Azid's InfoSec Journey

Last month I gave a fun little talk called "Plenty of Phish in the Sea" in my local security conference. It was a fun presentation on how I phished my friends in high school.  I used to make music back in high school and sent a phishing link to 3 of my best friends to my "Soundcloud" and asked them to sign in through their email. I had created a fake domain that copied the Soundcloud login page but the form to submit username and password had a php script that sent the credentials to a txt file I had on the server.  My friends had weird passwords of course, one guy had his girlfriends name, another had his favourite sport mentioned, and another friend literally had his whole phone number as his password.  I made jokes about it and kept the whole tone of the presentation humorous.   This talk wasn't very technical, but it was my first time and this was an actual experience. Hopefully, next time my talk is a technical one, where I teach the audience something I le

Long time since I wrote a blog post, but things happened. I graduated from University with a degree in Information Science. I interned in 3 different companies since getting certified in CEH and CCNA. I also did huge projects in the final year of college. I had around 200 applications over 2 months and 7 interviews. After being rejected and ghosted numerous times I got a few interviews. 5 of which didn't go so well. Either I wasn't qualified or they didn't think I had enough experience. Fortunately,  the last 2 interviews went extremely well and I got a job offer from BOTH companies! Company 1 is a big Networking company where I where the job was being a part of the Incident Response team and Company 2 is mid-size education software provider. Company 2 had 1 other security person, and I would be person 2, which would have been a great opportunity to learn and grow with. I took a few days and talked to a bunch of people in my family and even posted on Reddit to get advice on

I'm in the final semester of my degree and my project is something I've been thinking about for a while. I want to solve a problem, so I formed a team and now the project we are planning on creating is "DDoS Detection". We want to create an app which detects DDoS attacks and stop them live. I haven't really started doing much, but first thing I want to do is get datasets. I will search online for datasets on DDoS attacks. My mentor mentioned that I could create a virtual network in VirtualBox and simulate different types of attacks with some programs I can find online. That sounds pretty interesting and I'm going to do some research and find out if thats something I can do.   2 of my teammates are also helping me write code, we plan on using Python and a machine learning library, mostly Keras, to train the model and learn patterns. Lets see how it goes.

Bandit Levels Levels 0-14 Levels 14-25 Levels 25-33 Please use Ctrl+F to find your desired Level. Level 0 Bandit Level 0 Level Goal The goal of this level is for you to log into the game using SSH. The host to which you need to connect is bandit.labs.overthewire.org, on port 2220. The username is bandit0 and the password is bandit0. Once logged in, go to the Level 1 page to find out how to beat Level 1. Commands you may need to solve this level 2/31 ssh kali@kali:~$ ssh bandit0@172.9.9.176 -p 2220 password: bandit0 Level 0 -> Level 1 Level Goal The password for the next level is stored in a file called readme located in the home directory. Use this password to log into bandit1 using SSH. Whenever you find a password for a level, use SSH (on port 2220) to log into that level and continue the game. Commands you may need to solve this level ls, cd, cat, file, du, find Password for next level: boJ9jbbUNNfktd78OOpsqOltutMc3MY1 Level 1 -> Level 2 Level Goal The password for the next le

On July 10th I passed the CEH with 105/125 questions right and this is the write up to the exam and certification. I got really interested in the CEH because it was a well known certification and the syllabus really interested me. I also had a ton of recommendations online and from people in this industry saying that the CEH was a really good beginner level security certification. Details about the exam and course: I bought the course from the EC-Council website. There are certain requirements if you want to take this certification. You should either have 2 years experience or buy their online iClass to attempt the exam. As I did not have the required experience I bought the online course. The EC-Council website and how everything works with them is very confusing and I got very confused at times. But thankfully, the customer support answered all my questions and guided me through the buying process and the registration. The course costs $1100 USD in India but I bought the course durin

A few days ago I took my attempt for the CEH and passed with 105/125 questions right. Which is 84%! I'm really happy. I have been studying for the CEH for around 3-4 months. It is a moderately easy certification and I have have learnt a lot. Write-up coming soon! Thanks for reading! AZID

I passed the CCNA last year and I've seen this question asked a lot. So here's your answer. CCNA has little to do with Security and Security related beginner certifications like the Security+ and the CEH are better for Security related roles. But, to understand a lot of stuff in security you need a thorough understanding of networking concepts. You could just learn all of it for free on the internet, but certifications show a recruiter that you understand it and have been tested. Also, it looks really good on your resume. You will learn networking concepts that will help you when you start concentrating on Security. Topics like OSI layers and protocols, TCP/IP Model, TCP, UDP, IPv4, IPv6, ARP, DHCP, DNS,  MAC, Encryption, SSH, Telnet, FTP, NAT, SNMP, Routing and Switching protocols(OSPF, RIP, BGP etc). You will also learn key concepts in network security and general security like WiFi security protocols, ARP and DHCP attacks, threats, vulnerabilities, port securit