Personal Development Report

Table of contents

• Personal Development Report

  • First report

    • Introduction

  • LO1 the security expert

    • Blue Team

  • Learning tasks

  • Research & development tasks

  • Professional application tasks

  • Custom tasks

    • Red team

  • Learning tasks

  • Research & development tasks

  • Professional application tasks

  • Custom tasks

    • Forensics

  • Learning tasks

  • Research & development tasks

  • Professional application tasks

  • LO2 the innovator

  • LO3 the security professional

First report

Introduction

LO1 the security expert

• a definition and summary of your personal expertise as defined in detail in your learning plan.

For Cyber Security, I consider my T to be wide and deep(haha). It is deep because of my experience and knowledge of networking systems. And it is wide due to my practical experience with both blue and red teaming. I’ve participated in a lot of HackTheBox machines and I’ve cracked multiple of them. I have experience working in a Security Operation Center during my internship at Tu/E as a SoC analyst/engineer. I’ve also set up & maintained secure networks in medium size enterprise environment as an IT engineer.

• overview and status of your personal learning activities and references to results in your showcase portfolio.

See the red team, blue team & forensics pages

Blue Team

Learning tasks

Task summary	Category	Duration	Requirement	Status
Follow workshops related to blue teaming	T	0.5day	Must	Progr
Take part of Red v Blue team event	T+N	1day	Must	Open
Expand IDS knowledge(Zeek & Suricata)	T	2days	Must	Progr
Try monitoring techniques (netflow, flow monitoring)	T	1-2days	Must	Progr
Try out SIEM and dashboarding (i.e Elastic Stack)	T	2days	Must	Progr
Learn reverse engineering and apply to malware	T	2-3days	Should	Open
Blue-team visit a local building and document findings	N	1day	Should	Open
Set up and experiment with a Web Application Firewall	T	1day	Should	Open
Set up vulnerability scanning with OpenVAS	T	1day	Should	Progr

Research & development tasks

Task summary	Category	Duration	Requirement	Status
Visit the infosecurity.nl convention	R	1day	Should	Progr
Visit seminars related to SIEM/CERT and make a blogpost	R	1day	Should	Open
Organize or join a session to analyze a vuln.	R	1-2days	Should	Open
Setup a SoC and a SIEM with a registration system	R+T	5days	Should	Progr
Setup a malware analysis lab for static and dynamic	R+T	5days	Could	Open

Professional application tasks

Task summary	Category	Duration	Requirement	Status
Define threat use cases	N+P	1day	Must	Open
Develop and tune an IDS sensor for an operational env.	R+T	3days	Must	Progr
Set up security monitoring(IDS,logging,SIEM,dashboard)	R+P+T	5days	Must	Progr
Set up vuln.scan in an operational network with OpenVAS	R+N+P	2days	Must	Progr
Set up a register system for triage, analysis, priority	R+N+P	2days	Should	Progr
Run security monitoring on an operation env.	P+T+N	2-4days	Must	Progr
Report a security incident in an operational env.	N+P	1day	Could	Progr

Custom tasks

Task summary	Category	Duration	Requirement	Status
Setting this server up	T	1day	Must	Open
Set up reverse proxy using NGINX	T	1day	Must	Open
Provision servers with certbot SSL	T	1day	Must	Open
Implement a secure password manager	T/N/R/P	1day	Should	Open
Implement sensor monitoring like Zabbix/Nagios/PRTG	T	1day	Should	Open
More will follow in the future	T/N/R/P	0day	Must	Open

---

Red team

Learning tasks

Task summary	Category	Duration	Requirement	Status
Follow the workshops related to hacking & red team	T	0.5day	Should	Done
Study pen testing methodologies and practices	T+P	2days	Must	Progr
Take part of the Red v. Blue team	T+N	1days	Must	Open
Own one of the Linux based machines on Htb	T+N	2-3days	Must	Progr
Own one of the Windows based machines on Htb	T+N	2-3days	Must	Open
Learn how reverse engineering works	T	2-3days	Should	Open
Pick a lock	T	1day	Should	Done
Experiment with phishing tools in a contained lab	T	1day	Should	Open
Visit building with a red team perspective	N	1day	Should	Open
Learn how cryptography works	T	2-3days	Could	Open

Research & development tasks

Task summary	Category	Duration	Requirement	Status
Visit seminars related to developments in red team	R	1day	Should	Progr.
Organize/join a session to analyze new vuln.	T+P	2days	Must	Open
Set-up environment for pen testing and red teaming.	T	2days	Must	Done
Develop a dropbox that can be used in red team	R+T	3days	Should	Open
Research covert channels and set-up one	R+T	2days	Should	Progr
Research typical and known vulnerabilities in cloud	R+T	2-3days	Should	Open

Professional application tasks

Task summary	Category	Duration	Requirement	Status
Acquire Red-team pentest with a PiE and report	P+T+N	4days	Must	Progr.
Perform a pen-test on a shippable product	P+T+N	2days	Must	Open
Perform a test on a site with responsible discl.	P+T+N	2days	Must	Open
Perform vuln. analysis on IoT & report findings	P+T+N	3days	Should	Open

Custom tasks

Task summary	Category	Duration	Requirement	Status
HackTheBox CTF to introduce beginners	N	1day	Must	Done
Assemble HackTheBox Avengers Group	T+N	1day	Must	Done
Pentest this site	T	1day	Must	Open
More will follow in the future	T/N/P/R	0day	.	Open

Forensics

Learning tasks

Task summary	Category	Duration	Requirement
Follow workshops related to digital forensics	T	0.5day	Should
Study forensic methodologies and practices	N	1day	Must
Work out forensic challenges	T	1-3days	Must
Write a forensic report on a complex case	N+P	2days	Must
Study typical forensics cases	T	2days	Must

Research & development tasks

Task summary	Category	Duration	Requirement
Visit digital forensic conferences/seminars	R	1day	Should
Organize/join a session to analyze a new vuln.	T+P	1-2days	Should
Set up your personal toolbox environments	R+T	2days	Must
Learn how cryptography works	R+T	2-3days	Should

Professional application tasks

Task summary	Category	Duration	Requirement
Get digital forensic assignments or a realistic case	P+T+N	4days	Must
Perform malware analysis	P+T+N	4days	Must
Analyse, design and implement forensics	P+T+N	2days	Must
Learn how cryptography works	R+T	2-3days	Should
Perform forensic analysis on a new device or technology	P+T+N	3days	Must

• summary and reflection on the technical specialist tasks (LO1a) and the non-technical aspects (LO1b) of you personal specialism.

I think I need to do more work on non-technical aspects such as settings up the legal side of a pentest. I’ve currently been doing mostly technical aspects with a small mix of non-technical. For example:

• Giving a workshop related to Hack The Box (an intro workshop)

• Hosting Hack the Box CTF’s every Tuesday at 14:30, with attendees ranging from 4 to 8 people

• Giving a demonstration into my Security Onion setup during a Logging workshop by Stefan

• conclusions on your development as a security expert.

What have I learned this month? I’ve expanded my Red team knowledge, and have established a better understanding of certain tooling. I’ve learned more about the law relating to correspondence. I’ve setup a blue team environment again, which I can use to test certain things.

LO2 the innovator

• an elaboration on the project setting, research approach and how you helped defining this with pre-research and contributions to the research plan.

For my project group I’ve assisted in every category that is within our scope (blue team, red team) and have also done work in organizational pieces. Brainstorming about topics that are within the scope, and the expansion of said scope. I’ve setup the first pieces of the research, and also established main research questions and subquestions. I laid the foundation for the blue team research, and have told my other project members how they should shape their research. I’ve setup the planning board, and have helped the scrum master to prepare certain new issues and work items related to those.

• the research & development activities that you worked on in the project, related to the diverse research strategies.

So for one of my researches I’ve compiled a list of blue team SoC/SIEM solutions that fit the demand of our customer. (High availability, open source, etc.). And based on this list I’ve begun prototyping a couple of the mentioned tools to test their efficacy and decide if they have enough merit to be used in the project.

• your contributions to communication with and to stakeholders (interviews, meetings, presentations, reporting, etc.)

During our first customer meeting I was in charge with asking the interview questions-but before hand I’ve also setup most of the questions. I’ve also taken initiative to discuss certain subjects.

• your contributions to the transfer of the project (final project products, project delivery) and research transfer (articles etc., research symposium).

This is a very good question to ask first month into the project (read: sarcasm)

• conclusions on your development as an innovator.

I could do more on the organizational side. Keep the planning up to date, stuff like that.

LO3 the security professional

• an evaluation of your project skills based on peer assessments and feedback from coach, stakeholders and other externals.

Discuss technical detail in meetings where that isn’t needed. And also speaking more on behalf the entire group instead of myself (i.e. don’t say I created this, but we created this).

People like the initiative around hosting Hack the Box events; I assume most of my project members are very happy to have me in the group because I take lead quite often.

• an overview and evaluation of the products and your contributions to professional writing.

See this entire portfolio for examples.

• an overview and evaluation of your communication activities such as presenting, interviewing, relation management, consultancy.

I’ve given demo’s, I’ve given workshops even. I’ve held an interview as the main asker of questions.

• an overview and evaluation of ethical aspects, analysis, dilemma’s and discussions and your approach and conclusions.

Alright so this is a hot topic but during one of the ethical workshops given in the first few weeks of the semester by Ron - a subject was mentioned which triggered me. He mentioned how a lot of black hats were eventually invited to work at the company they hacked into. He gave examples of such people, and I felt like it was over-gloryfying this path. Consider the perspective of being a teacher giving a workshop about Ethics - who then proceeds to glorify the bad side of the law, justifying their actions by explaining that they often get job offers from prestigious institutes. And then to give this workshop to a class of cyber security students. It blew my mind, and I had a discussion with Ron about this after the workshop was concluded and he claimed it wasn’t his intention to come off like that. He then challenged me to come up with ethical subjects he thought I think would be interesting.

So I gave that challenge some thought and here are some interesting (according to me) philosophical ethical questions:

• Bribery:

You have to ask someone for how much money someone would retire. (Probably between 5 to 10 million)

Then ask them if they would do anything morally corrupt to be able to retire right away.

• Family:

Say your parents have a webshop, and you discover a data leak on this website. You are legally obligated to inform the authorities. You’ll likely want to close the data leak and inform the customers - or will you report it right away and distance yourself from the situation?

Essentially would you snitch on your family.

• Friends & more:

The privacy of correspondence is pretty wide. What would you do if you catch your partner reading your phone without permission? If it’s a message from your family I’m sure you wouldn’t mind… but.. what if they were reading something from your work? Something you’ve signed NDAs for to be able to read in the first place.

• an overview and evaluation of your intercultural competence and experiences during the semester.

I’ve spoken with international students during this semester during workshops. But I haven’t drank any Swiss coffee with foreign exchange students or anything like that–what the hell is this point about.

• conclusions on your development as a security professional.

I’m quite ambitious, so if given the opportunity I will likely jump on it. I’m constantly looking out for new challenges within the security field - and want to prove myself to be true to the profession. Though I do need to expand into bits that are out of the scope of the workshops and define my own challenges. I will focus more on that during the next part of the semester.

• final conclusions on your learning outcomes with a critical reflection of your learning.

I think the progress I’m making on my learning outcomes is positive. It could always be more, but as I’m setting up the framework of my security hub I feel that I’m getting closer to the end goal. Security is on my mind day in and out.