******************************* Personal Learning Plan Part 1 ******************************* .. contents:: Table of Contents ---------- Introduction -------------- Part 2 --------- Intro: What are your learning goals (as defined in your personal learning plan). ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | The facts: - What are your finished, running, and planned learning activities? Blue team ~~~~~~~~~~~~ Learning tasks --------------- +--------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +========================================================+==========+==========+=============+========+ | Follow workshops related to blue teaming | T | 0.5day | Must | Done | +--------------------------------------------------------+----------+----------+-------------+--------+ | Take part of Red v Blue team event | T+N | 1day | Must | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Expand IDS knowledge(Zeek & Suricata) | T | 2days | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Try monitoring techniques (netflow, flow monitoring) | T | 1-2days | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Try out SIEM and dashboarding (i.e Elastic Stack) | T | 2days | Must | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ | Learn reverse engineering and apply to malware | T | 2-3days | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Blue-team visit a local building and document findings | N | 1day | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Set up and experiment with a Web Application Firewall | T | 1day | Should | Open | +--------------------------------------------------------+----------+----------+-------------+--------+ | Set up vulnerability scanning with OpenVAS | T | 1day | Should | Progr | +--------------------------------------------------------+----------+----------+-------------+--------+ Research & development tasks ----------------------------- +---------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +=========================================================+==========+==========+=============+========+ | Visit the infosecurity.nl convention | R | 1day | Should | Cancel | +---------------------------------------------------------+----------+----------+-------------+--------+ | Visit seminars related to SIEM/CERT and make a blogpost | R | 1day | Should | Open | +---------------------------------------------------------+----------+----------+-------------+--------+ | Organize or join a session to analyze a vuln. | R | 1-2days | Should | Open | +---------------------------------------------------------+----------+----------+-------------+--------+ | Setup a SoC and a SIEM with a registration system | R+T | 5days | Should | Progr | +---------------------------------------------------------+----------+----------+-------------+--------+ | Setup a malware analysis lab for static and dynamic | R+T | 5days | Could | Progr | +---------------------------------------------------------+----------+----------+-------------+--------+ Professional application tasks ------------------------------- +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Define threat use cases | N+P | 1day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ | Develop and tune an IDS sensor for an operational env. | R+T | 3days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up security monitoring(IDS,logging,SIEM,dashboard) | R+P+T | 5days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up vuln.scan in an operational network with OpenVAS | R+N+P | 2days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up a register system for triage, analysis, priority | R+N+P | 2days | Should | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Run security monitoring on an operation env. | P+T+N | 2-4days | Must | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Report a security incident in an operational env. | N+P | 1day | Could | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ Custom tasks ------------- +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Setting this server up | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up reverse proxy using NGINX | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Provision servers with certbot SSL | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Implement a secure password manager | T/N/R/P | 1day | Should | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | Implement sensor monitoring like Zabbix/Nagios/PRTG | T | 1day | Should | Progr | +----------------------------------------------------------+----------+----------+-------------+--------+ | More will follow in the future | T/N/R/P | 0day | Must | Open | +----------------------------------------------------------+----------+----------+-------------+--------+ Red team ~~~~~~~~~ +----------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +====================================================+==========+==========+=============+========+ | Follow the workshops related to hacking & red team | T | 0.5day | Should | Done | +----------------------------------------------------+----------+----------+-------------+--------+ | Study pen testing methodologies and practices | T+P | 2days | Must | Progr | +----------------------------------------------------+----------+----------+-------------+--------+ | Take part of the Red v. Blue team | T+N | 1days | Must | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Own one of the Linux based machines on Htb | T+N | 14 days | Must | Done | +----------------------------------------------------+----------+----------+-------------+--------+ | Own one of the Windows based machines on Htb | T+N | 2-3days | Must | Progr | +----------------------------------------------------+----------+----------+-------------+--------+ | Learn how reverse engineering works | T | 2-3days | Should | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Pick a lock | T | 1day | Should | Done | +----------------------------------------------------+----------+----------+-------------+--------+ | Experiment with phishing tools in a contained lab | T | 1day | Should | Progr | +----------------------------------------------------+----------+----------+-------------+--------+ | Visit building with a red team perspective | N | 1day | Should | Open | +----------------------------------------------------+----------+----------+-------------+--------+ | Learn how cryptography works | T | 2-3days | Could | Open | +----------------------------------------------------+----------+----------+-------------+--------+ Research & development tasks ----------------------------- +-----------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +=====================================================+==========+==========+=============+========+ | Visit seminars related to developments in red team | R | 1day | Should | Progr. | +-----------------------------------------------------+----------+----------+-------------+--------+ | Organize/join a session to analyze new vuln. | T+P | 2days | Must | Open | +-----------------------------------------------------+----------+----------+-------------+--------+ | Set-up environment for pen testing and red teaming. | T | 2days | Must | Done | +-----------------------------------------------------+----------+----------+-------------+--------+ | Develop a dropbox that can be used in red team | R+T | 3days | Should | Open | +-----------------------------------------------------+----------+----------+-------------+--------+ | Research covert channels and set-up one | R+T | 2days | Should | Progr | +-----------------------------------------------------+----------+----------+-------------+--------+ | Research typical and known vulnerabilities in cloud | R+T | 2-3days | Should | Open | +-----------------------------------------------------+----------+----------+-------------+--------+ Professional application tasks ------------------------------- +---------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +===================================================+==========+==========+=============+========+ | Acquire Red-team pentest with a PiE and report | P+T+N | 4days | Must | Progr. | +---------------------------------------------------+----------+----------+-------------+--------+ | Perform a pen-test on a shippable product | P+T+N | 2days | Must | Progr. | +---------------------------------------------------+----------+----------+-------------+--------+ | Perform a test on a site with responsible discl. | P+T+N | 2days | Must | Open | +---------------------------------------------------+----------+----------+-------------+--------+ | Perform vuln. analysis on IoT & report findings | P+T+N | 3days | Should | Open | +---------------------------------------------------+----------+----------+-------------+--------+ | What tasks and responsibilities do you have in the project: research, development, professional skills? - Research - I have a global overview of all the things that need to be done within our research framework and regularly guide and give people tasks. Furthermore I've been responsible for the SoC research - Development - I think the majority of the development relies on me; as I usually (after discussing it and verbalizing my thoughts to the group) carry out tasks that tie the project together - Professional skills - I've been a self-appointed project leader since the beginning with the assistance of Tom as well. It's been a bit rocky, and there's room for improvement but -- it has been pretty smooth sailing up until now. | What products do you have for the finished activities (personal learning, project work, professional skills)? +----------------------------------------------------------+----------+----------+-------------+--------+ | Task summary | Category | Duration | Requirement | Status | +==========================================================+==========+==========+=============+========+ | Follow workshops related to blue teaming | T | 0.5day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Setting this server up | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set up reverse proxy using NGINX | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Provision servers with certbot SSL | T | 1day | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Follow the workshops related to hacking & red team | T | 0.5day | Should | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Own one of the Linux based machines on Htb | T+N | 14 days | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Pick a lock | T | 1day | Should | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | Set-up environment for pen testing and red teaming. | T | 2days | Must | Done | +----------------------------------------------------------+----------+----------+-------------+--------+ | How can you show for the completeness and quality of your work? - My work is shown on this documentation system; in it I've shown (through the Linux HtB) taking a very methodoligical approach | Give a short impression of your portfolio and PDR that demonstrates your work and evaluations. .. toctree:: :maxdepth: 2 learning/redteam/ownlinux | What did your learning and project tasks bring you in relation to your learning goals? - Most of the tasks described in my learning plan correlated with features the project required - such as setting up a SoC; I used the PoC for my own SoC as a PoC in the project and that worked well | What are your strengths according to group members, teachers, client, stake holders, or other externals involved. - Group members: - The common thought in my group is that I bring/am: - Good ideas - Creative ideas - Hard working - Solution driven - But also... - Involve the rest of the group better - When speaking on behalf of the group use 'we' instead of I (i.e. when describing the completion of a task) | What critical aspects do you see for yourself, based on feedback and personal evaluation. - I think I'm very chaotic to work with; and that may not suit everyone - I also feel a great deal of ownership concerning certain tasks, so much so that I forget that it often is a group effort | How do search for balance in technical learning, non-technical aspects, and professional skills? - Conclusions and Advice: - What conclusions can you give on your learning thus far and the plan for second half of the semester? - Find order in the chaos and continue challenge yourself(myself) - Any advice to yourself or to us? - More guest lectures/workshops, - Workshop about the darknet - Workshop more about the legal side of cyber/ i.e. when are things clearly illegal