Azid's InfoSec Journey

Last month I gave a fun little talk called "Plenty of Phish in the Sea" in my local security conference. It was a fun presentation on how I phished my friends in high school.  I used to make music back in high school and sent a phishing link to 3 of my best friends to my "Soundcloud" and asked them to sign in through their email. I had created a fake domain that copied the Soundcloud login page but the form to submit username and password had a php script that sent the credentials to a txt file I had on the server.  My friends had weird passwords of course, one guy had his girlfriends name, another had his favourite sport mentioned, and another friend literally had his whole phone number as his password.  I made jokes about it and kept the whole tone of the presentation humorous.   This talk wasn't very technical, but it was my first time and this was an actual experience. Hopefully, next time my talk is a technical one, where I teach the audience something I le...

Long time since I wrote a blog post, but things happened. I graduated from University with a degree in Information Science. I interned in 3 different companies since getting certified in CEH and CCNA. I also did huge projects in the final year of college. I had around 200 applications over 2 months and 7 interviews. After being rejected and ghosted numerous times I got a few interviews. 5 of which didn't go so well. Either I wasn't qualified or they didn't think I had enough experience. Fortunately,  the last 2 interviews went extremely well and I got a job offer from BOTH companies! Company 1 is a big Networking company where I where the job was being a part of the Incident Response team and Company 2 is mid-size education software provider. Company 2 had 1 other security person, and I would be person 2, which would have been a great opportunity to learn and grow with. I took a few days and talked to a bunch of people in my family and even posted on Reddit to get advice on...

I'm in the final semester of my degree and my project is something I've been thinking about for a while. I want to solve a problem, so I formed a team and now the project we are planning on creating is "DDoS Detection". We want to create an app which detects DDoS attacks and stop them live. I haven't really started doing much, but first thing I want to do is get datasets. I will search online for datasets on DDoS attacks. My mentor mentioned that I could create a virtual network in VirtualBox and simulate different types of attacks with some programs I can find online. That sounds pretty interesting and I'm going to do some research and find out if thats something I can do.   2 of my teammates are also helping me write code, we plan on using Python and a machine learning library, mostly Keras, to train the model and learn patterns. Lets see how it goes.

Bandit Levels Levels 0-14 Levels 14-25 Levels 25-33 Please use Ctrl+F to find your desired Level. Level 0 Bandit Level 0 Level Goal The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1. Commands you may need to solve this level 2/31 ssh kali@kali:~$ ssh bandit0@172.9.9.176 -p 2220 password: bandit0 Level 0 -> Level 1 Level Goal The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game. Commands you may need to solve this level ls, cd, cat, file, du, find Password for next level: boJ9jbbUNNfktd78OOpsqOltutMc3MY1 Level 1 -> Level 2 Level Goal The password for the next le...

On July 10th I passed the CEH with 105/125 questions right and this is the write up to the exam and certification. I got really interested in the CEH because it was a well known certification and the syllabus really interested me. I also had a ton of recommendations online and from people in this industry saying that the CEH was a really good beginner level security certification. Details about the exam and course: I bought the course from the EC-Council website. There are certain requirements if you want to take this certification. You should either have 2 years experience or buy their online iClass to attempt the exam. As I did not have the required experience I bought the online course. The EC-Council website and how everything works with them is very confusing and I got very confused at times. But thankfully, the customer support answered all my questions and guided me through the buying process and the registration. The course costs $1100 USD in India but I bought the course durin...

A few days ago I took my attempt for the CEH and passed with 105/125 questions right. Which is 84%! I'm really happy. I have been studying for the CEH for around 3-4 months. It is a moderately easy certification and I have have learnt a lot. Write-up coming soon! Thanks for reading! AZID

I passed the CCNA last year and I've seen this question asked a lot. So here's your answer. CCNA has little to do with Security and Security related beginner certifications like the Security+ and the CEH are better for Security related roles. But, to understand a lot of stuff in security you need a thorough understanding of networking concepts. You could just learn all of it for free on the internet, but certifications show a recruiter that you understand it and have been tested. Also, it looks really good on your resume. You will learn networking concepts that will help you when you start concentrating on Security. Topics like OSI layers and protocols, TCP/IP Model, TCP, UDP, IPv4, IPv6, ARP, DHCP, DNS,  MAC, Encryption, SSH, Telnet, FTP, NAT, SNMP, Routing and Switching protocols(OSPF, RIP, BGP etc). You will also learn key concepts in network security and general security like WiFi security protocols, ARP and DHCP attacks, threats, vulnerabilities, port securit...

As I am getting experience and writing simple programs in Python, I wanted to write a "hacking" related program. Not too hard, but not too simple. PasswordListGenerator I think I got the idea from watching a Mr Robot episode, Elliot creates a wordlist for cracking passwords. This gave me an idea and I thought I would do this! So I searched for similar programs to see if something like this existed and I found CUPP and BEWGor. These are absolutely beautiful. They are well written and provide many operations and options for creating a wordlist.   I took the idea of how these programs worked to create the wordlist and applied my version to do the same. Yes, it is not an original idea, but it is my implementation. I have to agree, the best way to get better at a programming language is to do a project. I posted a small GIF showing how the program works on Reddit and it got a good amount of reactions. Turns out, people actually give great advice and mot...

Hey there! I got the CCNA last year and the CEH was the next step in my mindmap . I completed the CCNA December of 2019 and got caught up with college for a while. I started studying for the CEH around March 2020. Here are the resources and methods I'm using:  1. Matt Walker All-in-One for CEH  I bought the CEH All in One guide from Matt Walker and I've been studying from that. The book was recommended by a lot of people on Reddit and other forums. 2. Matt Walker CEH Practice Exams I bought this book too and intend to use it and solve a lot of questions so I get as much practice as I can. 3. Boson Exams I had a really good experience with Boson practice exams during the CCNA studies and I'm going to stick with them for the CEH also. Boson played a huge role when I passed the CCNA and hopefully it can do the same for CEH. 4. Practice on the actual thing As I actually want to learn using the tools I'm practicing the tools and methods us...

I haven't been actively blogging and I have updates! I thought I would stop blogging and work on a YouTube channel but I also want to keep this blog going. I am going to try to keep this blog active and I will document my journey in InfoSec. The Coronavirus has kept me at home and I've done so much but so little. Looks like its time to bring this blog back to life again. Thanks for reading! AZID

I did it! I passed the ICND2! I'm CCNA certified! I took the ICND2 on Saturday and passed with 884/1000. I passed the ICND1 in September. My write up of the ICND1 : https://azidsecurity.blogspot.com/2019/09/i-passed-icnd1.html I only got to study during nights and weekends. I worked hard for this certification. I followed the same methodology I did for the ICND1. Watched the CBTNuggets videos and take a ton of notes. Study from the Official Cert-Guide thoroughly from start to end. Practice with Boson. I had a deadline. My University exams start from December and the Saturday I attempted the exam on was the last day I could. I had to start preparing for my finals. When there was 10 days left I still had a lot to do, so I buckled up and finished the OCG, revised all topics from the notes I found on /r/ccna . I had around 3 days left when I took the first Boson exam and I scored 650. This made me stress out a lot and I panicked a lot. But I calmed myself down an...

My third semester of college has just started. The first 2 semesters were the basics of Engineering. So we had common subjects like Physics, Chemistry and Engineering Mathematics. But now the core Computer Science Engineering subjects have started. These are the subjects I have and what I will learn from them.    Java  Into to Java, Program Control Statements, Arrays,Classes, Objects and Methods Inheritance, Polymorphism and Abstraction Strings Exception Handling Interfaces, Packages, Multi-thread Programming Enumerations, Auto-boxing, Annotations Generics, Streams, Swing Fundamentals Course Outcomes: Implement Object Oriented Programming concepts. Design a GUI using Java programs and Applets. Develop Multi-threaded Applications. Creating Custom Packages and Interfaces. Data Structures and Algorithms with C Asymptotic Notations and Analysis of Algorithms Stacks, Queues and Linked Lists Trees, Graphs Hashing Sorting, Searching and Pri...

I just cleared my ICND1. So it is time to finally get my CCNA. I'm going to follow the same method of studying I did for the CCENT. 1. CBT Nuggets I trust Jeremy Cioara to keep me motivated throughout the whole course. I am going to continue studying with CBTNuggets. If I think I need some other video course, I will buy the David Bombal course on Udemy. 2. Official Cert Guide by Wendell Odom  The OCG for the ICND1 was absolutely amazing. There is so much information that you'll get lost in it. I am going to continue with this book as I need the knowledge. 3. Boson Ex-sim This was the reason I passed the CCENT. I am going to buy the exma for the CCNA too. I love their explanations and it will give me a real exam experience and I can judge myself when I take their exams. Hopefully, I get CCNA certified before December. That is the GOAL. I want to complete the certification before my semester exams in college.  Thanks for reading! AZID

This is a Reddit post on the CCNA subreddit: Hey guys! I did it! I scored 896/832 and passed the ICND1. I had limited money and couldn't afford to fail the exam. I am so happy that I cleared the exam! I am a college student and travel 130kms everyday so I could study only from 8pm to midnight. I worked very hard for this exam. In my country, people usually go to training centers and bootcamps to clear this exam, but they usually use dumps and don't teach well. I WANTED TO ACTUALLY LEARN. I needed the knowledge of these topics because I want to get into cybersecurity. So I took the Self-Study path. I tried studying slowly from January of this year, but never really understood anything and just watched the videos for the sake of it. But when the Feb deadline news came I knew I had no option and became fully focused. I re-watched all videos and took ton of notes. Then moved on to the book and then finished with the practice exams. What I used: CBT ...

I knew C before I learnt Python. There are differences between the languages, but, it is very easy if Python is your second language. Why learn Python? C has tens of lines of codes which could be done within one line with the help of Python Libraries. Python is just easier and equally powerful. It is also a great scripting language if you wanted to learn a scripting language. If you have a programming background, Python is pretty straightforward to pick up. The most onerous task is learning the libraries and idioms. You already know how programs work and you might have an idea about programming methodology. This makes learning Python a simple process. If you're learning Python and want to do it fast, I recommend this: Learn X in Y minutes(Python) This will teach you the keywords and syntax in a matter of minutes. Most people don't know this, but the official Python docs are a goldmine. It is very well written and is as good as any book. Already knowing how ...

Yay! I learnt Python using  this Udemy  course and went forward and made my first Python Project! https://github.com/utpalbalse/EmailExtractor EmailExtractor Extract all emails from a document/text and store it in a txt file. Summary: This is helpful for the people trying to copy lots of emails from a file which has other info(not just emails). Instead of copying each email, this python file extracts all emails from the document/text and stores in a .txt file. I have used the re module and the pyperclip module. Also creating a new file or rewriting the file in Python. I uploaded the project to GitHub and hence have my first open project!

Finally! My summer holidays have started. I just completed my first year of college. I'm glad its done. Here is my plan for the Summer: 1. Finish the Official Cert Guide I am going to finish reading the CCNA Official Cert Guide by Wendell Odom. This will take me about a month and I would have finished studying for the CCNA by the time the next academic year starts. LAB EVERYDAY. I will have to practice for the CCNA using labs and practice exams. 2. Python  Finish the Automate The Boring Stuff With Python video course and book. Finish the Python Mega Course:Build 10 Real World Applications video course. Learn important modules and libraries Build a couple small projects and 1 big project(self). Use Git to save and control repositories. 3. TRY and learn the basics of JavaScript Thanks for reading!  AZID

Cisco has changed the CCNA certification completely. Now, they have removed a lot of certifications and made it into one. CCENT/ICND1 has been removed and the CCNA will be one exam. But this shouldn't be a problem to those who have already started studying for the ICND1. The deadline to get the CCNA is February 2020. This leaves us 8 months. This is motivation and a push for the people delaying studying. Now they have to.

I chose CBTNuggets to help me study for the CCENT and I am glad. The lot of users on Reddit and other internet sites really recommend the CBTNuggets video course. So this is what I used to study. It was totally worth it. Jeremy Cioara has a way of teaching that makes all topics interesting and you dont get bored easily while watching his videos. He gives a lot of real life examples and the videos have many exercises so that you can do it with him. He uses real equipment, so if you are using GNS3 and Packet Tracer you will have to have it setup and ready. You should also know how to use these virtual labs. I chose the video course because reading from a book is very dry for me and I might lose interest. He covers every topic which is given in the List of topics on the Cisco website. He also keeps the viewers engaged. You will have to take a lot of notes (I did this). Thats how you will retain a lot of information and you can see that he actually covers all topics. Yes,...

If you're using Packet Tracer for your CCNA preparations, then this guide will help you. I well tell you how to install Packet Tracer and some basic ways you can use Packet Tracer for the CCNA. Installation - Go to this link. Click on Sign up and fill all the required details. I recommend you to use your own email address as you have to keep signing in when using Packet Tracer. You will get a similar page after creating an account. Click on Launch Course. Now you will be directed to the Packet Tracer course page.     Now click on Student Resources. You will get the following page: Scroll down on the page and click on Download and install the latest version of Packet Tracer. You will be taken to this page:     Click on the version on Packet Tracer you want to download. I will download the latest version of Packet Tracer and I recommend you to do the same. I will download Cisco Packet Tracer 7.2.1 You will be taken to a page with...