Andrew Roderos

Networking and Security

Main Content

Hi, I’m Andrew Roderos

A network security engineer in the San Francisco Bay Area.
This site is where I talk about tech-related topics like networking and security.

Read the blog

VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

If you follow me on Instagram or Twitter, then you know that I recently installed VMware ESXi on Intel NUC 10 (Frost Canyon). It will join the existing hosts in my VMware ESXi home lab that I assembled in 2012 and 2016. While these hosts are old, they're still useful for what they currently do. Eventually, I'm going to repurpose the ESXi 2012 build and will talk about it in a future article. The ESXi 2016 build will continue to host my current virtual servers and future …

Read More about VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

Passed GCIH

I recently passed the GCIH (GIAC Certified Incident Handler) certification exam with a score of 99%. I did not expect such a high score because my practice tests scores were 89% and 92%. I did, however, aim to get at least 90% to be part of the GIAC Advisory Board. While it is an impressive score, I think getting a high score on any certification exam is all about your preparation. Folks familiar with GIAC exams know that it is an open book format. That includes your notes or any cheat …

Read More about Passed GCIH

Attacking Cisco IOS Device

Cisco IOS-related CVEs get announced consistently, but we will not be exploring any of those in this article. I will, however, demonstrate that attacking a Cisco IOS device is possible with SNMP misconfiguration. If interested, I covered another attack on a Cisco IOS device running HSRP here. I included this exercise on our Paradise Lost: Red Team versus Blue Team event during our CyberFest 2021. Unfortunately, only the blue team members touched this node. The red team focused on …

Read More about Attacking Cisco IOS device

Penetration Testing 101 – CTF Edition

As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you …

Read More about Penetration Testing 101 – CTF Edition