CISSP

CISSP is considered to be the gold standard for cybersecurity. This is one of the highest certs for blue team. This exam is more of a managerial exam and is focused at how cybersecurity threats and risk affects the business. For this exam you will need to know the technical aspects of 8 different domains and how to think like a manager in each domain. 

There is a lot of information to digest for this exam. I started reading the official book for the CISSP but found that it was too much. I ended up just using it as a reference when I needed to learn more about a topic. I found Rob Witcher's Destination Certification YT channel on a mind map for the domains. This was very good at breaking down the information. I took notes with his videos and found that it covered most of the materials. I also used the Destination CISSP Flashcards app for on the go practice. For practice exams, I used Boson. I felt that this was very close to the exam and helped me prepare for the wording used on the exam. Boson is more on the technical side of the questions but it makes sure that you know the topics in the domains. The after test break down is good to see which domains you need to review. Watch this video before the exam to get into the mindset. 

The test is three hours long and up to 150 questions. The test is dynamic so that if you get over a certain percent, it knows that you will pass or fail and will stop the test early. With that said, really focus on the first five to ten questions so that you will have better odds of passing. I passed at question 107 with about 85 minutes left. 

Security+

CompTIA Sec+ is a basic cybersecurity certification that helps you get the necessary foundation so that you can expand on security topics. This is an entry-level security certification and establishes the core knowledge for any cybersecurity role. 

I used mostly Professor Messer materials and videos to pass this exam. He has free YT videos that covers all the materials on the Sec+ exam. I also used his practice exams. I learned all the material from his YT videos and then took his practice tests to help get into the mindset and fill in knowledge gaps. His materials are great and were more than enough for me to pass the exam.

The exam has up to 90 question with about 5 performance based questions with a time limit of 90 minutes. I had 70 questions and 4 were PBQs. I passed with a 809 score at about 60 minutes.

CySA+

CompTIA CySA+ is a intermediate cybersecurity certification that goes more into details on threat analysis, compliance,  and incidence response. This cert shows that you are ready for a SOC or equivalent role. 

For this exam you need to know how to analyze logs and determine what the threat is and how to mitigate it. I suggest googling logs for different systems to get a feel of how to read them. I watched Mike Chapple's CySA+ course on LinkedIn Learning to learn the material for the exam. I also used his practice tests to prepare for the questions on the exam and find knowledge gaps. For some, Mike Chapple's resources will not be and will need to be supplemented with other materials.

The exam has up to 85 questions with performance based questions and a time limit of 165 minutes. I had 80 questions and 6 PBQs. I passed with a score of 795 at about 75 minutes. 

eJPT

eJPT is a great beginner penetration test. It introduces you to a simulated pen test on a company. The test takes you through routing, Metasploit, XSS, and more. See  commands later for more on what you will need to know and what it covers.

The PTS course gives you all the information you need to pass and is free from INE. It gives you a good background on everything you need to know for starting in pen testing. The course also gives you some programming labs in Python, Bash and C++. Programming is not needed on the test. 

You get 3 days to answer 20 multiple choice questions and to pass you need to get at least 15/20 correct. I passed with 19/20 and took about 9 hours to complete. I could have ended the exam with 5 hours but I wanted to practice my skills while I had the time and resources. It was really a fun exam! 

Here are some commands that you will need for the exam:

Routing

ip route add x.x.x.x/x via x.x.x.x

Ping sweep

fping -a -g x.x.x.x/x 2>/dev/null

masscan x.x.x.x/x -p port(s)

nmap -sn x.x.x.x/x

Nmap

nmap -Pn -O host -- OS detection

nmap -sC -sV host -- quick scan

nmap -sC -sV -p- host -- full

nmap -sU -sV host -- UDP

Netcat - Makes connections

nc host port

nc -lvp port -- listens on port given

HTTP verbs

GET, HEAD, PUT, POST, DELETE,OPTIONS

Options

Use OPTIONS to see what verbs are available

nc host 80

OPTIONS / HTTP/1.0

PUT

You can use PUT to upload a shell to the target. You will need to get the size of the file before you can upload it.

wc -m shell.php -- get size of file

size shell.php

-------------------------------

nc host 80

PUT /shell.php

Content-type: text/html

Content-length: size

Dirb - web enumeration

dirb target /wordlist

mysql

mysql -u user -p password -h host

SQLmap

sqlmap -u "http://host" 

Google search

site:

intitle:

inurl:

filetype:

AND, OR,&, |

- --filter

FTP Client

I used FileZilla

XSS

<i> -- to see if vulnerable

Test with <script> alert("Popup")</script>

<script> alert(document.cookie)</script> -- grab cookie

SMB Enumeration

enum4linux -S host -- shows shares

enum4linux -P host -- shows password policy

enum4linux -U host -- shows users

hydra - brute force

hydra -L userslist -P passwordslist host http-form-post "/path=^USER^&password=^PASS^" -- HTTP brute force

hydra -L userslist -P passwordslist ssh://host -- ssh brute force

hydra -L userslist -P passwordslist ftp://host -- ftp brute force

John the Ripper - compares hashes to password values

grab  /etc/passwd and /etc/shadow files from system

unshadow passwd shadow > hashes

john --wordlist=passwordslist hashes 

Metaslpoit

search x

use x

info

show options - shows options for variables

set RHOST -- target

set LHOST -- local host

set COMMAND -- set other variables