Logfile_dump Week 7/22

This week was a little different, as I didn’t have any large projects I took on. However, here’s a brain dump of what I did for the week:

• Started watching Network+ course videos from Mike Meyers and ITPro.TV. I’m currently not scheduling to sit the exam, however I will at some point this year.
• Finished the audio book version of Phillip Wylie’s and Kim Crawley’s book “The Pentester Blueprint”.
• Listened to Black Hills 02/11 podcast episode.
• Finished the “BurpSuite & OWASP Zap” module in the Web Fundamentals path on TryHackMe
• Started watching more of the “Automate the Boring Stuff” python videos on Udemy. I have the book too, but with the videos I’m able to watch during my lunch break so I can stay more consistent with it.
• Started reading “The Linux Command Line” book because I have a few ideas of changes I want to make to my two scripts upgrade.sh(it) and deploy.sh (that I use for this blog).
• I’m also working on a routine of training and learning I want to follow for the foreseeable future. Each week, I want to watch/read a total of two scripting lessons (either python or bash, preferably two in both), watch four videos for the Net+, and do two rooms in TryHackMe or a module in Hack The Box Academy.
• Found out my external SSD is toast. I had been using it for storage on a NextCloud Pi instance, and within two months it’s dead. Will it get replaced under warranty? TUNE IN TO FIND OUT! (Probably not…) Luckily nothing important was stored on it.
• Circling back around to certifications, I’m leaning towards trying for the eJPT next. While I firmly believe that I still have a ways to go to get a strong foundation, the general path their Penetration Tester Student course follows seems to make sense. However, because that particular course is dry as a hell I’ll be using external resources (Net+ videos, python and bash scripting books, the INE CCNA videos, etc) to learn what I need to know for the exam. Some of the tools I’ve already used in various THM or HTB rooms, but I know there’s more I can learn with those.
• Watched the BHIS “5 Year Plan into InfoSec” part 1 and part 2. There’s a lot of overlap between them so if you only have time to watch one of them, just watch part 2. Here, I also found the general path that Strand recommends to make a whole lot of sense: focus on the foundations (scripting and networking) before moving on to next steps like web stuff and exploitations. While I will condense this down enough for the eJPT exam, what I’m finding is that there’s a very consistent trend between the “thought leaders” in infosec, that you need to have a really solid foundation in networking and general security principles, along with at least some scripting experience, before jumping into more intermediate topics. Some people may choose to take a different route, and more power to them, but I can’t see a valid reason for me to not follow this course of action.

That’s all I got for this week. Next week will be more organized, I promise!