I just submitted my report for the SANS 2013 Holiday Hacking Challenge ( http://pen-testing.sans.org/holiday-challenge/2013 ) and it was a great way to end the year. I started my infosec studies in mid-2012 and while I was aware of the 2012 holiday challenge I was swamped with other obligations and didn’t have the time to participate. Every time I saw an update on twitter talking about the challenge I promised myself that I would give it a go in 2013.
The challenge this year requires the user to analyze a pcap file with over 170,000 records in it determine what attacks were leveraged, what defensive techniques were used, etc. It was a lot of fun to start sifting through the records reconstructing what occurred.
I took notes, created a timeline and wrote a report which answered all four questions. I absolutely would not have been able to do as thorough as job a few months ago so it was a great feeling to see how much I’ve improved my skills.
My 2013 goal was to cram in as much information as I possibly could an attempt to make sure that I had a good general overview of infosec. I ended up knocking out the following in chronological order.
- Finishing up the Attack-Secure Penetration Testing Course
- Taking the SANS SEC 401 and passing the GSEC
- Taking the SANS FOR 408 and passing the GCFE
- Reviewed the new course material for the FOR 508
- Taking the SANS MGT 414 and passing the CISSP and GISP
- Passed the CEH
- Wrote a Python tool to analyze the iPhone application “Burner”
- Taking the SANS SEC 542 and passing the GWAPT
- Beta tested the new SANS FOR 585 Smart Phone Forensics Course (huge honor)
- Taking SANS SEC 503 and passing the GCIA
- Almost done reviewing the course material for the SEC 617
It was expensive, it was mentally draining and it was TOTALLY AWESOME. The experience was absolutely worth every penny and every hour.
I’m able to listen to the pauldotcom podcast and understand what’s being talked about, able to look at network flow reports and diagnose issues, able to fire up Linux and navigate around, able to quickly develop Python apps to solve problems and even able to look at network traffic at the packet level and know what I’m looking at. I know I’ve got a long way to go but I’m proud of the progress I’ve made.
I would also be remiss if I didn’t mention the fact that every time I’ve attended a conference I’ve met some amazing people that I keep in contact and I’ve also made some virtual friends online that I can’t wait to meet in person. My stable of security friends is growing monthly.
While 2013 was packed full of classes and certs 2014 will be more about specific skills and projects. There will absolutely still be some classes (I’m already signed up for the SANS Penetration Testing SEC 560 course in February) but I’m more focused on a few particular topics.
Numbers 1 & 2: Learning C and Assembly Language.
A lot of C looks very familiar from other languages that I’ve coded in (namely Python and PHP) but I never learned to program in C. I’m currently using some online tutorials and a book to work on my C and once I feel like I’ve got a good grasp on that then it’s moving on to assembly language.
Why oh why do I plan on subjecting myself to such pain? Because I know I need to in order to work on numbers 3 & 4.
Number 3: Learn Reverse Engineering
After I’m decent at C and Assembly I’m planning on going through the Practical Malware analysis book. I may try to attend a SANS FOR 610 course later in the year but I’d really like to good a good grasp on the subject first.
Number 4: Learn Exploit Development
There are a lot of great online tutorials for exploit dev (inc. Corelan) but after my C and ASM I’m going to try to start off by signing up for a Joe McCray exploit dev course. I’ve watched a few of his YouTube videos on the subject (http://www.youtube.com/watch?v=eNSWUAVxbzk and http://www.youtube.com/watch?v=uPaJHT0Vv7E ) and I really enjoyed his teaching style.
Number 5: Continue Improving my Python
I’ve gotten very comfortable with Python and have written multiple tools with it but I want to continue improving it. I’ve signed up for Vivek’s http://www.pentesteracademy.com site and am currently working my way through his Python for Pentesting class. I will also make time to finally finish Violent Python. I love the book but it kept getting pushed aside for my courses and certs. I’d love to take the SANS 573 course at some point but we shall see.
Number 6: Continue to Improve my Linux skills
In 2013 I got comfortable in Linux. I can move around in it, run programs, solve basic problems etc. I even find myself using vi instead of gedit for simple tasks. I’ve still got A LOT of work to do on my Linux. I need to get more comfortable using sed, awk and other tools, making SSH second nature etc.
I know that I’ll never get my Linux skills to level of someone who is a sys admin for Linux boxes every day but I know I need to get better.
Number 7: Improve my Macintosh skills
This one is easy since they’re pretty much nonexistent 🙂 I don’t really have a specific plan for this one other than I recently purchased a Mac Mini and I’m going to make an effort to use that more instead of my Windows laptop.
Number 8: Get my CTF on
This is the only one on the list that isn’t my idea. I discussed my 2014 to-do list with someone MUCH more skilled than I and he loved my list but suggested that I try to work in some CTFs to reinforce my skills and have some fun.
The only CTF type activity I’ve done have been NetWars at a SANS conference but I’m going to keep an eye out for opportunities this year.
I have a few other minor ones but those are the big ones. I’d love to hear any thoughts or suggestions.