Andrew Roderos

Tech Geek

Main Content

Hi, I’m Andrew Roderos

A network security engineer in the San Francisco Bay Area.
This site is where I talk about tech-related topics like networking and security.

VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

If you follow me on Instagram or Twitter, then you know that I recently installed VMware ESXi on Intel NUC 10 (Frost Canyon). It will join the existing hosts in my VMware ESXi home lab that I assembled in 2012 and 2016. While these hosts are old, they're still useful for what they currently do. Eventually, I'm going to repurpose the ESXi 2012 build and will talk about it in a future article. The ESXi 2016 build will continue to host my current virtual servers and future …

Read More about VMware ESXi Home Lab – Intel NUC 10 (Frost Canyon)

Passed eJPT

On Friday, I passed the eJPT certification exam. Since then, I've had a few people asked me about my experience. Instead of answering them one by one, I decided to write a post about my preparation and exam experience. Cert info According to this security certification roadmap, this cert is a tad higher than CompTIA PenTest+. If I had to speculate on why it's rated higher than PenTest+, it's probably because this cert is 100% practical. Sure, it's a multiple-choice certification …

Read More about Passed eJPT

I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …

Read More about Exploiting PrintNightmare

Penetration Testing 101 – CTF Edition

As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you …

Read More about Penetration Testing 101 – CTF Edition