It’s already June, which means almost half the year is over. But, I’d still like to post about my thoughts and goals and ideas for 2023. I should probably slow down and spend more time on other things, but even if I do that, these are still things I’d like to pursue or think I can get to this year.

I have a shorter list this year. Due to gentle life changes and getting older, one habit I’ll go on record (to keep myself accountable) is getting physically active again. I’ve already been going down this path, but it needs to be continued and expanded.

Formal Training/Certifications

Renew GIAC GWAPT (SEC542). This is completed already, though I still have an need to go through the new material and course recordings.

Renew AWS Security Specialty certification. This is completed already.

Renew CISSP. Also already done. This is just a fee plus CPEs, but I keep this on my list every year as a reminder

Antisyphon course at WWHF. I’ve been doing training through Antisyphon for several years now, and there are still courses on offer that I want to attend. I may opt for a subscription format someday, but if not, I’d like to take something later this year with WWHF, either virtually or in person.

That’s really it for formal things. I only had one renewal exam to take this year, and no other major certifications on tap to pursue, though there are some topics that I could pursue, such as some red team courses/certs, or access to Offensive Security via subscription, or MS Azure/M365 certs. But, I just don’t want to commit time and/or money to them at this time. I suppose those could all be stretch goals or something to slot in if I feel the bug.

Informal Learning

Defcon. It’s been more than several years since I’ve been to Defcon. I’m going this year.

Books. I have lots of books to go through on various topics.

Courses. I have lots of course materials and/or things that I would like to get to on a more informal basis.

BlueTeamLabs.online. I still go through new content they release, but this is super infrequent and I otherwise have all of their content solved.

Purple team home lab. I’d actually like to stand up the Splunk Attack Range or Kali Purple or another blue team lab setup in my home lab. I already have a lab, but I don’t have, say, a full SIEM stood up or an attacker emulation environment set up at any given time (do you run the leaked and untrusted Cobalt Strike code on your home network?). I’d like to hone that process and then also consume it with self-directed activities like further C2 and attacker emulation practice. Basically, I want to be able to practice all aspects of purple teaming (blue and red) at home, including malware analysis and red team tradecraft. The key is being able to do this efficiently. It’s one thing to want to study advanced topics, but too often students like myself spend all their time on the environment and burn out before getting to the real juice. Standing up this environment needs to be as painless to me as standing up an AD environment or a Kali attack box or my normal home lab with firewalls and isolation. And often this comes down to rote practice, familiarity, and the right level of automation that isn’t itself onerous to maintain.

Parting Thoughts

That’s also really it on the informal side. This is the first year in a long time I’ve not had a subscription to some learning content that I was paying for on my own. I’ll get back to that for sure, but I’m taking a small break from pre-scheduled things.

And it’s not like I don’t get plenty of learning and geekery otherwise. I’m in year 23 of an IT and infosec career and work daily as a senior analyst with my blue and red feet in many ponds at the same time. There are really no days that go by where I’m not learning something new, practicing skills, or sharing my knowledge to someone.

Every year I try to make some learning and training goals and review my prior goals. This has gotten a lot looser in recent years, maybe due to time stretching outward in these crazy times.

I did lots of maintenance in 2022.

Formal Training/Certifications

Completed the Offensive Development course with Antisyphon virtually through Wild West Hackin’ Fest in the latter half of 2022 (yes, the link is to this year’s syllabus). This course was a 2-day exploration of writing and editing malware to get past EDR for successful execution on protected endpoints using Cobalt Strike and other red team structures. I really enjoyed this course as it really pushed my boundaries a bit. I just wished I had the time to go over it a second time for maximum uptake. The course says it is intermediate, but I would think this is really an advanced course if you want to follow along by doing the labs successfully.

Renewed my AWS Solutions Architect Associate certification (which also renewed the AWS Cloud Practitioner). See my post for these details.

Renewed my GIAC GCFA (FOR508) certification. This is really just paying a fee to get renewed plus updated materials and course recordings and lab files. I still need to actually go through the new stuff.

Renewed my CISSP. Again. Just fees and CPEs that needed recorded.

Informal Training

I spent a ton of time in the early third of 2022 on the BlueTeamLabs.online (BTLO) site doing their lab investigations. I did this enough to eventually land in the #1 spot on the leaderboard. I’ve posted a bit about their labs already, and I’ve even done some write-ups on retired content. Even at the time of this writing, I’ve been trading off with a few others for the #1 thru #3 spots as BTLO releases new content.

I also continued to spend time on PentesterLab earning most of their badges and finishing something like 450 of 480 challenges (not all of which were actually available). I have since let this subscription lapse, but fully intend to get back on again when I have some time and money to spend. (And also finally figure out the code review 11 challenge that has been my bane!) This was nothing done over just one year, but rather multiple years.

I’ve finally gotten on board TryHackMe for the first time last year. While I like the platform, it’s definitely a different environment than HTB or BTLO. I’ve like to do more here, but I also have to make sure I do things that are worth while as there is lots of content that is geared more towards entry knowledge levels. I spent most of my time on the Red Team tracks as I found these to be nice ways to review old skills, brush some dust off, and even learn some new tricks and tools.

Practical Malware Analysis book. I include this because it’s not just a book to casually peruse or even fully read, but is also a collection of exercises and labs to progress knowledge and practice techniques. I was turned further onto this than normal due to the “Counter” investigation on the BTLO platform. I didn’t get as far as I wanted on this last year, but I made progress and pushed my boundaries when it comes to using a debugger. I hope to do more.

A few weeks ago I took an exam that renewed my AWS Security Specialty certification for another 3 years. This is an advanced “specialty” certification offered by AWS centered around, surprisingly, implementing and managing security within the AWS cloud platform.

I first took this back in 2020 and passed with a really good score. Reading my prior notes, I have many of the same thoughts this year as I did back then; this exam is frustrating to take. The questions are long, 30-40% felt like multiple answer questions. There were times I would just sit back in my testing chair, fold my arms over my chest, and get comfortable to read a long question several times. The longest question/answer was literally 4 screen lengths.

Study Plan

This time, I had access to Udemy through my employer, so I made use of several courses on that platform. I covered about 50% of the course content in “Ultimate AWS Certified Security Specialty SCS-C01” by Stephane Maarek. I also covered about 50% of the course content in “AWS Certified Security Specialty Course SCS-C01 (2023)” by Neal Davis. I then also went through practice exams for the certification on the Tutorials Dojo site by Jon Bonso.

I started with the Maarek course, but I honestly got through much of it and didn’t feel very confident. I was much happier going through the Davis course which included him going over hands-on show-and-tell segments which I find better than doing my own labs. It might be that I liked Davis, because I did Maarek first and got the wheels greased. The practice exams on the courses and the dedicated offering on Tutorials Dojo were all good questions, with the latter site being…let’s say…very close to exam types of questions.

If I were to do this again, I might look to see if my prior study course by Adrian Cantrill was still maintained and offered somewhere, otherwise I’d go back to Davis and Maarek for studying and Bonso for practice exams. I’m not sure I’d need anything beyond that other than my own experience and exposure in AWS through work and other various labs and study adventures.

What’s next?

I’m not sure. If I want to do anything else in AWS, I would probably sneak in the AWS Developer Associate somewhere. I’ve seen some study material on it, and I have to say there is a bunch of material that feels pretty basic for someone relatively new to IT overall. But, the things that go beyond those basics could be useful. I’d probably want to do that this year or in 2 years, though, just to get renewal lined up better? If I dive further into AWS cloud security, I would certainly do it as well as look into Solutions Architect Professional and the Networking specialty. At least to take them once and forever learn some new things. The Sysops Associate could be interesting, but I wonder if I might not learn a ton new from it that is useful to my current work anyway.