Sandeep Kasturi

  Today, we will be covering all the resources needed that help individuals with getting started in cybersecurity. We will be looking into many educational resources available for and from the community. This is the first blog post in the educational series, I will be coming up with more blog posts covering various topics like building home labs, write-ups of various Capture-The-Flag ( CTF ) topics, and more content. Check out the CTF resources from my previous blog —  https://5kasturi.medium.com/capture-the-flag-challenges-infosec-training-2267aa1971cd First and foremost, always try to take advantage of FREE content available on the internet and learn as much as you can before moving to paid subscriptions or spending money on expensive training. Some of my favorite go-to resources for learning are blog posts by Black Hills Information Security, SANS, Active Counter Measures, and various news feed sources ingested into my news feed app —  Feedly . I always spend a few minutes every...

  SEC560: Enterprise Penetration Testing In this blogpost I am going to share my experience with SANS GPEN ( SEC560: Enterprise Penetration Testing ) class and exam. Training When it comes to SANS training courses, they are not cheap. I signed up for the Live in-person session in May and the class is led by Tim Medin. The class training lasted for 6 days ( Monday — Saturday ), 5 days of class with hands on labs and 6th day is Capture the Flag with the class members in teams. During training we will learn about different types of Pentests, how to scope a Pentest, Reconnaissance, Initial Access, Persistence, Password Cracking, Command and Control Frameworks, Lateral Movement, Pivoting, Domain Enumeration, Azure Cloud. Topics and Tools at a glance Nmap, NSE, Massscan, Hydra, Metasploit, Sliver, Empire, Ghostpack’s Seatbelt, Bloodhound, Mimikatz, John the Ripper, Hashcat, Responder, Impacket, Kerberos attacks, Azure, Azure AD, and Ngrok. Exam Preparation I started preparing Index...