Georgia Weidman's Introduction to Penetration Testing
Quick status update
It has been a couple weeks since the journey of getting my CompTIA Security+ Certificate. Nothing particular interesting has been happening since the last update. During this time I haven’t been actively blogging or doing any CTF challenges. I’ve been solely concentrating on absorbing as much information as I can before I take the exam at the end of the month.
This felt off-putting to me. I remember before I decided that I was going to take the Security+ certificate I was heavily active in bloging and doing CTF challenges pretty much everyday. I loved the progress I was making, and the security mindset I had at the time. But, recently I’ve been having regrets. The past week I was pondering on whether or not I made the right decision in trying to get the Security+ certicate. And from the research/reading I’ve been doing, this certificate is a hit or miss. It shows initiatives and gives a great foundation of security. On the other hand, it is a very entry level security certificate and the best it can do is get past the HR interview. I shouldn’t be thinking like this though. No matter what certiciate I decide to go for, it won’t guarantee me or anyone the job. A certificate is nice to have and easily filters out candidates. The real determination on whether you get the job or not comes to knowledge and experience. So, when I decided to finally pull the trigger to buy a voucher and book the exam, it felt like the right thing to do. I felt like I was lacking the basic security knowledge and concepts. And getting this certificate definitely gives me a much better overview of security.
Overall, even though the Security+ certificate is just entry level certificate that only teaaches you the basics, with no hands-on experience - for my benefit it is worth it. Since studying for the certificate, I’ve learnt a lot about common terminologies, and feels like I have a more rounded understanding of security.
Studying on average 4 hours a day for the Security+ certificate and not leaving any room for hands-on experience, I felt like I needed a balance betweent the two. This long weekend I’ve decided to work through the Penetration Testing: A Hands-On Introduction to Hacking (Georgia Weidman). This book has been a go-to for people looking into penetration testing or hacking in general. Not only that it’s a good introduction to what to expect if you’re going for the OSCP. It’s a bit outdates but the material and concepts can still apply today.
Setting up my virtual lab
The way this book teaches penetration testing is not like others. The authors intention is the simulate real world experiences, as if you are working as a penetration tester. From the very first chapter of setting up an entire network, already feels promising. Most books/courses don’t do this kind of approach. They more than likely either give you an already made virtual machine. As a beginner, I personally like this approach of setting up a hackable virtual machine through guidance. It gives me an opportunity of troubleshooting problems that arises during installations and configurations. Especially because this book in a few years old, and some of the software, tools, and techniques are outdated or abandoned. It’s solely up to the reader (me) to figure out workarounds and do my own research.
So yesterday, I spent my day setting up the virtual lab while watching my tv shows. It took longer than expected because of issues setting up the simulated virtuals machines. Once again, some of the programs and software used to populate vulnerabilties and exploits, were not compatible or difficult to find.
Stale couple weeks because of studying. Missed getting some hands-on experience, so I decided to slightly change my schedule and include some hands-on experience on weekends by going through a highly recommended book: Penetration Testing: A Hands-On Introduction to Hacking (Georgia Weidman) . Finished setting up the virtual machines last night and now I’m going back on the grind.