offsec training post 1

So this past weekend I started the Offensive Security Training course, Penetration Testing with Kali Linux, and so far so good. The course material was downloaded without any issues, but the VM took a little bit. I was able to get everything that first night though, and tested my connection to the lab environment, which worked without a single issue. Yeah!

Pentesting with Kali

The material is well done. Easy to follow,  and understand. I have gone through the first third so far at least once, a good chunk of it twice, and a some sections many more times. I have been taking notes as i go through material, so I can have steps and testing ideas handy when I hit the lab. This leads me to go back and repeat things, once or twice.

You might be able to tell that I have not been able to tackle anything in the lab just yet, other than testing my connection. I wanted to go through a good portion of the material first, and “sharpen my axe” so to speak. I did spend a large chunk of time with the external OSINT. I wanted to gather as much as I could externally, before getting started internally. This gave me some possible information I might be able to use in the lab environment. Maybe giving me some ideas of where I should first swing at the tree.

Their was a good portion of this weekend spent playing puzzles, or cars, or something with my daughter as well. Plus, chores, like laundry, shopping, and what not. I have the week off from work to really dig into the materials starting this morning, so we will see if I can pick up the pace a little. (I already this morning do not see much success with this, as my chat client is already exploding. Honestly had forgotten to turn it off. crap) Anyway,

Let me tackle that, and Get started on my course again!

DFIR 004 – Another set of questions……


After mulling it over for a while, though, I realized that the entire process really boiled down to a set of questions that the analyst needs to have answers for.

  1. Was this an actual attack?
  2. Was the attack successful?
  3. What other assets were also compromised?
  4. What activities did the attacker carry out?
  5. How should my organization respond to this attack?

end quote: