Once again, I deleted the old content. It's not something I felt like writing about and this site is tied to my primary web identity, so repurposing is to be expected. The new purpose is to document my experience and growth in network programming, vulnerability and exploitation learning, Python experiments, and penetration testing.
The first point to bring up about the redesign is that I have gone with a simple design of the site. I know I'm not hosting my own site. Maybe I will at some point, but not today or anytime in the plans coming up. White background, black text, archives on the right and some profile info for you should be enough. In fact, I enjoy it when I find a place that simple that has valid information for me. I don't have to dig through their design decisions to find the information I'm looking for. It leaves me looking at their content and manner of style in the writing - the meat of the site. And I like good meat.
Next up is my training/education that I've been going through. At the current time, I am in my second to last semester for my undergrad degree in Business Administration/Major in Computer Information Systems/Emphasis in Information Assurance and Computer Security. The program looks awesome and I'm sure it works well for many people, but I want to learn more. Abstract concepts of computing security don't make a system secure. How can you defend information and resources if you don't know how the protection schemes work? In this vein, I am learning about penetration testing. I played around with metasploit for a bit and felt comfortable moving around in the console, but really didn't understand what was going on; metasploit is automation with my current understanding. From there, I went to https://pentesterlab.com/bootcamp/ and started their program.
Week 1 and 2 were easy. Setup linux - I chose Debian 7 because I had never used Debian(Ubuntu doesn't count for me) - relearn the basics of python including basic syntax, classes, strings, files, etc. I played around with it a few years ago and went through a primer about a month and a half ago to remind me of how the language works. After this, I setup apache2 over both HTTP and HTTPS(SSL), wrote a client for HTTP through the python socket and httplib libraries. Setting up HTTPS was sort of a pain because I had to learn about openssl and it just didn't make sense. I wrote up a post about it explaining what I learned and what problems I had, but never posted it because I wanted to redo the site. This was a few weeks ago. Then I went through basic PHP(feels a lot like C++) and MySQL connecting to each other and got stuck on writing an SSL over HTTP client. The python docs just didn't make sense and I felt like I was getting nowhere over a week of trying to do it, so the focus shifted to learning and practicing in python.
Enter Violent Python. This book is meant to teach python libraries that are useful in the "breaking" aspect of computing. Right now, I'm in chapter 2 - Penetration Testing that covers Pexpect, ftplib, python-nmap, and some interaction with metasploit as well as other topics. My goal is to finish going through the book and understanding the libraries presented and the logic behind the code. Once I have finished that, I'm going to play around with pylibnet and pylibpcap to learn about injecting packets/segments/frames onto the network to solidify my understanding on networking. From there, I want to continue the pentestinglab.com bootcamp and move on from there.
A mouthful? Just a bit. I'll try to keep this up to date with what I learn and examples of how it works.
No comments:
Post a Comment