红队入门_我穿越网络安全红队的硕士证书的旅程

最新推荐文章于 2024-08-11 18:52:57 发布

weixin_26741563

最新推荐文章于 2024-08-11 18:52:57 发布

阅读量816

点赞数

文章标签： https ssl

原文链接：https://medium.com/@kaavyaa121997/my-journey-across-masters-certificate-in-cyber-security-red-team-1fd53295da5d

版权

红队入门

August 26 BY Kaavyaa.A

8月26日，Kaavyaa.A

This is my personal experience with the one-of-a-kind program powered by HackerU, Isreal’s Premier Cyber Security Training Provider and Jigsaw Academy, India’s top-ranked institute for analytics and data science.

这是我个人经历的独一无二的计划，该计划由Isreal的首席网络安全培训提供商HackerU和印度顶级的分析与数据科学研究院Jigsaw Academy共同提供。

HOW IT STARTED?

它是如何开始的？

Recreating technology, understanding electronics, and asking questions like ‘What if’ & ‘Why not” had always challenged me even as a child. As I grew up, I continued to be intrigued by circuits and its relationship to the whole. Television during teen years and mobile phone recently have been subjects of exploration and understanding that led me to believe that formal study of Electronics and Communication Engineering is perhaps my calling. From my childhood, one of the qualities which drove me to this position is my robust zeal which I have possessed right from childhood.

重建技术，理解电子学以及问诸如“如果”和“为什么不”这样的问题，即使在小时候也一直挑战着我。随着我的成长，我继续被电路及其与整体的关系所吸引。青少年时代的电视和近来的移动电话一直是探索和理解的主题，这使我相信对电子和通信工程的正式学习也许是我的要求。从我的童年开始，促使我升任这一职位的一项特质就是我从小就拥有的坚强的热情。

As a child and teenager, I have been mentored and coached by some of the finest teachers who groomed students at the St.Joseph’s convent, Coimbatore, India — which recently celebrated its 25th year. My school, since the days of its Inception, carries the distinction of mentoring wards of caliber some of whom today are successful in the global arena — driven by compassion of our teachers who instill in us a deep sense of commitment at whatever we do — “Discipline and Knowledge” as the school motto has it.

小时候，我曾受到一些最优秀的老师的指导和指导，他们在印度哥印拜陀的圣约瑟夫修道院为学生提供了培训，该修道院最近庆祝了成立25周年。自成立以来，我的学校就一直以口才指导区为特色，其中一些人今天在全球舞台上取得了成功-受我们老师的同情心的驱使，他们对我们所做的一切灌输了深刻的责任感-“ “校训与知识”是学校的座右铭。

I have been consistent since childhood, a strength I owe to my school which encouraged me to take part in various extracurricular activities and a special interest in Art and Craft as my favorites. My commitment to the goal of an electronics and communication engineering degree led me to pursue, seek and gain admission to one of the finest institutions in my home town, KPR Institute of Engineering and Technology — an institution wired to the world from here through a network of distinguished alumni who hold leadership positions at workplaces across the globe.

我从小就一直执着，这是我在学校中的一股力量，这促使我参加了各种课外活动，并特别喜欢美术和手Craft.io作为我的最爱。我对获得电子和通信工程学位的目标的承诺促使我去寻找，寻求并获得了我家乡最好的机构之一KPR工程技术学院-该机构通过网络与世界各地保持联系杰出校友在全球工作场所担任领导职务。

The focus of my interest during the undergraduate program was Cyber security, perhaps stemming from the surroundings I grew up in.

在本科课程期间，我感兴趣的重点是网络安全，这可能是由于我所成长的环境所致。

I’m in my final year of undergraduate study and at the crossroads of deciding on an area of interest in post-graduation. My search has led me to ‘Cyber Security’ which I presume is a relatively new area of focus in the networking domain and would perhaps mature in time, giving me the advantage of being a torchbearer of such concepts at the time I complete my study and excel in the subject.

我正处于本科学习的最后一年，并且正处于决定毕业后感兴趣的领域的十字路口。我的搜索使我进入了“网络安全”，我认为这是网络领域中相对较新的重点领域，并且可能会随着时间的推移而成熟，这给了我在完成学习和学习时成为此类概念的火炬手的优势。在这个主题上表现出色。

Further research led me to believe that the study of cyber security, due to its complexity, both in terms of politics and technology, it is also one of the major challenges of the contemporary world, from theft or damage to their hardware, software or electronic data, as well as from disruption or misdirection of the services they provide.

进一步的研究使我相信，对网络安全的研究，由于其复杂性，无论是在政治上还是技术上，都是当今世界面临的主要挑战之一，无论是盗窃或损坏其硬件，软件或电子产品。数据，以及它们所提供服务的中断或误导。

India is transforming into a country of opportunity, Experts have suggested the setting up of a National Cyber Security Agency (NCSA) to address cyber security issues and improve implementation at a national level. I believe this will allow young engineering student like me to start international security standards and succeed at it. When I was searching for the right university for masters, I came across this course of masters certificate from hackeru, after some discussions I enrolled for the course.

印度正在转变为一个充满机遇的国家，专家建议建立一个国家网络安全机构(NCSA)，以解决网络安全问题并改善在国家一级的实施。我相信，这将使像我这样的年轻工程专业学生能够开始制定国际安全标准并取得成功。当我在寻找合适的大学攻读硕士学位时，我经过了一些讨论，加入了hackeru的硕士学位课程。

I passed out in the year may 2019 and by 2019 November I joined the cybersecurity course. I joined the course quiet late, after two days the course began but then the team did their best and gave me the Learning Management System of HackerU(LMS), so-called Hackampus and I was able to log in the very same day and attend the classes. The course is typically divided into three phases. The very first phase is online for 20 hours and it was taught by Lion Kontorer , he has been leading the offensive security team of hackeru. It went good as lion covered everything right from basics, we also got the recordings of online classes in our LMS account, so we were able to go through it and brush up the topics again. At the end of it, we had an assessment too.

我于2019年5月离职，到2019年11月，我参加了网络安全课程。我很安静地参加了课程，开始了两天后，但是团队尽了全力，给了我HackerU(LMS)的学习管理系统，即所谓的Hackampus，我能够在当天登录并参加类。该课程通常分为三个阶段。第一阶段是在线20个小时，由Lion Kontorer教授，他一直领导hackeru的进攻安全团队。当狮子从基础开始涵盖所有内容时，它的运行情况很好，我们还在LMS帐户中获得了在线课程的录音，因此我们能够进行遍历并重新整理主题。最后，我们也进行了评估。

Then comes phase 2, which was a one-week live-in-person classroom learning. The students who enrolled for this course had been divided into two batches, and I came under batch 2. During our training, we didn’t face any issue and the class went smooth enough and the topics were completed on time by Oleg Karant. Azaz Dobiwala another oscp and networking certified professional helped us when we faced any difficulty during our classes. On the post completion of the course, we had an assessment with eligibility criteria 70% to continue the course further. I successfully crossed that milestone and got my offer letter to the next phase and now I am all set for phase 3.

然后进入第二阶段，这是一个为期一周的现场课堂学习。参加该课程的学生被分为两批，而我属于第二批。在我们的培训期间，我们没有遇到任何问题，课程进行得很顺利，话题由Oleg Karant按时完成。当我们在上课时遇到任何困难时，另一位经oscp和网络认证的专业人员Azaz Dobiwala帮助了我们。课程结束后，我们进行了一项评估，其合格标准为70％，可以继续进行该课程。我成功地跨过了这一里程碑，并将我的录取通知书提交到下一阶段，现在我已经准备好进入第三阶段。

For phase 3 they mingled all the eligible students from batch 1 and 2 and put us together as batch 1 masters certificate class. We were comfortable with the classes as we were familiar with Oleg Karant. We had a bunch of instructors for phase 3. Oleg trained us for Linux fundamentals, windows server administration, and bypassing the perimeter. He gave us enough time to practice and then and there he solved our doubts. Initially, I found it a bit difficult to follow all the concepts because I came from an electronics background. Initially, Istruggled a lot with troubleshooting errors and other issues. At the end of each module, we were given assessments and the 70% cut off was maintained throughout the course.

在第3阶段，他们混合了第1批和第2批中所有合格的学生，并将我们作为第1批硕士证书课程。我们熟悉Oleg Karant时对课程感到满意。在第3阶段，我们有很多教员。Oleg为我们提供了Linux基础知识，Windows服务器管理以及绕过外围方面的培训。他给了我们足够的时间练习，然后在那里解决了我们的疑虑。最初，我发现很难遵循所有概念，因为我来自电子领域。最初，我在解决错误和其他问题时费了很多劲。在每个模块的末尾，我们接受了评估，并且在整个课程中保持了70％的截止时间。

After 4 weeks with Oleg, there came our next instructor Vladi Fidchuk, who was very cheerful and a cool trainer. He taught us Advance Infrastructure which I was very comfortable with and Python for Hacking. I struggled a lot with programming since I had no experience before in programming, throughout the whole python course I struggled. At the end of the class, Vladi motivated me and gave proper feedback about me, which cheered me to carry on with my course further.

在与奥列格(Oleg)在一起的四个星期之后，我们的下一任教练弗拉迪·菲丘克 ( Vladi Fidchuk )变得非常开朗，并且是一位很棒的教练。他教了我们非常熟悉的Advance Infrastructure和Python for Hacking。由于我以前没有编程经验，因此在整个python课程中，我都进行了很多编程工作。在课堂结束时，Vladi激励了我，并给了我适当的反馈意见，这使我为继续进行课程感到高兴。

Later then we had our next instructor Yosi Magor for Web penetration testing and mobile penetration testing (both android and ios). He was the youngest trainer and he was also a security researcher at ebay and instructor at hackeru as well. Then came one of the interesting parts of creating a web page using basic languages like HTML, Java, and CSS. Yosi keeps telling us to think in a lazy way that’s where the real smartness comes in. I found that really inspiring. He laid the foundation for us to learn about bug bounty, his story of becoming a researcher at ebay which was also inspiring. Mobile PT was another playful yet interesting topic. It was fun learning to use mobile in a different way apart from using it for basic purposes.

后来，我们有了下一位讲师Yosi Magor进行Web渗透测试和移动渗透测试(Android和ios)。他是最年轻的培训师，也是ebay的安全研究员和hackeru的讲师。然后是使用HTML，Java和CSS等基本语言创建网页的有趣部分之一。 Yosi不断告诉我们以一种懒惰的方式思考，这才是真正的聪明才智所在。我发现这确实令人鼓舞。他为我们了解漏洞赏金打下了基础，他成为eBay研究员的故事也令人鼓舞。移动PT是另一个有趣但有趣的话题。学习将移动设备用于基本用途以外的方式是一件很有趣的事情。

Then came the next bunch of instructors Swaroop Yermalkar and Azaz Dobiwala. During the start of phase 3, we had Swaroop being invited as a guest of honor for the inaugural ceremony. It turned out to be a surprise for us when we came to know Swaroop was going to be our instructor. He was the Head of Cyber Security HackerU India. He even authored many books like IOS penetration testing and wifi hacking. Then came my most favorite topic malware analysis and reverse engineering which I felt very comfortable with. Swaroop even gave us many challenges from OWASP Igoat, wireshark, Zeek, etc. OWASP igoat was his project and the challenge in that was quite interesting. Once we had a wireshark challenge, I was able to complete and create a proper report of it, he even announced one of his books as a reward for the best completion. I made it to own his book (wifi hacking). I was able to get another very small reward for completing another challenge too. This motivated me a lot. Azaz on the other hand gave me tasks to complete which made me start cracking machines from vulnhub and start training myself towards oscp.

接下来是下一班教员斯沃洛普·耶马尔卡和阿扎兹·多比瓦拉。在第3阶段开始时，我们邀请Swaroop作为就职典礼的贵宾。当我们知道Swaroop将成为我们的讲师时，这真让我们感到惊讶。他曾是印度网络安全HackerU的负责人。他甚至撰写了许多书籍，例如IOS渗透测试和wifi黑客。然后是我最喜欢的主题恶意软件分析和逆向工程，我对此非常满意。 Swaroop甚至给我们带来了OWASP Igoat，wireshark，Zeek等的许多挑战。OWASPigoat是他的项目，其中的挑战非常有趣。一旦遇到了有线挑战，我就可以完成并创建适当的报告，他甚至宣布了自己的一本书，以表彰其获得的最佳成就。我让他拥有自己的书(wifi黑客)。我也因完成另一个挑战而获得了非常小的奖励。这激励了我很多。另一方面，Azaz给了我完成的任务，这使我开始从vulnhub破解计算机，并开始对oscp进行培训。

We had Yogendra Swaroop Srivastava, he joined hackeru and he is also an OSCP certified professional. He helped me with bufferoverflow topic, which is considered the most difficult topic in OSCP. I kept trying this topic and I was able to do it very well and also helped some of my friends and Yogendra keeps appreciating students no matter a small or a big achievement, I was able to complete my buffer-overflow assignment much sooner than the rest and got appreciated by Yogendra and Swaroop, which was one another piece of motivation for me. Overall the course gave us an ample amount of knowledge for us to carry on our carrier as a VAPT professional and also to crack OSCP, all we need is to keep practicing and try harder which was the magic mantra of Yogendra. The very last week we had IoT and new technologies and AWS cloud computing classes.

我们有Yogendra Swaroop Srivastava ，他加入了hackeru，而且他也是OSCP认证的专家。他帮助我解决了缓冲区溢出主题，该主题被认为是OSCP中最困难的主题。我一直在尝试这个主题，并且做得很好，还帮助了我的一些朋友，无论成就大小，Yogendra都不断地感谢学生，我能够比其他人更快地完成缓冲区溢出作业并受到Yogendra和Swaroop的赞赏，这对我来说又是另外一个动机。总体而言，该课程为我们提供了丰富的知识，使我们能够继续作为VAPT专业人员从事运营商的工作，并破解OSCP，我们所要做的就是继续练习并加倍努力，这是Yogendra的魔咒。上周，我们开设了物联网和新技术以及AWS云计算课程。

Then came the most awaited part MASTERS CERTIFICATE IN CYBERSECURITY(RED TEAM), to get one there should be a consistent score of 70% in all assessments along with proper submissions of assignments and regular attendance.

然后是最受期待的部分网络安全硕士证书(红队)，要获得一等分，所有评估中的分数都应保持一致，并且正确提交作业和定期出席，得分应保持在70％。

Then it led to the most important part -placements and career guidance. We had few placement meetings from the placement team of Murali Erukulla and Premjith Alampilly. Forgot to mention our coordinator Mahesh Karthick who was also from my hometown, he was very supportive throughout our course. He helped us with the problems we faced in the hostel and in the classroom. On completion of the course, coronavirus pandemic arose. we all in a hurry came back to our homes. And since everything was under lockdown we weren’t able to get any placements. I started practicing machines for OSCP and after a few months of waiting, I attended an interview through jigsaw a company named sequretek, which is a pure cybersecurity core company. I had three rounds of interview, -online assessment , technical hr, and also technical and personal hr with the CEO of the company. I successfully cleared all the rounds of interviews and finally was able to get a job in it. I am truly looking forward to starting working in a company.

然后它导致了最重要的部分-安置和职业指导。穆拉利·埃鲁库拉(Murali Erukulla)和Premjith Alampilly的安置团队很少举行安置会议。忘了提及我们的协调员Mahesh Karthick，他也是从我的家乡来的，他在我们的整个课程中都非常支持。他帮助我们解决了宿舍和教室中遇到的问题。疗程结束后，冠状病毒大流行。我们大家急忙回到家中。由于一切都处于锁定状态，因此我们无法获得任何展示位置。我开始练习用于OSCP的机器，经过几个月的等待，我通过拼图参加了一家名为sequretek的公司的面试，这是一家纯粹的网络安全核心公司。我与公司首席执行官进行了三轮面试，在线评估，技术人力资源以及技术和个人人力资源。我成功地完成了所有的面试，最终得以找到工作。我真的很期待开始在公司工作。