I apologize for not posting for a couple of months now, I’ve been extremely busy with some more life stuff (some of which is detailed below). Probably the biggest news since I passed the OSCP is that I officially started a new job working as a penetration tester! There is a lot to talk about here, and one of these days I’ll write up a post about the entire process detailing how I got this role as it’s an interesting story that could be useful for others looking to do the same.
For now though, I want to take the new year as a chance for a simple reflection of 2019 and a look ahead to the upcoming 2020.
Recap of 2019
Although I never formally documented this, I started the year with three main goals;
- Pass the OSCP certification
- Move back to Auckland
- Get a job as a penetration tester
I was going to be more than satisfied to achieve two of these three, so I’m stoked that I can look back on 2019 having completed all three. As the new year has just begun, I wanted to take a quick look back at year gone to highlight some of my key months from 2019.
After failing my first OSCP attempt in March, I knew that I still had a lot of work to do. Taking a quick break, I doubled down on trying to gain as much experience as possible by hitting some active and retired HackTheBox machines. I still look back on this initial attempt with some regret, but I think in the long run it was better that I did fail on my first try.
In June, I got a new job as an IT Security Analyst back in Auckland, and I once again packed up all my belongings to shift back across the country. Although this wasn’t an easy transition, it’s been great being back in Auckland surrounded by more of my close friends and family. After a total of 2-3 months off from any serious study, I got back on track for the OSCP in July
I passed the OSCP exam on the first weekend of October. Having spent a solid 2 months in the VirtualHackingLabs environment I felt prepared for the exam and was able to pass fairly comfortably the second time around, completing 4.5 machines in just under 14 hours.
The following two weeks I attending two of New Zealand hacker conferences, ChCon and Kawaiicon. Conferences are always a great experience, and this year I was able to leave with a job offer as a penetration tester for a New Zealand cyber security consulting company!
At the end of November, I officially started as a penetration tester in their newly established Auckland office. I then spent two weeks back in Wellington for work, before spending the final weeks of the year in Auckland.
What’s Next for 2020?
For 2020, I have decided to make web application testing my core focus. Web applications are a growing section of cyber security, and they were my favourite thing to test when studying for the OSCP earlier this year. Bug bounty hunting is also hot right now, and I really want to get myself involved in this scene.
With that in mind, my main objectives for 2020 are as follows:
- Obtain web application certifications – eWPTand OSWE.
- Make my first successful disclosures on a bug bounty platform.
On the certification front, I have already started the eWPT course and hope to have this finished in a month or two. My initial impressions are that it covers the full spectrum of web application testing, so I am hoping this certification will provide a solid platform for the OSWE which I plan to sit later in the year.
The OSWE is for sure the main certification goal of this year. I may have to dedicate some time to strengthening my coding ability before I am ready for the course, but I remain confident I can have this ticked off by the end of 2020. I hear that the OSWE is a different beast to the OSCP entirely, so watch this space for updates on that.
I realize that the second objective is extremely broad, but I didn’t want to set myself a concrete number of disclosures to make for the year. Instead, the main focus is to get myself involved in the bug bounty hunting community generally, and start making a positive impact on the various platforms available. I also see bug bounties as a chance to do some volunteer hacking, especially if the organisation is a non-profit, charity or small company lacking the budget for an extensive cyber security program.
Towards the end of the year, I would love to be able to start turning bug bounty hunting into a reliable side hustle. Beer money is a term used to describe income that budgets for small, non essential expenses and this is exactly the type of income I am hoping to bring in. As I progress with bug bounty hunting, I’ll be sure to make new posts on here detailing my experiences with these.
Depending on my web application testing progress, I have some further stretch goals for 2020. A secondary area of cyber security I want to improve on is Active Directory testing, so to that end I have the following objectives set:
- Complete The Cyber Mentors Udemy course.
- Complete HTB RastaLabs and Pentester Academy Windows red team lab.
- Obtain the Certified Red Teaming Expert.
These objectives are of a lower priority to my first goal, which I expect will take up the majority of my efforts this year. However, I still want to document these down for future reference if I ever find myself in a rut. The Cyber Mentors Udemy course in particular should be a relatively easy win if I find myself in need of some quick inspiration.
I’ve had a busy year, and I’m proud to have achieved all that I did. For the first time in my relatively short career, I am right where I want to be. Who knows what 2020 will have in store, but for now I just want to focus on being the best I can, both in and out of cyber security.
Here’s to another year of learning, improving and accomplishing.