Information Security

Passed GCIH

11/30/2021 by Andrew Roderos Leave a Comment

I recently passed the GCIH (GIAC Certified Incident Handler) certification exam with a score of 99%. I did not expect such a high score because my practice tests scores were 89% and 92%. I did, however, aim to get at least 90% to be part of the GIAC Advisory Board. While it is an impressive score, I think getting a high score on any certification exam is all about your preparation. Folks familiar with GIAC exams know that it is an open book format. That includes your notes or any cheat …

[Read more...] about Passed GCIH

Exploiting PrintNightmare

07/11/2021 by Andrew Roderos Leave a Comment

I am pretty sure that everyone in IT has heard of PrintNightmare (CVE-2021-1675) by now. Most, if not all, of the organizations, have installed KB5004947. However, that patch comes with caveats. On Friday, my colleague, who created the Kaos Corp CTF scenario, reached out to me to let me know that I can exploit the PrintNightmare vulnerability with his test VM, running Windows 2019 Server with the patch. I ran into a few obstacles, so I decided to build a VM locally …

Kaos Corp: Habanero

06/17/2021 by Andrew Roderos Leave a Comment

As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a hostname of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology techniques to advance …

Passed eJPT

05/30/2021 by Andrew Roderos Leave a Comment

On Friday, I passed the eJPT certification exam. Since then, I've had a few people asked me about my experience. Instead of answering them one by one, I decided to write a post about my preparation and exam experience. Related: Passed eJPTv2 Cert info According to this security certification roadmap, this cert is a tad higher than CompTIA PenTest+. If I had to speculate on why it's rated higher than PenTest+, it's probably because this cert is 100% practical. Sure, it's a …

[Read more...] about Passed eJPT

Defending against SSH brute force attacks

01/11/2021 by Andrew Roderos Leave a Comment

I was a victim of SSH brute force attacks, which I covered here. As a result, I discovered a great solution without using SSH keys. As another layer of security, I added two-factor authentication to my server. A few years ago, I wondered if there was a solution in Cisco IOS. I discovered a security feature called login enhancements or login block. Let's look at how it can help defend from SSH brute force attacks by enabling this feature. What is login block? It is a Cisco …