As mentioned in my previous article, I participated in a CTF competition. Part of that CTF competition included OSINT (Open-Source Intelligence) and penetration testing exercises. Today, I want to discuss penetration testing 101 in a CTF environment. Pre-engagement Pentesting in the real world starts with the pre-engagement phase. This phase involves engaging with the client to find out their goals, scope of work, etc. It's different in a CTF environment. Some CTF will give you the …
Blog
My CTF Experience
Our Information Security Office (ISO) hosted its first-ever capture the flag (CTF) event recently during the Cybersecurity & Privacy Festival. The CTF was open to all staff for a whole week from 10/19 - 10/23. It was engaging, educational, exhausting, frustrating, and infuriating. In this post, I want to share my CTF experience. I will also include some information about the challenges and my thought process. Bonus: I incorporated a mini-CTF. I encourage you to try it out! View …
Optimizing HSRP timers
A few weeks ago, I wrote an article about attacking HSRP (Hot Standby Redundancy Protocol) and how to defend it from such attacks. Today, I'm going to discuss how to optimize HSRP timers. You may ask, why bother optimizing HSRP timers? One of the main reasons is to provide a better user experience in the case of failure. HSRP timers There are two timers that you can manipulate to optimize HSRP. The first one is the hello time. The hello time is the interval in seconds or …
Passed Azure Fundamentals
Yesterday, I passed the Azure Fundamentals (AZ-900) exam. It's my first Microsoft and cloud certification. I didn't plan for Azure to be my first cloud certification, but things don't always go according to plan. View this post on Instagram A post shared by Andrew Roderos (@andrewroderos) on Sep 14, 2020 at 2:59pm PDT The main reason Azure became my first cloud certification was because of a free exam voucher that I received. My colleague informed me that …
Attacking HSRP
Back in the day, the Cisco Press books only covered the Hot Standby Router Protocol (HSRP) topic in the professional-level track. When I did a quick search on CCNA books, I found out that they covered it in CCNA R&S ICND2 200-105 OCG* and the new CCNA 200-301 OCG, Vol 2* books. Both books, however, didn't cover the security vulnerability of such minimal configuration. Thus, attacking HSRP is possible. This post contains affiliate links. If you use these links to buy …