Dell Optiplex 9010 & VMWare ESXi 6.5

Recently work upgraded a number of staff machines to the latest Dell workstations. My manager organised for much of the surplus hardware to be made available for sale to us, should we wish to purchase it, and it was also priced very well given it was 2 – 3 year old hardware.

I was especially interested as I enjoyed working on that workstation and it always had plenty of grunt to run a few VM’s while I was working (often I’d have a Kali VM and a Debian VM running) in addition to two copies of Visual Studio with both of them debugging, but it was now out of warranty and as big organisations often do, they replaced it. I put my hand up to purchase the hardware, without instantly having a use for it, but knowing it was still fast and had been ultra reliable.

Continue reading Dell Optiplex 9010 & VMWare ESXi 6.5

PWK/OSCP – Stack Buffer Overflow Practice

When I started PWK, I initially only signed up for 1 month access. I was putting in a huge amount of time in the labs, learning what I thought would be enough to get through the exam, without completing the buffer overflow section of the exam.

I was scared of buffer overflows, all that hex and assembly, shellcode, memory addresses, endianness… I tried to skip it.

Continue reading PWK/OSCP – Stack Buffer Overflow Practice

OSCP Exam – Preparation, Exam Day & Report Day

In December 2016 I set the goal of achieving the OSCP certification by the end of June 2017. I have been in a development role at my current employer for 8 years – they’ve been incredibly good to me and I love working there – but I want to move into more of a security focussed role so I figured I would need a serious certification to achieve this. I’d love to stay with the employer I am with, and our current security team has said my skillset is such that I compliment their skills, and would be great to assist our other developers with security.

This week I achieved that goal!

Continue reading OSCP Exam – Preparation, Exam Day & Report Day

Red Team Engagements

I just LOVE this video! It’s coverage of RedTeam Security doing a Red Team engagement on a small US Power Company.

This has completely confirmed my desire to move into a hands-on white-hat penetration testing career (having spent the past 15 years as a developer and sysadmin), and it was a major driver for me to start doing CTF challenges before I get into doing the Offensive Security Certified Professional certificate, via the Pentesting with Kali course.