooting improperly can damage computer
  • Analysis can damage computer
  • Improperly segregating network might spread malware
https://www.youtube.com/watch?v=L2RFxeu2Y-0

(There are any number of sites/videos regarding dualbooting. This is just and example)

My Machine Specs:

Lenovo M72z All-In-One
  • Intel 5-3470S
  • 2.90GHz
  • 8GB DDR3
  • 500GB SATA HDD
  • 20″ Screen
  • Windows 10/Kali
  • DVD-ROM
  • Switch (to segregate the network)

Applications List:

I keep a running list of Applications I want to look at/Test
  • Burp Suite
  • FTK
  • PuTTy
  • OpenVAS
  • TOR
  • IDA
  • Deep Freeze Software
  • Brave Browser
  • Firefox
  • OpenStego
  • Netwitness Investigator
  • Flame VM on VirtualBox
  • SIFT VM on VirtualBox
Posted in What I've Used

What I’ve Used 03/2020

Posted on by Steph

In Support of Flashcards

5/5

This may seem as a departure from the books and services that I have been talking about, but I cannot stress enough using Flashcards as a test prep tool. I know that there are many flashcard applications out there, but I prefer and recommend making ones own flashcards. I think that writing the cards helps through repetition to sear the words into memory.

I contribute making flashcards to a good the score I was able to manage while taking Network+ around this time last year. I did better on that exam than I did on Security+ (though I passed that as well) and I think flashcards made the difference. So, for Linux+ and beyond I’m back on the flashcard train.

I would also recommend the spiral-bound cards or mini-cards as they make flipping easy, though regular cards makes it easier to separate out concepts you: a. know b.kind of know c.don’t know at all.

These repetitive words and phrases are merely methods of convincing the subconscious mind. 

Claude M. Bristol

Posted in Music to Work to, Uncategorized, What I've Used

Music to Work to

Posted on by Steph

Changing gears for a few posts.

There are many scholarly articles written regarding music and productivity. I know when I’m working noise helps me kind of focus and when I’m at work music helps to drown out other things. I actually spend a good deal of time listening to lessons or infographic shows, or historical bits because I’m kind of a nerd, but music aids my productivity. One of the best sounds I’ve found to listen to while working is Lofi Japanese HipHop or TripHop. I like sounds with heavy bass, but not having to think about words helps to just let the music be background.

https://www.youtube.com/watch?v=3OEX_tVDbdw

In this occasional post series I’ll be sharing some of the music that aids in making me a more productive worker and/or helps me to study.

I really got into this type of sound while I was working overseas when I would listen to Arabic HipHop mixes. From there I branched out to this and as I stated above the lack of words makes me zoom into the sound and bop along as I type away.

Links to Music/Productivity Articles:

Posted in What I've Used

What I’ve Used 02/2020

Posted on by Steph

The Basics of Hacking and Penetration Testing – Second Edition
By: Patrick Engebretson [Syngress]

I started this book before finishing the class I took for Cyber Attack and Defense in which in pairs we had to work through penetration testing methodology on a machine chosen from Vulnhub. I just finished it a few days ago, not because it is in any way dense or hard to follow, but because of time management.
Regardless of my shortcomings, this book is exactly as the cover states: The basics.
This book is highly recommended a beginner guide for anyone who is new to hacking or penetration testing. The penetration testing methodology that I spoke of in a recent post is clearly laid out in this book and chapter by chapter Engebretson, walks-through these steps and explains the tools to use and the basic ways in which to use them. There are also chapters that delve into Web Application Hacking and a brief touch on Social Engineering with SET (Social Engineering Toolkit) which were very informative.
I found myself highlighting throughout this book to come back to quickly for my next CTF. It’s a good start into learning these tasks and is excellent in that it sticks with emphasizing a structured approach to penetration testing and hacking. It wouldn’t be good for people who have been doing these tasks for any length of time, but for the intended audience it is definitely worthwhile.

5/5

Cover Image