**************************** Personal Development Report **************************** .. contents:: Table of contents First report ^^^^^^^^^^^^^ Introduction ============= LO1 the security expert ^^^^^^^^^^^^^^^^^^^^^^^^^^ - a definition and summary of your personal expertise as defined in detail in your learning plan. | For Cyber Security, I consider my T to be wide and deep(haha). It is deep because of my experience and knowledge of networking systems. And it is wide due to my practical experience with both blue and red teaming. I’ve participated in a lot of HackTheBox machines and I’ve cracked multiple of them. I have experience working in a Security Operation Center during my internship at Tu/E as a SoC analyst/engineer. I’ve also set up & maintained secure networks in medium size enterprise environment as an IT engineer. - overview and status of your personal learning activities and references to results in your showcase portfolio. | See the red team, blue team & forensics pages Blue Team ========== Learning tasks ^^^^^^^^^^^^^^^ +--------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +========================================================+==========+==========+=============+========+ | Follow workshops related to blue teaming | T | 0.5day | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Take part of Red v Blue team event | T+N | 1day | Must | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Expand IDS knowledge(Zeek & Suricata) | T | 2days | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Try monitoring techniques (netflow, flow monitoring) | T | 1-2days | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Try out SIEM and dashboarding (i.e Elastic Stack) | T | 2days | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Learn reverse engineering and apply to malware | T | 2-3days | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Blue-team visit a local building and document findings | N | 1day | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Set up and experiment with a Web Application Firewall | T | 1day | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Set up vulnerability scanning with OpenVAS | T | 1day | Should | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ Research & development tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +---------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +=========================================================+==========+==========+=============+========+ | Visit the infosecurity.nl convention | R | 1day | Should | Progr | +---------------------------------------------------------+----------+----------+-------------+--------+ | Visit seminars related to SIEM/CERT and make a blogpost | R | 1day | Should | Open | +---------------------------------------------------------+----------+----------+-------------+--------+ | Organize or join a session to analyze a vuln. | R | 1-2days | Should | Open | +---------------------------------------------------------+----------+----------+-------------+--------+ | Setup a SoC and a SIEM with a registration system | R+T | 5days | Should | Progr | +---------------------------------------------------------+----------+----------+-------------+--------+ | Setup a malware analysis lab for static and dynamic | R+T | 5days | Could | Open | +---------------------------------------------------------+----------+----------+-------------+--------+ Professional application tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Define threat use cases | N+P | 1day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Develop and tune an IDS sensor for an operational env. | R+T | 3days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up security monitoring(IDS,logging,SIEM,dashboard) | R+P+T | 5days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up vuln.scan in an operational network with OpenVAS | R+N+P | 2days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up a register system for triage, analysis, priority | R+N+P | 2days | Should | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Run security monitoring on an operation env. | P+T+N | 2-4days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Report a security incident in an operational env. | N+P | 1day | Could | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ Custom tasks ^^^^^^^^^^^^^^^ +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Setting this server up | T | 1day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up reverse proxy using NGINX | T | 1day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Provision servers with certbot SSL | T | 1day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Implement a secure password manager | T/N/R/P | 1day | Should | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Implement sensor monitoring like Zabbix/Nagios/PRTG | T | 1day | Should | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | More will follow in the future | T/N/R/P | 0day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ ------------ Red team =========== Learning tasks ^^^^^^^^^^^^^^^ +----------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +====================================================+==========+==========+=============+========+ | Follow the workshops related to hacking & red team | T | 0.5day | Should | Done | +----------------------------------------------------+----------+----------+-------------+--------+ | Study pen testing methodologies and practices | T+P | 2days | Must | Progr | +----------------------------------------------------+----------+----------+-------------+--------+ | Take part of the Red v. Blue team | T+N | 1days | Must | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Own one of the Linux based machines on Htb | T+N | 2-3days | Must | Progr | +----------------------------------------------------+----------+----------+-------------+--------+ | Own one of the Windows based machines on Htb | T+N | 2-3days | Must | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Learn how reverse engineering works | T | 2-3days | Should | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Pick a lock | T | 1day | Should | Done | +----------------------------------------------------+----------+----------+-------------+--------+ | Experiment with phishing tools in a contained lab | T | 1day | Should | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Visit building with a red team perspective | N | 1day | Should | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Learn how cryptography works | T | 2-3days | Could | Open | +----------------------------------------------------+----------+----------+-------------+--------+ Research & development tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +-----------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +=====================================================+==========+==========+=============+========+ | Visit seminars related to developments in red team | R | 1day | Should | Progr. | +-----------------------------------------------------+----------+----------+-------------+--------+ | Organize/join a session to analyze new vuln. | T+P | 2days | Must | Open | +-----------------------------------------------------+----------+----------+-------------+--------+ | Set-up environment for pen testing and red teaming. | T | 2days | Must | Done | +-----------------------------------------------------+----------+----------+-------------+--------+ | Develop a dropbox that can be used in red team | R+T | 3days | Should | Open | +-----------------------------------------------------+----------+----------+-------------+--------+ | Research covert channels and set-up one | R+T | 2days | Should | Progr | +-----------------------------------------------------+----------+----------+-------------+--------+ | Research typical and known vulnerabilities in cloud | R+T | 2-3days | Should | Open | +-----------------------------------------------------+----------+----------+-------------+--------+ Professional application tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +---------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +===================================================+==========+==========+=============+========+ | Acquire Red-team pentest with a PiE and report | P+T+N | 4days | Must | Progr. | +---------------------------------------------------+----------+----------+-------------+--------+ | Perform a pen-test on a shippable product | P+T+N | 2days | Must | Open | +---------------------------------------------------+----------+----------+-------------+--------+ | Perform a test on a site with responsible discl. | P+T+N | 2days | Must | Open | +---------------------------------------------------+----------+----------+-------------+--------+ | Perform vuln. analysis on IoT & report findings | P+T+N | 3days | Should | Open | +---------------------------------------------------+----------+----------+-------------+--------+ Custom tasks ^^^^^^^^^^^^^^^ +---------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +=======================================+==========+==========+=============+========+ | HackTheBox CTF to introduce beginners | N | 1day | Must | Done | +---------------------------------------+----------+----------+-------------+--------+ | Assemble HackTheBox Avengers Group | T+N | 1day | Must | Done | +---------------------------------------+----------+----------+-------------+--------+ | Pentest this site | T | 1day | Must | Open | +---------------------------------------+----------+----------+-------------+--------+ | More will follow in the future | T/N/P/R | 0day | . | Open | +---------------------------------------+----------+----------+-------------+--------+ Forensics ========== Learning tasks ^^^^^^^^^^^^^^^ +-----------------------------------------------+----------+----------+-------------+ | Task summary | Category | Duration | Requirement | +===============================================+==========+==========+=============+ | Follow workshops related to digital forensics | T | 0.5day | Should | +-----------------------------------------------+----------+----------+-------------+ | Study forensic methodologies and practices | N | 1day | Must | +-----------------------------------------------+----------+----------+-------------+ | Work out forensic challenges | T | 1-3days | Must | +-----------------------------------------------+----------+----------+-------------+ | Write a forensic report on a complex case | N+P | 2days | Must | +-----------------------------------------------+----------+----------+-------------+ | Study typical forensics cases | T | 2days | Must | +-----------------------------------------------+----------+----------+-------------+ Research & development tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +------------------------------------------------+----------+----------+-------------+ | Task summary | Category | Duration | Requirement | +================================================+==========+==========+=============+ | Visit digital forensic conferences/seminars | R | 1day | Should | +------------------------------------------------+----------+----------+-------------+ | Organize/join a session to analyze a new vuln. | T+P | 1-2days | Should | +------------------------------------------------+----------+----------+-------------+ | Set up your personal toolbox environments | R+T | 2days | Must | +------------------------------------------------+----------+----------+-------------+ | Learn how cryptography works | R+T | 2-3days | Should | +------------------------------------------------+----------+----------+-------------+ Professional application tasks ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +---------------------------------------------------------+----------+----------+-------------+ | Task summary | Category | Duration | Requirement | +=========================================================+==========+==========+=============+ | Get digital forensic assignments or a realistic case | P+T+N | 4days | Must | +---------------------------------------------------------+----------+----------+-------------+ | Perform malware analysis | P+T+N | 4days | Must | +---------------------------------------------------------+----------+----------+-------------+ | Analyse, design and implement forensics | P+T+N | 2days | Must | +---------------------------------------------------------+----------+----------+-------------+ | Learn how cryptography works | R+T | 2-3days | Should | +---------------------------------------------------------+----------+----------+-------------+ | Perform forensic analysis on a new device or technology | P+T+N | 3days | Must | +---------------------------------------------------------+----------+----------+-------------+ - summary and reflection on the technical specialist tasks (LO1a) and the non-technical aspects (LO1b) of you personal specialism. | I think I need to do more work on non-technical aspects such as settings up the legal side of a pentest. I've currently been doing mostly technical aspects with a small mix of non-technical. For example: - Giving a workshop related to Hack The Box (an intro workshop) - Hosting Hack the Box CTF's every Tuesday at 14:30, with attendees ranging from 4 to 8 people - Giving a demonstration into my Security Onion setup during a Logging workshop by Stefan - conclusions on your development as a security expert. | What have I learned this month? I've expanded my Red team knowledge, and have established a better understanding of certain tooling. I've learned more about the law relating to correspondence. I've setup a blue team environment again, which I can use to test certain things. LO2 the innovator ^^^^^^^^^^^^^^^^^^^ - an elaboration on the project setting, research approach and how you helped defining this with pre-research and contributions to the research plan. | For my project group I've assisted in every category that is within our scope (blue team, red team) and have also done work in organizational pieces. Brainstorming about topics that are within the scope, and the expansion of said scope. I've setup the first pieces of the research, and also established main research questions and subquestions. I laid the foundation for the blue team research, and have told my other project members how they should shape their research. I've setup the planning board, and have helped the scrum master to prepare certain new issues and work items related to those. - the research & development activities that you worked on in the project, related to the diverse research strategies. | So for one of my researches I've compiled a list of blue team SoC/SIEM solutions that fit the demand of our customer. (High availability, open source, etc.). And based on this list I've begun prototyping a couple of the mentioned tools to test their efficacy and decide if they have enough merit to be used in the project. - your contributions to communication with and to stakeholders (interviews, meetings, presentations, reporting, etc.) | During our first customer meeting I was in charge with asking the interview questions-but before hand I've also setup most of the questions. I've also taken initiative to discuss certain subjects. - your contributions to the transfer of the project (final project products, project delivery) and research transfer (articles etc., research symposium). | This is a very good question to ask first month into the project (read: sarcasm) - conclusions on your development as an innovator. | I could do more on the organizational side. Keep the planning up to date, stuff like that. LO3 the security professional ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ - an evaluation of your project skills based on peer assessments and feedback from coach, stakeholders and other externals. | Discuss technical detail in meetings where that isn't needed. And also speaking more on behalf the entire group instead of myself (i.e. don't say I created this, but we created this). | People like the initiative around hosting Hack the Box events; I assume most of my project members are very happy to have me in the group because I take lead quite often. - an overview and evaluation of the products and your contributions to professional writing. | See this entire portfolio for examples. - an overview and evaluation of your communication activities such as presenting, interviewing, relation management, consultancy. | I've given demo's, I've given workshops even. I've held an interview as the main asker of questions. - an overview and evaluation of ethical aspects, analysis, dilemma's and discussions and your approach and conclusions. | Alright so this is a hot topic but during one of the ethical workshops given in the first few weeks of the semester by Ron - a subject was mentioned which triggered me. He mentioned how a lot of black hats were eventually invited to work at the company they hacked into. He gave examples of such people, and I felt like it was over-gloryfying this path. Consider the perspective of being a teacher giving a workshop about Ethics - who then proceeds to glorify the bad side of the law, justifying their actions by explaining that they often get job offers from prestigious institutes. And then to give this workshop to a class of cyber security students. It blew my mind, and I had a discussion with Ron about this after the workshop was concluded and he claimed it wasn't his intention to come off like that. He then challenged me to come up with ethical subjects he thought I think would be interesting. | So I gave that challenge some thought and here are some interesting (according to me) philosophical ethical questions: - Bribery: | You have to ask someone for how much money someone would retire. (Probably between 5 to 10 million) | Then ask them if they would do anything morally corrupt to be able to retire right away. - Family: | Say your parents have a webshop, and you discover a data leak on this website. You are legally obligated to inform the authorities. You'll likely want to close the data leak and inform the customers - or will you report it right away and distance yourself from the situation? | Essentially would you snitch on your family. - Friends & more: | The privacy of correspondence is pretty wide. What would you do if you catch your partner reading your phone without permission? If it's a message from your family I'm sure you wouldn't mind... but.. what if they were reading something from your work? Something you've signed NDAs for to be able to read in the first place. - an overview and evaluation of your intercultural competence and experiences during the semester. | I've spoken with international students during this semester during workshops. But I haven't drank any Swiss coffee with foreign exchange students or anything like that--what the hell is this point about. - conclusions on your development as a security professional. | I'm quite ambitious, so if given the opportunity I will likely jump on it. I'm constantly looking out for new challenges within the security field - and want to prove myself to be true to the profession. Though I do need to expand into bits that are out of the scope of the workshops and define my own challenges. I will focus more on that during the next part of the semester. - final conclusions on your learning outcomes with a critical reflection of your learning. | I think the progress I'm making on my learning outcomes is positive. It could always be more, but as I'm setting up the framework of my security hub I feel that I'm getting closer to the end goal. Security is on my mind day in and out.