Cyber Security: An Offensive Mindset [Week 4

Page Title

Cyber Security: An Offensive Mindset [Week 4 - Reflection]

Reflection

Throughout this week our stakeholders (learning facilitators) were of significant importance, especially with their expectation of such a substantial deliverable required this week. The steep learning curve that I would have to undergo this week was also a contributing factor in myself keeping ongoing communication with stakeholders to stay on the front foot with any issues that I came across. I found that without this communication element I would have really struggled, it enabled me to get a nudge or clarity on certain aspects of the project I was trying to tackle. I got on a tangent at some stages and ended up way off track so it was extremely constructive to start fresh from a new perspective with experienced insight from my stakeholders. I must also thank a stakeholder named Max for giving me the specific scope (TryHackMe box) for this sprint, it was daunting and a challenge is an understatement. But I found this was the most I've been out of my comfort zone during this course and at the end of the day I thoroughly enjoyed it, learning a lot more than I could've imagined. Although I'm still quite a way, away from the OSCP (my goal for 2020), I believe that with the support of my stakeholders I am one step closer to reaching this goal.

Design thinking was critical this week especially during the enumeration stage of my project, which involves asking questions of the targeted system and using the answers gained to then ask further questions to gain insight or understanding about the target. To my surprise this week I found myself exploring a variety of useful tools and experimenting with how to use them to their full potential in my specific use case. Overall my design thinking level has evolved drastically this week, if I didn't I woulnd't have been able to come anywhere near completing my deliverable this week. It wasn't an easy process there was a lot of frustration especially investigating a system that I havelack of knowledge about, but because I stuck to the design thinking processes I was successful. There was a strong focus I placed upon researching and prototyping techniques that I discovered for my own use case, this definitely helped a lot in achieving my complete write up and is something I have added to my arsenal during this week. One tool that I found myself prototyping with signficantly was Nmap because of my unfamiliarity with the tool, it definitely left me very frustrated initially. But after testing as well as trial and error, when I was familiar with the flags I had scans with reduced wait times and collecting only the data I found necessary.

My technical skills were definitely pushed to extreme limits this week, in almost 80% of instances I found myself well and truely out of my depths from a technical standpoint but I pushed through and I believe I'm a lot better off for it now. My knowledge and confidence has grown enormously with tools such as: Nmap, Gobuster, Dirbuster and wFuzz without which I wouldn't have been able to reach a successful deliverable for this week. During this week I've also made significant developments learning about different encoding standards, ftp, ssh and what a CMS (Content Management System) actually is and how it can be a flaw that can be exploited. This sprint also taught me that you can never know enough about linux, I discovered a vast amount of knowldege about commands and permissions that I didn't know existing until I stumbled across them which I found very constructive for my progression. Definitely a long way to go from a technical standpoint I need to learn a lot more but it is all part of the journey, really very happy with my technical progress this week. Collaboration this week was limited as all of my peers were focused on an entirely different target for their deliverable. Although I did still find myself communicating and collaborating about challenges that we were facing with our targets, giving each other insight and also encouragement to keep pushing forward. Even though there were some elements of collaboration during this week with my peers I don't believe that there was enough evidence to warrant this SLO to being reached by myself.

To review and evaluate my performance this week I'm extremely proud of myself, this week was intense I had a lot of things going on but I managed to stay focused and remain persistent. Usually I find myself quiting or giving up when I just find myself complete out of my depths but I stuck to my guns and made it work. Also very happy with my documentation and report write up this week, it's extremely detailed and a useful learning resource that I can reference in the future. One thing that I was disappointed with myself about this week was my health taking the back seat this week, it's easy to do but I am now paying the price for not sticking to my non-negotiable health decisions that are necessary for my wellbeing. On the other hand I am over the moon that I was able to reach the HackTheBox invitation this week with the help of Jason, which has been a goal of mine for a long period now. This has also meant that I am one step ahead going forward into next week. My goal for next week will be finding that happy medium between health, life and university, aiming to definitely have a solid attempt at a HackTheBox machine.