Photo by Vladimir Anikeev on Unsplash

Recently, I passed the AZ-500 exam and obtained “Azure Security Engineer Associate”. Today, I would like to share how did I prepare for the exam and hope this will benefit you for your preparation.

The AZ-500 covers a wide range of security technologies in Azure. Here is a break down of what you required to know in the exam (Be aware of the following breakdown subjected to an update on Jan 27, 2021):

Manage identity and access (30–35%)

Implement platform protection (15–20%)

Manage security operations (25–30%)

Secure data and applications (20–25%)

From the above breakdown, we see the IAM and…

Photo by Nancy Stapler on Unsplash

Since I passed the eCTHPv2 from eLearnSecurity, I would like to do a review of my experience with the training itself.

The eCTHPV2 (Certified Threat Hunting Professional) covers a wide range of topics in the threat hunting domain. The course is divided into three modules. The first module focus on the theoretical side of threat hunting includes but not limited to TTP, Mitre ATTACK, IOC, and tools for collecting IOC. I learned how to utilized Redline and Opensource Threat Intelligence platform to collect IOC. The Second Module of the course focus on network traffic and web shell hunting. I learned…

In this post, we will explore the Pass-The-Hash attack, Token Impersonation attack, Kerberoasting attack, Mimikatz attack, and Golden ticket attack in an AD environment. If you haven’t set up the lab yet, follow Part One and Part Two to get your lab setup.

Pass The Hash Attack

The Pass-The-Hash attack essentially is an attack that allows an attacker who has gained a foothold in a network to pass the dumped NTLM hash around. This usually involves an attacker dumped the victim machines NTLM hash and perform a password spraying attack. Let us see how we can perform this attack in our lab environment.


In part three of the AD attack lab series, we will learn how to use BloodHound and PowerView to enumerate the domain once you gain a foothold on the network. If you haven’t gotten the lab environment setup yet, go to Part One and Part Two to get the AD lab setup.


Head over to one of your Windows 10 Clients. Download the PowerView here. Once the “powerview.ps1” is downloaded, open a terminal, execute “powershell -ep bypass” to enter the PowerShell bypassing execution policy mode, which allows executing any script we want.

Note, I used the old version of the…

Arthur Reeder

In part two of the AD attack lab series, we will learn how to perform LLMNR poisoning, SMB relay, and IPv6 attack against the AD environment. If you do not have the AD environment set up yet, you can go to the “AD attack lab part one” and follow the instruction to set the lab up. Note, I have changed my VMs spec in this lab. Currently, there are 4 VMs, they are Windows Server 2019, Windows 10 (2x), and Kali 2020.3. Each VMs assigned with 1 GB RAM and 1 Processor, and they all use the NAT network. If…

Since I finished my “x86 Assembly Language and Shellcoding on Linux”, formerly known as SLAE32, I would like to do a review on the course itself to give you a better idea of whether you should take this course and the certificate exam challenge.

The SLAE32 is one of the courses offered by Pentester Academy, formerly known as Security Tube, and found by Vivek Ramachandran. The course aims to equip you with the foundational knowledge on x86 assembly language, analysis of the shellcode, and create your own shellcode. The course itself is designed around security. It covers several interesting security…


What you need for this lab:

  • At least 16GB RAM, if you do not have, you might experience some performance issue
  • VMware Workstation (Player should be fine but I used Pro 15.5)
  • Windows Server 2019 (Standard should be fine but I used Datacenter)
  • Windows 10 (2x) (Pro should be fine but I used Education)

Note, in order for the GPO(Group Policy Object) to work on disable the windows defender, I highly suggest you use windows 10 build 1809 or before because the GPO can’t disable windows defender on the newer version. I realized this issue while I was doing this…

Taylor Vick

About a month ago, I become an Associate of (ISC)². Today, I want to share a little bit about my experience with the CISSP exam itself.

Apparently, the CISSP exam covers eight different domains, they are:

  • Security and Risk Management
  • Asset Security
  • Security Architecture and Engineering
  • Communication and Network Security
  • Identity and Access Management (IAM)
  • Security Assessment and Testing
  • Security Operations
  • Software Development Security

Note the domain weight subjected to have a small change in May 2021. Each domain covers a good amount of information you need to understand and know from a high level. As some people say, it…

Christian Wiediger

About a month ago, I passed my Blue Team Level 1 (BTL1) exam from Security Blue Team (SBT). I would like to share a little bit of my experience with the training itself.

The Blue Team Level 1(BTL1) certificate is one of the few blue teams training out there aimed to equip you with the practical skills to work as a SOC analyst. The BTL1 covers the following domains:

* Phishing Analysis

* Threat Hunting

* Digital Forensics

* SIEM (Splunk in this case)

* Incident Response

Each of the domain covers quite a good amount of techniques and tools…

Philipp Katzenberger

Since I passed my OSCP exam last week, I thought it will be helpful to do a writeup to share my experience with how I prepared my OSCP. This writeup will not include any details on the exam nor the PWK lab. Not only it is unethical to do so, but also it breaches the agreement Offensive Security has expected us to follow.

I started my PWK course back in May. Before start my PWK course, I spend 3 months since January on the Virtual Hacking Lab (VHL) and finished all the 41 machines on there. At the very beginning…


Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store