Andrew Roderos

Networking and Security

Main Content

Hi, I’m Andrew Roderos

A network security engineer in the San Francisco Bay Area.
This site is where I talk about tech-related topics like networking and security.

Read the blog

VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

If you follow me on Instagram or Twitter, then you know that I recently installed VMware ESXi on Intel NUC 10 (Frost Canyon). It will join the existing hosts in my VMware ESXi home lab that I assembled in 2012 and 2016. While these hosts are old, they're still useful for what they currently do. Eventually, I'm going to repurpose the ESXi 2012 build and will talk about it in a future article. The ESXi 2016 build will continue to host my current virtual servers and future …

Read More about VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

eJPTv2

Today, I submitted my eJPTv2 beta exam for review. Per INE, it will take about two to three months to review everyone's exam submission. During this time, they will also decide if they want to tweak the exam based on the feedback. Related: Passed eJPT Exam format For obvious reasons, I cannot disclose any of the questions I saw on the exam. I can, however, discuss whatever is public knowledge. Without further ado, here is some information about the exam: 35 questions50 hours to …

Read More about eJPTv2 Beta Exam

Attacking Cisco IOS Device

Cisco IOS-related CVEs get announced consistently, but we will not be exploring any of those in this article. I will, however, demonstrate that attacking a Cisco IOS device is possible with SNMP misconfiguration. If interested, I covered another attack on a Cisco IOS device running HSRP here. I included this exercise on our Paradise Lost: Red Team versus Blue Team event during our CyberFest 2021. Unfortunately, only the blue team members touched this node. The red team focused on …

Read More about Attacking Cisco IOS device

Penetration Testing 101 – CTF Edition

As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you the …

Read More about Penetration Testing 101 – CTF Edition