Knowledge, Skills, & Abilities

Throughout my studies I have used multiple Windows Server 2019 servers to run different projects or to do work in lab environments. In my home lab I run a handful of different server platforms.

Solutions: Microsoft Server 2019, Ubuntu Server 20.04, FreeNAS/TrueNAS.

I have experience with different networking equipment from home and small business networks to enterprise level configurations. Have used Cisco’s Packet Tracer to explore network setups and solutions.

Solutions: Cisco, Ubiquiti, TP-Link, PFsense, Linksys, Netgear, Sophos.

I have experience with many virtualization solutions including both type-1 and type-2 hypervisors. I have utilized VMware player, Desktop Pro, ESXi, vSphere, and vCenter. I have also used Microsoft Hyper-V to run virtual environments. I utilize Proxmox in my home lab and do some work with Docker containers.

Solutions: VMware, Microsoft Hyper-V, Microsoft Azure, Proxmox, Docker.

There are many sources of threat intelligence and various Threat Intelligence Platforms available for use.

Solutions: Palo Alto Networks, Anomali ThreatStream, Anomali STAX, MISP, OpenCTI.

Threat Intelligence Feeds: Palo Alto WildFire & Unit42, Federal Partners, AlienVault OTX, and Deloitte.

Penetration testing, also known as “pen testing” or ethical hacking, describes the intentional launching of simulated cyberattacks that seek out exploitable vulnerabilities in computer systems, networks, websites, and applications.

Solutions: Bloodhound, Mimikatz, Rubeus, ADCollector, SharpShares, CrackMapExec, Inveigh, Neo4j, SharpHound, SharpGPOAbuse, PowerSploit, HashCat, John the Ripper

Tactics, Techniques, & Procedures (TTPs): Network Enumeration, DNS Zone Transfers, Password spraying, Bypass AMSI, Kerberoasting, ASREPRoasting, Unquoted Service Paths, Privilege Escalation, Pass-the-hash attacks, Credential "Traps," Abusing unconstrained delegation.

Virtual labs allow students to complete laboratory experiments, exploring concepts online. I have used the following labs to build on my education and knowledge around key cybersecurity concepts and skills.

InfoSec Learning: Infosec’s cloud based, scalable, self-assessing virtual platform and labs are ideal for any school, business, or agency wanting to train and/or assess on any cyber or information security skill.

Cengage Labs: Live Virtual Machine Labs is an interactive learning environment in MindTap course activities where you can practice problem-solving skills, in real time, on live IT systems.

OWASP Juice Shop: OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools. Juice Shop encompasses vulnerabilities from the entire OWASP Top Ten along with many other security flaws found in real-world applications.

OpenDNS Security Ninjas: Security Ninjas is an Application Security Training Program created for our software developers here at OpenDNS. It has helped our developers write more secure code and hence reduced the burden on our security team.

Participants compete in security-themed challenges for the purpose of obtaining the highest score. Competitors are expected to “capture flags” to increase their score. I have participated in the following CTF challenges to build a solid foundation and to continue developing my skill sets.

National Cyber League: The National Cyber League (NCL) is the most inclusive, performance-based, learning-centered collegiate cybersecurity competition today.

Hack The Box: Hack The Box is a massive, online cybersecurity training platform, allowing individuals, companies, universities and all kinds of organizations around the world to level up their hacking skills.

Hack The Box Academy: Cyber security training with hands-on exercises and labs made by Hack The Box.

Try Hack Me: A free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

NIST NICE Challenges: The NICE Challenge Project develops real-world cybersecurity challenges within virtualized business environments that bring students the workforce experience before the workforce. Our goal is to provide the most realistic experiences to students, at-scale year-round.