Progress Updates (OSCP Journey, Projects, and More!)

It’s been a minute since I’ve had any traction on the development side of the house. For the past few months I have been working full time as an “Information Security Analyst”. By the title this may sound like a typical SOC analyst doing typical SOC things. Well while I would have no complaints there, I am both pleased, and overwhelmed to inform you that it is not that simple. Hence, my stunted personal progress in some areas.

Really my progress hasn’t been “stunted” so much as it has shifted around my schedule so much that I have had to revaluate my priorities in regards to what I would like to accomplish in my free time. You see, despite my title, I essentially lead the entire “InfoSec” department at my current employer. This means I do compliance (ew), penetration testing, vulnerability management, DFIR, etc…

While this may sound flashy (or maybe crazy for some of you seasoned infosec veterans out there), and in the future hopefully it will be, this is actually simply the product of hard work, timing, and opportunity. The organization I work for is fairly new and fairly small, as a result my position was a “right place, right time” sort of happening. Things are going fantastic, and my career growth is exploding. That’s the good news.

The bad news, really isn’t bad news. It’s just that with impact of the responsibility in my current role, most days when I come home I focus my attention to either a new project, or resting. Some of you may have noticed a few new youtube videos here and there as part of my OSCP Journey series, as well as some murmurings bubbling up from my github of a new project or two. I wanted to address these items via my blog that I have so dearly neglected, as well as address things I spoke about in past blog posts.

Let’s start with the OSCP Journey Series:

Simply put, it’s going great, but timing is a bit lack luster. What I mean by that is originally it was my goal to start my OSCP officially sometime in November 2018. Unfortunately, I haven’t been able to make the progress necessary to warrant that time frame. This has been mostly due to various holidays, weddings, family events, etc… all the general life family things that can come up out of nowhere. So, I currently have no idea when I will officially start my OSCP, but I do know what my current status is, and what is coming up next for my youtube series regarding this topic. That’s what I want to share in this article.

Current Status:

• Page 218 in “Hacking: The Art of Exploitation”
  • I’m reading this book cover to cover before I am allowed to move foward on my OSCP. Currently I am in the Networks section and I am making steady progress. I hope to be done with the book by the end of November at the latest, but we will see.
• Preparing to take the eJPT and eventually the eCPPT as well
  • These are both slightly easier penetration testing certifications from eLearnSecurity that are still hands on and provide fantastic practical knowledge. I say easier because the eJPT is going to be a piece of cake for me as some one who is an established penetration tester professionally. The eCPPT will be a bit more of a challenge, but it is far less restrictive than the OSCP, and provides a much larger amount of time to complete. I’d like to snag these certs as a way of practice and preparation. I don’t think I need or really want these certs in general, but I do think it’ll fantastic practice to be under the pressure of a practical test to get my mind in the right place coming to the OSCP. Besides, work is paying, and a few extra certs never hurt anyone ;).

Next Steps:

• Protostar VM Challenges/Buffer Overflow Videos for OSCP Journey Series
  • This is the whole reason I am reading AoE now. I intend to make some videos with some reversing/exploit development challenges to share what I’ve learned.

Next Let’s Talk Projects

I am long overdue on a few things that need to get done in the space of my open source projects. However, to distract myself I keep getting involved in new projects (yay overdoing it!). With that I have taken some time to plan out what I want to work on over the next few months and into next year. This will hopefully be solid indicator of what to expect within the next year, and as always you can checkout the Projects page at https://injecti0n.org in order to get a current status on a particular project. However, it should be noted that just because a project is “in-progress” and has a status on the site, does NOT mean that it is being worked on actively. I’m sure that is obvious by now, but it’s not like my user base is crazy so it’s really just me noticing myself slacking.

With that said here are the projects that WILL get updated/completed in 2018-2019:

• gfys (New hotness stay on the lookout)
• OpenVPNConnect (Official WiFi Pineapple module, have a few long overdue issues to improve on)
• Propane KoTH (Definitely getting a front end rewrite and some new features, might get a full rewrite in golang)
• Injection Site (Will finally get off of shared hosting and onto GH Pages after a few kinks get resolved)
• AutoBlue (Will get some script enhancements and integrate with the rest of the “Eternal Family”)

Now those items are in no particular order of priority, although I will say OpenVPNConnect and gfys are the first two things that will be completed. Injection Site will likely follow, but based on any competitions or events Propane could easily take the lead there. So really besides the first two, it’ll be a mix up between the rest based on what my current predicament is when I move to the next project.

With that, stay tuned!

— 3ndG4me (Casey Erdmann)