Security Testing Journal Entry | w/e Friday April 7, 2023

Highlights for the week

Had something of an interesting week. More waiting to know if I am hired, but even better networking session with Rhino Security Labs learning about Cloud Pen Testing.

What We Loved

1. As mentioned above, attended a webinar with some key people from Rhino Security Labs. The topic was setting up an environment in Kali Linux and moving through some of the scenarios. After 2 days of harrasment with my environment, I got it set up and managed to move through the first scenario. I need to revist it when time allows.

What We Learned

1. Network+ - Moved through another module as it pertained to Wireless Networking and ethernet switching
2. Security+ - Great learning module as it related to common attacks like XSRF, Buffer Overflow, etc.
3. Automation - Completed the majority of python tests pertaining to the E-comm website. Need to tackle API testing in python and some negative tests in Cypress
4. Burp Suite - Finished some DOM-based vulnerabilites. They seemed overly easy
5. "Cult*ure" - In the middle of writing chapter 5, I folded in an adjunct chapter (4 "All Hands") and had to restructure the layout. New chapter tbd

What We Longed For

1. Still waiting for a few jobs I applied to 3 weeks ago to reach out. Missing $$
2. Pursuit of certification is on the horizon: Moving through Network+, but SEC+ and OSCP are the real deal

What We Loathed

1. Not good karma having to bad-mouth the hiring process at this one company, but after several rounds of interviews, and weeks of waiting, no decision has been finalized and the reply give the impression that they are not convinced even though they state otherwise. If I had other opportunities, I would have ejected long ago.