Before starting with the OSWE certification in April this year, I need to improve my knowledge and skills regarding AWS and DevOps. Therefore I will start with a new challenge from today on called 30 Days of AWS.
My main goal is to understand the services provided by AWS and it’s main concepts better. The rules for my challenge are easy:
- 30 Days
- Skipping 1 day is okay
- The minimum time to study per day will be 30 minutes per day
- I will share my progress everyday on Twitter with hashtag #30DaysOfAWS
This is my battle plan right now:
My Starting Point
One year ago I finally decided to make a dream come true for myself and to get into the field of cyber security. At this point, I was 36, happily married, father of two kids and had a good job working as a product owner for a large German based e-commerce company.
I already had some practical experience with hacking tools, like nmap, John the Ripper and the like and also had a solid foundation on IT concepts like networks, system architecture, programming languages, APIs and so on from former jobs.
But since I’ve written my first lines of code…
There are dozens of OCSP write-ups and guides out there, which are really helpful as preparation for passing the OSCP exam.
This is a collection of my favourites:
- Passing OSCP
- 59 Hosts to Glory
- The total OSCP Guide
- OSCP Developing a Methology
- Tips for success in PWK (OSCP)
- My OSCP Journey by InfoSecurityGeek
- How to prepare for PWK/OSCP (by Abatchy)
- OSCP Journey to OSCP — 10 Things You Need to Know
- A Detailed Guide on OSCP Preparation — From Newbie to OSCP
The Linux Privilege Escalation course by Tib3rius is also very helpful in acquiring knowledge about the post exploitation phase and is worth each penny.
What are your favourite write-ups or preparation materials for the Offensive Security Certification?
Cybersecurity is a broad field with lots of interesting topics. Sometimes it’s hard to find the best source for digging further into a certain field — something like a guide for the InfoSec jungle. This articles tries to solve that issue by providing a list of go to books, you could read in 2021 to learn from the best IT-security experts and there experiences.
Social Engineering: The Science of Human Hacking
“Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker’s repertoire―why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering…
Two weeks ago I started a little experiment and set up the T-Pot honeypot collection on an AWS EC2 instance. This article describes what I’ve learned out analysing the collected data.
So much Noise
995,173 attacks against my server after 14 days! — There is a lot of background noise caused by fully automated attacks. So the chance is high that a real attack is overlooked.
As a defender you need to find proper ways to filter out all this noise, to a achieve a clean baseline and catch the real attackers.
To make that clear:
Most of the attacks are fully automated bots…
What is T-Pot?
T-Pot is a collection of dockerized versions of 18 honeypots (in T-Pot version 20.06) in combination with some powerful tools like the ELK stack for beautiful visualisation of all events captured by T-Pot.
Why is it of interest?
T-Pot is an easy way to collect all kind of information about ongoing cybersecurity threats without the hazzle of setting up a large amount of different systems by your own. The honeypots will pretend to be vulnerable servers and by doing so, invite automated attacks as well as manually hacking attempts.
You can use the collected data to learn more about common attack vectors and upcoming threats…
