SOC Analyst 101 Roadmap 💙
A lot of you asked me for a Roadmap to becoming a SOC Analyst and I was working on the picture below for quite a while.
I talked to SOC Professionals which skills someone would need for them to be hired as a SOC Analyst and these skills made it to the…
🚨🚨🚨 I created a blog post about Kerberos
Kerberos for beginners - Tame the three headed guard dog of hell to understand Active Directory Authentication
For those of you who want to break into Cybersecurity as a SOC Analyst
Now is the time to start. 🚀
I hate the current course landscape for beginner SOC Analyst trainings.
They either have too much fluff + unnecessary details
or they are so boring…
Day 3⃣5⃣
Did you know that the OWASP website has a collection of over 180 applications that you can hack for free?
Go check it out here:
Tomorrow I have notes to share for application analysis - stay tuned!
#30DaysOfBugBounty
#BugBounty
😎 Sneak Preview of the SOC Analyst 101 Course 🤫
We will let the Steven's TCP/IP Model 🚀 battle it out against the old classic - OSI Model 👵
As usual - with soothing imagery
🚨SPOILER - TCP/IP WINS EVERY TIME! 🏆
Grab your spot now at:
You receive an alert that a new user logged into one machine in your domain - you check the typical locations on the machine and you see this ⬇️
What do you do?
It happened - I am now a Certified Red Team Operator from
@zeropointsecltd
.
It was a cool exam and while the course content was very similar to CRTP the exam had a couple of different angles.
Glad to finally know that I dislike CobaltStrike.
PowerShell is my C2.
After a couple of all-nighters 😴
I have a new video for you:
▶️ ▶️
In this video we setup a virtual environment in Python and identify 🤖BOTs🤖 and their favorite ports 😈
My certification plan for 2022:
1. CRTP in February
2. eCPPTv2 in April
3. PNPT in April
4. CRTO in August
And:
1 blog post per week or YouTube video
stream twice a week on twitch
Create the best hacking AD course on the internet
We are going big in 2022
#100DaysOfHacking
I played with chatGPT for the last 24h:
What can it do?
- Transform any code into another programming language
- write scripts
- generate CTF challenges
- create (meh) threads with a given author style
- generate incredible prompts for midjourney
- deobfuscate code
What else?🤯
Day 3⃣8⃣
Let's get started with Offensive Security & Bug Bounty -
What do you need to know as a Beginner?
Let me tell you.
No organization in the whole wide world needs people that can just hack.
Why - a 🧵
Microsofts rebranding of Azure AD to Entra ID allows attackers to craft a nice fullchain attack.
There were a lot good phishing domains not claimed, seems like Microsoft did not care about this.
Made a PoC for
@cyvisory
. Details below:🧵👇
I did something offensive today - One of my favorite Hackers -
@HuskyHacksMK
- made a course called Responsible Red Teaming. It is about ethical, responsible Red Teaming and I liked every sec of it!
It is available for free at:
Go give it a try!
✨ Got tired of opening the GPTChat website every time, so I made a Telegram bot.
If you want one too, I made it extremely easy to set up (you only need to run a single command! 😯).
Check out the repo 👇
I write about practical Cybersecurity every first Saturday of the month🥳
More than 600 of you read it for practical advice to start/scale your cybersecurity career
Tomorrow, I share how to design your home lab properly but only via email 👀
Join now:
I learned something today:
When you want to tunnel traffic from external VPN in 2 VM you can use ssh:
ssh -D <port> forwards traffic <port> on ur loopback interface
ssh -D '192.168.0.11:9005' forwards traffic on the specific interface which you can use as the proxy inside VM🧠🤯