Andrew Roderos

Networking and Security

Main Content

Hi, I’m Andrew Roderos

A network security engineer in the San Francisco Bay Area.
This site is where I talk about tech-related topics like networking and security.

Read the blog

VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

If you follow me on Instagram or Twitter, then you know that I recently installed VMware ESXi on Intel NUC 10 (Frost Canyon). It will join the existing hosts in my VMware ESXi home lab that I assembled in 2012 and 2016. While these hosts are old, they're still useful for what they currently do. Eventually, I'm going to repurpose the ESXi 2012 build and will talk about it in a future article. The ESXi 2016 build will continue to host my current virtual servers and future …

Read More about VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

Passed GCIA

I recently passed the GCIA (GIAC Certified Intrusion Analyst) certification exam, and I wanted to share my experience. As a follower, you may remember that I scored almost perfect on my GCIH exam. With this exam, however, I scored nowhere near it, and I am okay with that. Exam information The exam has the following format: 106 questions (including CyberLive)4 hours68% passing scoreMultiple-choice and single-answerYou can skip questions (up to 10 if I remember correctly)You can …

Read More about Passed GCIA

Attacking Cisco IOS Device

Cisco IOS-related CVEs get announced consistently, but we will not be exploring any of those in this article. I will, however, demonstrate that attacking a Cisco IOS device is possible with SNMP misconfiguration. If interested, I covered another attack on a Cisco IOS device running HSRP here. I included this exercise on our Paradise Lost: Red Team versus Blue Team event during our CyberFest 2021. Unfortunately, only the blue team members touched this node. The red team focused on …

Read More about Attacking Cisco IOS device

Penetration Testing 101 – CTF Edition

As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you …

Read More about Penetration Testing 101 – CTF Edition