May 19, 2017

OMG What fun!

So now I've been in the course/lab for a little bit and I have to admit it's pretty fun. I'm learning a lot more on the keyboard than 10 books combined. It's like giving an archeologist their own dig site. It's a great place to practice, practice, practice. Explore, test and document in a place that was built specifically for that purpose.

So here's what I can tell you about what I've learned. Don't worry about the amount of time you buy. You will probably get to a certain point - and then schedule the exam. And if you would happen to pass, you don't "lose" the lab time. It's still yours to use. So why would you use it? Because it's FUN... it's a challenge. Apparently there are a few devices that are particularly difficult. The exam challenges you to a certain level. The lab is practice to prepare you for the exam. And you don't have to get all the devices to get to the level that you need to pass the exam. So from what I'm hearing - you will probably take the exam with some devices still not compromised.

This course does make you THINK. It's definitely not a "spoon-fed" type of class. They will lead you to the tools and you have to figure out how to adapt them to your situation. The videos are really good. They don't cover everything that you will encounter, but what they do cover is well done. He makes it look and sound soooo easy. And in reality, it is that easy (once you know how).

Posted by BlueWolf on May 19, 2017

May 06, 2017

The Excitement Builds

OMG - today is the day! This evening I finally get the email that gets me into the OSCP Pentesting with Kali course. I have been wanting to take this course for years. When I first saw it, it was "Pentesting with Backtrack" - so that tells you that this has been on my wish list for some time.

It was the delay in CCIE Security materials that really pushed this one to the top of the list. I had planned to take it after the written and before the lab. Now, I'm just going to go for it. By the time I finish, more materials will be available for the CCIE (I hope).

When you sign up for this, be aware that it's going to take some time before your class starts. Yes, you sign up for a specific "class" - and I use this term in the programming sense of the word rather than the educational sense. This is apparently based on the number of people in each lab group. You really have to keep up with this - since links are only available for a limited amount of time.

When I clicked on the buttons to register, I got an email to click another link to "continue" registration. It was only valid for 72 hours. [I'm guessing this is to validate the email address used for registration.] Once I continued my registration, I was emailed a link to download the components of the connectivity test and quite a bit of information about the course. "Your seat will be confirmed and scheduled after payment has been received." Yeah, you would think that you can just click and pay. Not so fast. "Before submitting the course fees, please be sure to test the connectivity to our labs to see that the connection is satisfactory and that your response time is reasonable." That part now seems pretty funny. The only way to get to the payment page is through the vpn connection. Also note that you have only 48 hours to complete this testing and submit your payment.

And then you wait.

Now the waiting is over. I'm really excited about this - it sounds like fun. Basically, there are some videos on each topic - along with some lab exercises. I'm very familiar with a remote lab environment which I have been using at INE for CCIE studies. Labs are fun. I wasn't really sure about what kind of time I was going to need for this. Most people are saying they needed 60 days. But then again, most people taking this are early in their IT careers. And I'm not sure how my life/obligations are going to allow me adequate time for lab practice. So I signed up for the 30 day lab. I think by the first two or three weeks, I should know if I need to extend it for 30, 60 or 90 days. The cost savings for grabbing 60 days initially versus 30 days were not that large. My excitement may be adequate to get me through this quickly.

Not that I'm rushing. And not that I'm thinking this should be easy. It's supposed to be tough. And I'm hoping to learn quite a bit from this. And, no, I'm not wanting (at this point) to go into PenTesting as a career move. I'm actually wanting to take this so I can more fully participate in CTF exercises. And if you're taking this thinking that you're going to get CPEs from it - you have to submit the pentesting reports or pass the pentesting exam to get those points. I'm already prepared and set up to submit the lab and exam reports. Now just to add the exploit details and submit...

Posted by BlueWolf on May 06, 2017

May 04, 2017

More Free Training

OMG I love free training. Granted, I spend some serious $$$ on a number of various training sites. So when I can grab some training for free, I jump on it. And this one is open to everyone!

The free training is on the Qualys site. You can use your favorite search engine to find it. There are some caveats to this training, so I thought I would share.

When you go to their training site, you can click on a choice of:
VM - Vulnerability Management
PC - Policy Compliance
WAS - Web Application Scanning
AV TP - AssetView & ThreatPROTECT

(Note VM is a pre-requisite for AV TP)

It's pretty obvious that you click on the Enroll button. And that brings you to a page where you can download the slide deck and lab exercises. The enrollment is supposed to kick off an email for access to the lab area. It's not that reliable (especially if you use your work email address - it could be filtered or go astray). Writing to the training address does produce results - they respond within a reasonable time frame.

So the first thing I ran into is that there are no videos there! You see mention of the videos, but it took a while for me to find them. They are actually in the "Qualys Community" section:

Once you watch the videos, read through the slide deck, and practice the lab exercises, you can take the exam.

These exams are open book exams. You can have multiple browsers open and there is no time limit. There are 30 questions, no time limit and you are allowed 5 attempts at each exam. The passing score is 75%. Once you pass the exam, you get a downloadable (.pdf) certificate. The course is worth 8 hours (for those needing CPEs).

You may need multiple attempts at the exam. They "claim" that there is no time limit, but I have found that the testing engine is quite unreliable. One attempt at the exam - I got to the last question, clicked "submit," and received a "Maintenance" page. [Okay, so it was late on a weekend night.] Once you submit a question, you can't go back - so when I got the Maintenance page, it wasted an attempt (and my time). I tried again the next day (when the site was back up) and got to question 29 - I clicked "submit" and got an "ooops, we can't find that page" error message. Yet another attempt wasted. And the questions I had answered to that point were never scored. It was frustrating. However, I stuck with it and took the test again. That time it worked (and I made sure I didn't dawdle on any of the questions).

So now I'm Qualys certified in Vulnerability Management and Web Application Scanning. (Two down, two to go.)
For free.

If you're not the type to self-study, they also have in-person and online web classes that you can take. They are in multiple time zones and countries around the world. Good luck and keep studying. This time for free!

Posted by BlueWolf on May 04, 2017

April 01, 2017

Something was missing

Well, it only took me three years to notice that something was missing. I went to the C|EH portal to check on my recertification status - and I finally noticed that I never uploaded the logo to my sidebar. OMG. I added it to the list in the Cert Battle Status, but never added the logo. Now, it could be that they didn't have it available at the time, or I may have just forgotten.

The C|EH portal has been through many changes. It now has an area to enter ECE credits - which didn't exist when I took the exam. And the download of the logo is in a very odd place. You have to go to the Certificate section and scroll to the bottom of the page. There you can download a copy of the certificate (that they already sent you) in high resolution format, your exam transcript, and the logos.

The ECE section now has a notice on the details page: "Congratulations on meeting the ECE requirement with in the ECE Life Cycle period. You can download your new certificate after the completion of ECE Life Cycle, on 31 March, 2017." Don't believe them. Today is 1 April and it's not there yet. Perhaps it's automated and the cron job hasn't kicked off yet. Or it might require somebody there to process something. So far I've found that using their Help Desk messaging or emailing them to be effective and responsive. I'll give them a poke soon to find out.

On other training news, INE will start adding the Security v5 material starting in May. They are talking about 150+ hours of video training. Not all of it appears to be slated for publication in May, but it's a start. I'm really looking forward to the new material.

Posted by BlueWolf on April 01, 2017

March 20, 2017

On the Training Train

One more week and the INE Security Boot Camp begins. I'm hoping that they tape that course so they can upload the videos and release version 5 workbooks and labs. The rack rentals are basically "fully booked" for the next two weeks. I'm guessing that this week is being used for building and next week is completely reserved for the boot camp. I have my fingers crossed on this one.

In the meantime, I've been checking and documenting my continuing education credits for the CISSP, C|EH and WCNA (Wireshark Cert). I am well above all the required credits and I'd like to give thanks and credit to INE for their help. I found that the C|EH now requires credits to be entered in their portal. So I had to catch up - but basically it was just documenting the training already listed in the other two certs' portals. The one wrinkle is that they expect you to upload certificates of completion for these courses. INE's portal (where I have done a massive amount of training) does not provide a certificate at completion. As you watch the course's videos, a progress bar is displayed on the course home page. For most of the classes, a screen capture of this was adequate. However, there were two classes that were rejected for credit that required a certificate. I wrote to INE and they very quickly verified my account, completion of the courses and provided certificates. The quick turnaround was helpful and I've always experienced great customer service from INE.

For future reference - the WCNA portal and the FedVTE portal both provide online downloadable certificates of completion for their courses. This may not help everyone - but might be useful to someone. The WCNA portal is only accessible to those who have passed the Wireshark Certification exam. The FedVTE portal has a bunch of free online cybersecurity training for government employees and veterans.

Note that a lot of the training is somewhat outdated. For example, the site will have the course for C|EH v8 and the current version of the exam is version 9. So don't think this is going to be a one-stop shop for getting any cybersecurity credentials. But the training is good (and cybersecurity principles don't change) and it's good to refresh the concepts. For veterans looking to get some training, it's a good first step. [Then get some study guides to focus on the specific current version of the exam.]

Logo and link below for any vets that are interested. If you have a .gov or .mil address, use that to sign up. If you don't have one of those (veterans), follow the instructions and the link on the page to get your veterans status verified by the "hire our heroes" site. It takes a bit of effort to go through the process, but once you get access you will have quite a bit of [FREE] training at your fingertips.

Posted by BlueWolf on March 20, 2017