Recently, I passed the AZ-500 exam and obtained “Azure Security Engineer Associate”. Today, I would like to share how did I prepare for the exam and hope this will benefit you for your preparation. The AZ-500 covers a wide range of security technologies in Azure. Here is a break down…

Since I passed the eCTHPv2 from eLearnSecurity, I would like to do a review of my experience with the training itself. The eCTHPV2 (Certified Threat Hunting Professional) covers a wide range of topics in the threat hunting domain. The course is divided into three modules. The first module focus on…

In this post, we will explore the Pass-The-Hash attack, Token Impersonation attack, Kerberoasting attack, Mimikatz attack, and Golden ticket attack in an AD environment. If you haven’t set up the lab yet, follow Part One and Part Two to get your lab setup. Pass The Hash Attack The Pass-The-Hash attack essentially is an attack…

In part three of the AD attack lab series, we will learn how to use BloodHound and PowerView to enumerate the domain once you gain a foothold on the network. …

In part two of the AD attack lab series, we will learn how to perform LLMNR poisoning, SMB relay, and IPv6 attack against the AD environment. If you do not have the AD environment set up yet, you can go to the “AD attack lab part one” and follow the…

Since I finished my “x86 Assembly Language and Shellcoding on Linux”, formerly known as SLAE32, I would like to do a review on the course itself to give you a better idea of whether you should take this course and the certificate exam challenge. The SLAE32 is one of the…

Preparation What you need for this lab: At least 16GB RAM, if you do not have, you might experience some performance issue VMware Workstation (Player should be fine but I used Pro 15.5) Windows Server 2019 (Standard should be fine but I used Datacenter) Windows 10 (2x) (Pro should be fine…

About a month ago, I become an Associate of (ISC)². Today, I want to share a little bit about my experience with the CISSP exam itself. Apparently, the CISSP exam covers eight different domains, they are: Security and Risk Management Asset Security Security Architecture and Engineering Communication and Network Security …

About a month ago, I passed my Blue Team Level 1 (BTL1) exam from Security Blue Team (SBT). I would like to share a little bit of my experience with the training itself. The Blue Team Level 1(BTL1) certificate is one of the few blue teams training out there aimed…