Personal Learning Plan Part 1

Table of Contents

• Personal Learning Plan Part 1

  • Introduction

  • Part 2

    • Intro: What are your learning goals (as defined in your personal learning plan).

    • Blue team

  • Learning tasks

  • Research & development tasks

  • Professional application tasks

  • Custom tasks

    • Red team

  • Research & development tasks

  • Professional application tasks

---

Introduction

Part 2

Intro: What are your learning goals (as defined in your personal learning plan).

The facts:

• What are your finished, running, and planned learning activities?

Blue team

Learning tasks

Task summary	Category	Duration	Requirement	Status
Follow workshops related to blue teaming	T	0.5day	Must	Done
Take part of Red v Blue team event	T+N	1day	Must	Open
Expand IDS knowledge(Zeek & Suricata)	T	2days	Must	Progr
Try monitoring techniques (netflow, flow monitoring)	T	1-2days	Must	Progr
Try out SIEM and dashboarding (i.e Elastic Stack)	T	2days	Must	Progr
Learn reverse engineering and apply to malware	T	2-3days	Should	Open
Blue-team visit a local building and document findings	N	1day	Should	Open
Set up and experiment with a Web Application Firewall	T	1day	Should	Open
Set up vulnerability scanning with OpenVAS	T	1day	Should	Progr

Research & development tasks

Task summary	Category	Duration	Requirement	Status
Visit the infosecurity.nl convention	R	1day	Should	Cancel
Visit seminars related to SIEM/CERT and make a blogpost	R	1day	Should	Open
Organize or join a session to analyze a vuln.	R	1-2days	Should	Open
Setup a SoC and a SIEM with a registration system	R+T	5days	Should	Progr
Setup a malware analysis lab for static and dynamic	R+T	5days	Could	Progr

Professional application tasks

Task summary	Category	Duration	Requirement	Status
Define threat use cases	N+P	1day	Must	Open
Develop and tune an IDS sensor for an operational env.	R+T	3days	Must	Progr
Set up security monitoring(IDS,logging,SIEM,dashboard)	R+P+T	5days	Must	Progr
Set up vuln.scan in an operational network with OpenVAS	R+N+P	2days	Must	Progr
Set up a register system for triage, analysis, priority	R+N+P	2days	Should	Progr
Run security monitoring on an operation env.	P+T+N	2-4days	Must	Progr
Report a security incident in an operational env.	N+P	1day	Could	Open

Custom tasks

Task summary	Category	Duration	Requirement	Status
Setting this server up	T	1day	Must	Done
Set up reverse proxy using NGINX	T	1day	Must	Done
Provision servers with certbot SSL	T	1day	Must	Done
Implement a secure password manager	T/N/R/P	1day	Should	Progr
Implement sensor monitoring like Zabbix/Nagios/PRTG	T	1day	Should	Progr
More will follow in the future	T/N/R/P	0day	Must	Open

Red team

Task summary	Category	Duration	Requirement	Status
Follow the workshops related to hacking & red team	T	0.5day	Should	Done
Study pen testing methodologies and practices	T+P	2days	Must	Progr
Take part of the Red v. Blue team	T+N	1days	Must	Open
Own one of the Linux based machines on Htb	T+N	14 days	Must	Done
Own one of the Windows based machines on Htb	T+N	2-3days	Must	Progr
Learn how reverse engineering works	T	2-3days	Should	Open
Pick a lock	T	1day	Should	Done
Experiment with phishing tools in a contained lab	T	1day	Should	Progr
Visit building with a red team perspective	N	1day	Should	Open
Learn how cryptography works	T	2-3days	Could	Open

Research & development tasks

Task summary	Category	Duration	Requirement	Status
Visit seminars related to developments in red team	R	1day	Should	Progr.
Organize/join a session to analyze new vuln.	T+P	2days	Must	Open
Set-up environment for pen testing and red teaming.	T	2days	Must	Done
Develop a dropbox that can be used in red team	R+T	3days	Should	Open
Research covert channels and set-up one	R+T	2days	Should	Progr
Research typical and known vulnerabilities in cloud	R+T	2-3days	Should	Open

Professional application tasks

Task summary	Category	Duration	Requirement	Status
Acquire Red-team pentest with a PiE and report	P+T+N	4days	Must	Progr.
Perform a pen-test on a shippable product	P+T+N	2days	Must	Progr.
Perform a test on a site with responsible discl.	P+T+N	2days	Must	Open
Perform vuln. analysis on IoT & report findings	P+T+N	3days	Should	Open

What tasks and responsibilities do you have in the project: research, development, professional skills?

• Research

  • I have a global overview of all the things that need to be done within our research framework and regularly guide and give people tasks. Furthermore I’ve been responsible for the SoC research

• Development

  • I think the majority of the development relies on me; as I usually (after discussing it and verbalizing my thoughts to the group) carry out tasks that tie the project together

• Professional skills

  • I’ve been a self-appointed project leader since the beginning with the assistance of Tom as well. It’s been a bit rocky, and there’s room for improvement but – it has been pretty smooth sailing up until now.

What products do you have for the finished activities (personal learning, project work, professional skills)?

Task summary	Category	Duration	Requirement	Status
Follow workshops related to blue teaming	T	0.5day	Must	Done
Setting this server up	T	1day	Must	Done
Set up reverse proxy using NGINX	T	1day	Must	Done
Provision servers with certbot SSL	T	1day	Must	Done
Follow the workshops related to hacking & red team	T	0.5day	Should	Done
Own one of the Linux based machines on Htb	T+N	14 days	Must	Done
Pick a lock	T	1day	Should	Done
Set-up environment for pen testing and red teaming.	T	2days	Must	Done

How can you show for the completeness and quality of your work?

• My work is shown on this documentation system; in it I’ve shown (through the Linux HtB) taking a very methodoligical approach

Give a short impression of your portfolio and PDR that demonstrates your work and evaluations.

• 4. Own one of the Linux based machines on Htb
  • Introduction
  • Lets get right into it
  • Reconnaisance
  • Exploitation
  • Recon.. again..
  • Back to exploitation
  • Python
  • Recon
  • A few days later..
  • API key acquired
  • Pivot
  • Second foothold
  • Understanding the env.
  • Credentials
  • User flag
  • Root exploitation
  • Root flag
  • Conclusion

What did your learning and project tasks bring you in relation to your learning goals?

• Most of the tasks described in my learning plan correlated with features the project required - such as setting up a SoC; I used the PoC for my own SoC as a PoC in the project and that worked well

What are your strengths according to group members, teachers, client, stake holders, or other externals involved.

• Group members:

  • The common thought in my group is that I bring/am:

    • Good ideas

    • Creative ideas

    • Hard working

    • Solution driven

  • But also…

    • Involve the rest of the group better

    • When speaking on behalf of the group use ‘we’ instead of I (i.e. when describing the completion of a task)

What critical aspects do you see for yourself, based on feedback and personal evaluation.

• I think I’m very chaotic to work with; and that may not suit everyone

• I also feel a great deal of ownership concerning certain tasks, so much so that I forget that it often is a group effort

How do search for balance in technical learning, non-technical aspects, and professional skills?

• Conclusions and Advice:

  • What conclusions can you give on your learning thus far and the plan for second half of the semester?

    • Find order in the chaos and continue challenge yourself(myself)

  • Any advice to yourself or to us?

    • More guest lectures/workshops,

    • Workshop about the darknet

    • Workshop more about the legal side of cyber/ i.e. when are things clearly illegal