As mentioned in my previous article, our first internal CTF included an offensive security category called Kaos Corp. Since there are multiple hosts in the environment, it's better to break it into a series. In this article, we will concentrate on the host with a hostname of Habanero. Scenario You are a security lead at a renowned University directly supporting the prestigious Scoville Lab. It is a research institute focused on leveraging unprecedented biotechnology techniques to advance …
InfoSec
Passed eJPT
On Friday, I passed the eJPT certification exam. Since then, I've had a few people asked me about my experience. Instead of answering them one by one, I decided to write a post about my preparation and exam experience. Related: Passed eJPTv2 Cert info According to this security certification roadmap, this cert is a tad higher than CompTIA PenTest+. If I had to speculate on why it's rated higher than PenTest+, it's probably because this cert is 100% practical. Sure, it's a …
Defending against SSH brute force attacks
I was a victim of SSH brute force attacks, which I covered here. As a result, I discovered a great solution without using SSH keys. As another layer of security, I added two-factor authentication to my server. A few years ago, I wondered if there was a solution in Cisco IOS. I discovered a security feature called login enhancements or login block. Let's look at how it can help defend from SSH brute force attacks by enabling this feature. What is login block? It is a Cisco …
[Read more...] about Defending against SSH brute force attacks
Securing Cisco IOS passwords
Over the years, Cisco has made improvements in storing passwords in the configuration file. As a result, securing Cisco IOS passwords is part of my checklist when hardening Cisco-based network infrastructure for clients. This article also appeared on Art of Network Engineering. History Cisco IOS has always had the option to store passwords in cleartext in the configuration file. As you and I both know, storing passwords in the configuration file is a big no-no. That said, …
My CTF Experience
Our Information Security Office (ISO) hosted its first-ever capture the flag (CTF) event recently during the Cybersecurity & Privacy Festival. The CTF was open to all staff for a whole week from 10/19 - 10/23. It was engaging, educational, exhausting, frustrating, and infuriating. In this post, I want to share my CTF experience. I will also include some information about the challenges and my thought process. Bonus: I incorporated a mini-CTF. I encourage you to try it out! View …