Cyber Security: An Offensive Mindset [Week 5

Page Title

Cyber Security: An Offensive Mindset [Week 5 - Reflection]

Reflection

Stakeholders were vital this week initially providing me with clear and concise guidance around what was expected for this week as well as next weeks final deliverable. Throughout the week I kept in constant contact with my facilitators both within and outside of regular contact hours to clarify any queries or issues I was facing. This was honestly extremely useful as I found myself deviating off track often whilst tackling the 'Open Admin' Hack the Box this week but thankfully for my facilitators they were there to assist me. They nudged me back onto the right path when I was absolutely desperate and stuck in a substantial rut. The core of my success this was truly down to the stakeholders this week, they empowered me providing me with the support and also instilling self belief in me when I was ready to give up. Finally, I must also thank my facilitators for their shared love of coffee directing me to 'Caffeine Project' and recommending I try a 'Nitro'. Which ended up being the driving factor for getting me through this week and enabling me to provide a deliverable that I am very proud of.

Figure 1 - Nitro from Caffeine Project

Figure 2 - Moral Support from a facilitator Jason

Over the course of this week there has been an ongoing theme of designing thinking, it was what got me through the 'Open Admin' box this week. The reasoning for this is the constant research, testing and documenting that went into gaining root access on this box. Google was honestly my best friend learning about how certain concepts are implemented and flaws that they have which ultimately enabled me to beat this box. It forced me to resourceful as well as how important it is to focus on trial and error, because sometimes you're so close to the answer and it may be that you're simplying mistyping one character from breaking into a system (which I am guilty of when mispelling user passwords that I found). Although, I did manage to gain root privileges on the 'Open Admin' system by utilising design thinking I need to continue to refine this process and develop my own framework as I continue breaking into boxes (systems) in the future. Next we have technical skills which I believe were significantly improved this week grasping how intranets function, knowledge about php and indepth analysis of SSL certificates work when using ssh. I was force to take a deep dive this week into concepts that I know little about and it pushed me completely out of my comfortzone, which I found very refreshing. Reading over my previous weeks reflections I was really taken back about how much technical knowldege I have gained over the past five weeks. Having the ability to overcome my first box on Hack the Box has really boosted my confidence and combated my disbelief that I will never be able to master enough technical skill to become a penetration tester in the future. Overall I'm really happy with my technical progress but there is so much more to learn, hoping that the next box I tackle 'Traverxec' will challenge me even further and allow me to continue my technical development.

Figure 3 - Understanding Wget and Curl commands

Collaboration this week was slightly inhibited as we were all working on our own to beat our Hack the Box for this week. But it was really constructive to bounce ideas off my peers that were also doing the same box (challenge) as I was, especially those who had progressed further than I have they would also help me if I wasn't grasping certain elements. Especially my collegue 'Daa-vid' who continued to keep my moral up whilst I was doing the box and I would as him if I was moving in the right direction looking for the right answer to gain user or root privileges. I found this exercise really crucial in my success because although he wasn't giving me any answers he was showing me empathy because he had overcome the same issue already and was giving me yes or no answers to help me progress through the box, not just give up.

Figure 4 - Moral Support from my peer David

From my point of view when conducting a review and evaluation of my performance this week I am very proud about how far I have come over the past month. Never in my wildest dreams would I have been able to comprehend that I'd make such progress, beating a box on Hack the Box platform has been a goal of mine for this year so I'm over the moon. Although I need to take a step back and reflection what changes I've made from last week, I still have let myself down from a health perspective putting many hours into this box has again left me worse for wear. This wear I am going to take a different approach with a focus on less is more and trying to make myself more efficient in how I complete my work. As sitting down for long periods, not exercising and eating poorly has a substantial affect on the health condition that I have been diagnosed with. This weekend I had a step back from the 'Traverxec' box after Friday just to refresh myself and get back on track, it has done me some good so I am looking forward to challenging myself to get more balance this week coming.