Posts Tagged ‘certification’

OSCP diary – week 04

Sunday, August 21st, 2022

I finally finished the LFI exercise… it took a while because I was using a & instead of a ? in the wrong place in the URL. <sarcasm>Surprisingly, things don’t work properly if you do that</sarcasm>. After that, it was smooth sailing. OR SO I THOUGHT. Took some more digging and I got the flag so I’m good maybe but I certainly did not follow the instructions so I’m not sure if there is a correct way to complete the exercise. But I guess one aspect of the course is also to show that following the book/the guidelines is not always necessary or recommended.

Moving on, I made progress on the RFI exercise and continued reading up on SQL injections.

This all seems to take a long time, I wonder if I’m wasting too much on these exercises >_<

OSCP diary – week 02

Tuesday, August 9th, 2022

Or is it week 3 already? Haha, looks like I lost track already.

Finished that Perl script to get nameservers from a domain. Finally.
Not that Perl might be a particular scripting language, but…. not chomping an input breaks a loop because of an empty variable? Although the same variable holds a value as evidenced in the loop?
Can’t really say I understand this so far.

Got through the scanning basics but I’m undecided on the inclusion of Nessus in the ‘textbook’. Not checked yet whether you’re allowed to use Nessus during the exam, but I guess no. It was good to do some hands-on exercises with Nessus but if the basis of the coure is the open-source Kali Linux, then including tools like VMware Fusion and Nessus in the course materials feels somewhat …. off.

Anyway, moving on web application security now.

CPE tracker

Thursday, July 14th, 2022

If you are lucky enough, you are certified in some field. Very likely, you need to gather continuous professional education credit to keep the certification valid. Actually, not a bad thing in itself and it does make sense in fast-paced fields like technology.

However, if you have several certifications that you need to keep alive, then keeping track of your CPE credits can be challenging.

Enter the CPE tracker I put together. It’s free to use, obviously, but use it at your own risk.

Warning points:

  • Not all CPEs are equal. Please check with your certification organisation what is acceptable as CPE and what is not
  • Most organisations make a recommendation such as “in order to make re-certification achievable, please try to achieve <insert_arbitrary_number> CPE credits per year – this might differ per organisation and the CPE credit you can earn might differ as per definition
  • Same as with the recommended number of CPE credits per year, the cut-off date per 12-months cycle might not always be January 1st – keep this in mind

Here is the general usage:

  • Copy the 2021 and rename it to 2022, 2023, etc.
  • In the A column, enter the name of the CPE you earned, e.g. “Codecademy SecDevOps in Python”
  • In the B column in the same row, enter how many CPE credits this will give you, e.g. 3 (this might differ per organisation, see the warning points)
  • In the certification column, drop an x if you want to use the CPE with a certification. This will automatically add those CPE credits to the amount of credit you have earned for this certification
  • Most organisations require some CPE proof, like the upload of course completion certification. Once you complete the upload, you can set the UL column (stands for “upload”) to the y value from the dropdown field

Some features:

  • Left top indicates how many days are left in the current year, giving you a rough indication how much you will have to hurry.
    This is based on the Settings sheet and calculated using today’s date. The general settings is using January 1st of the next calendar year but obviously you can change that e.g. to August 1st
  • The CPE credit score is conditionally formatted in red until the score equals or becomes greater than the recommended CPE score per year, also in the Settings sheet
  • No macros are used or were harmed while making the sheet. If you are asked to activate macros, it’s not my original sheet, be very careful.

Download:

  • Zip file containing a LibreOffice Calc version and an Excel version

sha256 checksum:

shasum -a 256 CPEtrackerArchive.zip
e6370259b0be5015e85040ef5876fb5c1ee8ef94d0d323925c3f33b0e8e03629 CPEtrackerArchive.zip

Update 20220721:

Nothing like using your own tools…. I started tracking my own CPEs but also found a problem with the number of days calculation so I’ll fix that and upload the newer version. stay tuned.

CISSP-ISSMP – happy ….

Monday, July 11th, 2022

…. to report that I passed the exam last week. It’s been in the making a couple of months and I finally found the courage to take the plunge.

On the weekend, I sent in the endorsement and it will take a couple of weeks for (ISC)2 to process it, as usual.

Now with both those exams (ISACA CRISC and CISSP-ISSMP) finally (and successfully) behind me, I can move on to something new.

I’ve previously dabbled in some pentesting and I would like very much give OSCP a try while casually reading about and learning for the ISACA CDPSE. Let’s see how it goes and how far I can take it….

Update from 1 week later: Already processed by (ISC)2. All good. Certified. Yay me.

Sad Kanji Kentei news – failed level 4

Monday, July 11th, 2022

Some rare sad news…. I failed the Kanji Kentei level 4 exam (漢字検定試験4級) by enough points to actually say “ok, this was not just bad luck”)

Level 4 is 315 kanji, significantly more than level 5 which has 220 or so kanji. Subsequently I spent much more time studying for level 4 than I spent on level 5. What’s a bit vexing is that although I spent all that time, I think I mainly failed the exam because of kanji from earlier levels (such as 5, 6 etc.) for the following reasons:

  • I just can’t remember all of them since I’m not actively using them
  • There is a lot more vocabulary derived from kanji combinations than in previous levels

What’s not so vexing is that the exam is “only” 3500 yen per taking. Could have been much more expensive.

CISM me

Monday, February 21st, 2022

CISM done

After passing the ISACA CISM exam in January 2020 (more than 2 years ago :o), I was finally certified this month.

In other news, I’m also gathering the required work experience for CISA certification.

PCI Professional

Sunday, April 25th, 2021

Another one I was able to bag…. not the most difficult exam I’ve ever taken but there were some tricky questions. This is valid for 3 years and allows me to call myself (surprise, surprise) “PCI Professional). Nice addition.

I took some guts from my side to sign up for this… I felt under-prepared most of the time but John Elliott’s PCI courses on pluralsight were an invaluable help.

And I passed on the first try. Yay me.

CISM test passed

Thursday, January 16th, 2020

Yes, I did it again. New year, new test, same result (apart from the unfortunate CKAD exam but it’s not quite over there yet because I have a free re-take)

Apparently I will receive an email confirmation with the definite result in about 10 days but I don’t think they will change the result *fingerscrossedthough*

The hurdle work experience in order to get actually certified is a different story though….

Anyway, next up are take 2 on the CKAD exam followed by CISA….

Update:
In case you are wondering: I used to CISM All-in-one guide by Peter H. Gregory and an app called ISACA CISM by pocket prep to crunch practice questions.

What’s going on with Ubuntu Certified Professional?

Monday, March 25th, 2013

Last week, I took the official Apple “Mac OS X 10.8 Essential Support Course” followed up by the official test. I passed so I’m a Apple Certified Technical Coordinator (ACTC) on top of all the other acronyms I hold.

Although I don’t work on Mac OS X every day, I have a good working knowledge of the general handling and the underlying OS. The course, which ran at quite a fast pace, summed up all the important points very nicely. The test featured the occasional tricky question and a score of 73% or higher was required to pass. And I passed.

We used the official Mac OS X 10.8 course book which contains precise information on Mountain Lion (although to be fair, the author probably only had to replace ‘Lion’ with ‘Mountain Lion’ to release a ‘new’ version or so). I actually understand now what happens after the kernel is loaded and what processes produce the login screen and what happens when a user logs in and so on.

On the other hand, the last official book on Ubuntu Certified Professional (UCP) was released in 2008 and was already out of date half a year later because of the energetic activism the good people at Canonical display all year round. No wonder that with all the changes that happened to Linux and all the changes that Ubuntu brought on itself, I still don’t feel secure about the internal workings on Ubuntu. Sure, there’s source code but I don’t think anyone actually reads that to get a general understanding of an OS. The man pages? Please! You mean those cryptic writings where the overview section is never really helpful because you need to have a PhD for reading man pages in order to understand them? Ah yes, the lack of useful examples is another gripe I have with man pages.

After passing LPIC 1, I was all fired up to become an UCP as well. But the lack of concise information put me off and the ever growing gap between the OS and the documentation put me off even more. Until today, no update to the Ubuntu Certified Professional book (available on amazon.com) has been released. I guess, even the author got fed up and felt he could use his time in better ways.  I sincerely doubt anything useful will be released in the future on that particular topic. And with Canonical pushing Ubuntu into a its own niche a bit more with every release, Ubuntu will have a hard time to become a viable candidate to compete against Windows in the enterprises – if that was ever their goal. Accordingly, the value of being a UCP shrinks and shrinks. Actually I’ve never really met anyone who was certified.

Maybe I should focus on LPIC 2 again, too…