Status Update: Still Alive
In what seems to be a common refrain in my life, my dreams and aspirations for this blog may have been a bit loftier than I was capable of executing. That said, I do definitely still want to revisit this idea of the "Windows Pen Test" that was part of my learning experience. I think what I realized as I was studying was that my desire to work through the material and keep learning eventually getting to the point of sitting for a test was overwhelming my want to sit on the Windows topic for weeks to make the in-depth blog that I envisioned making.
So what have I been up to since the summer where I last updated? I've been working at grinding away at my study resources since then, and hopefully there will soon be a payoff for the work. As usual, there's a fair share of headaches in between. When I kicked this blog off, I had been plugging away at the Practical Ethical Hacking course from TCM. The course was great, as all of them have been so far, and I was really enjoying the learning. I've been using Obsidian MD as my note-taking application of choice, and it has been great. The one catch I didn't realize at the time was that since I would sometimes use my work laptop to study and make notes from coffee shops, Windows Defender was doing a pretty solid job in the background of securing my notes...by blowing away any notes in the app that looked malicious. When you're taking notes about buffer overflows, malicious python code and reverse shell scripts, it turns out that there is a lot of things found to be potentially malicious which Defender will promptly blow away.
This meant after getting to the end of the PEH course and going back, confused as to why I didn't take notes on something, I found my answer. I had taken notes...and Defender had protected me from my notes by blowing away entire chunks of them. So the fix was to sadly remove Obsidian from my work laptop and go back to re-watch and re-type about half of my notes from the start. That was the initial derailment, and since then I've just been grinding away, working through the Windows Privilege Escalation course and then recently wrapping up the Linux Privilege Escalation course as well. I got so into the studying and practice that I've completely forgotten about updating and maintaining the blog, which itself is a bit of a bummer.
But, there is some good news to that. The good news is that I finally scheduled an exam, which is the PNPT from TCM. I've been having an internal debate on which certification to sit for, and while the reputation and credibility that comes with the OSCP was tempting for someone wanting to break into the penetration testing field, it seems like a better "baby step" to start at the PNPT to make sure I was confident in my abilities before making the significant financial leap into the OSCP. So my current plan is to take the PNPT at the end of April, and with any luck, pass that on the first try (another massive advantage to the PNPT, outside of the less compact time frame was the free make up exam). If I can knock that out, I figure I'll take a month to relax and take a bit of a break before diving back into studying, at which point I will most likely be signing up for the OSCP to get something that's likely to be a bit more of an asset in terms of applications and the ever important need to jam your foot in the door in HR departments and get the AI overlords to see you in a pile of applicants.
I think in the hopeful down time after the PNPT, I will hopefully be able to write a quick write-up about my experience, should anyone stumble onto this blog looking for tips, and that's when I'm hoping to complete this little "Windows Pen Test" walkthrough that I still think would be a really enjoyable set of posts to throw together.
As a non-security or computer related update on life, things are going pretty well. One of the few hobbies I manage to find time for, hockey, is going alright. Our team is in the playoffs (which is all but impossible to not be when you're in a 5-team league) and with any luck, I'll be back home in time to play in the Championship game this coming weekend.
Take care of yourselves and each other! Until next time.