Learning Update-Week 1

I’ve decided to give myself a new challenge: Post a weekly update on what I’ve been learning about, my thoughts on what I’ve seen so far, and what I’m planning to look at for the next week. These posts will go up on my blog on Mondays, and I’m going to run this challenge for the next 8 weeks. At the end of the 8 weeks, I’ll look at how things went, and evaluate whether or not to make this a more regular feature here.

For this first update, I’m actually going to go back slightly more than a week, mainly because I had a fairly significant learning milestone just outside of the 7-day mark.

What learning did I do this week(plus)?

Final Exam for Introduction to Psychology 1

As some of you may know, I’ve been working on a Bachelor of Education in Adult Education for a while now. I’ve been fascinated by how adults learn, especially in relation to complex systems and processes like software testing. Most of the Education courses I need have been wrapped up, so now I’m focusing on things like Psychology, Sociology, and likely even Philosophy. I’ll also be picking up some technical-focused courses as well, and a couple of fun ones – after all, if it’s not fun, why do it?

The exam was pretty straightforward – about 130 questions, using a good ol’ scantron sheet. I’m feeling pretty good about my performance, so now I’m just waiting to see the final results.

Security Blue Team-Intro to Network Analysis

A while back, I signed up for an account on securityblue.team, and as part of my efforts to build up my cybersecurity skills, I started going through this course. So far, it’s relatively simple stuff if you’ve had any exposure to networking, which makes sense to me. After all, it’s important to level-set everyone for an intro course, and it can be a good refresher for those who may not have focused on the topic in a while.

PentesterLab-Unix Badge

In the same vein as the last item, I’ve also been working through some of the exercises on PentesterLab, and last week I completed the Unix badge. I like the format of the exercises, in that they’re small chunks that tend to build on each other; usually after a few exercises, the instructions become less detailed, which encourages the learner to make sure they pay attention in the early exercises.

Risk Management for Cybersecurity and IT Managers

One of the cool things about where I’m working, is that they really stand behind Professional Development, and recently they gave us the option to use some of our PD budget to get access to Udemy for Business. I browsed their catalogue, and found this course from Dion Training Solutions. Part of my personal philosophy around software testing borrows from James T. Kirk:

While risk-based testing isn’t the only way to test software, it’s one that tends to be more compelling to the business side of things, as opposed to a more technical focus. Understanding different ways to consider risk, and what kinds of risks exist, is a great way to enhance one’s testing skills.

Make-Your-Own Rubber Ducky

Earlier this year, I stumbled across an interesting post about how to make your own Rubber Ducky for about $3. For those who aren’t aware, a Rubber Ducky in this context is a USB device sold by a company called Hak5, which specializes in cybersecurity testing tools. To the computer you plug it into, it looks like a USB keyboard, but it’s actually a tool that can run all sorts of nefarious scripts on the machine. I tried to order one from the original manufacturer, but they’re not currently taking orders, so I tracked one down on AliExpress. The unit itself was pretty cheap, about $5 including shipping. After a couple of months, it finally arrived!

I started trying to get it set up using my Raspberry Pi running Kali Linux, and spent FAR too much time trying to get it to work. I suspect a more mainstream distro might be a bit easier, but I didn’t really feel like setting up a whole new system. After giving up on Kali, I decided to try setting it up using my Windows 10 laptop. At first, I ran into the same “device timeout” issues that was blocking me on Kali; after some searches, I found a video that gave me the solution: install the drivers.

Seriously, how on earth did I miss that?! I might need to turn in my Nerd Card.

Once I got the drivers installed, everything worked like a charm! Now, I have to learn some C, and figure out what nefarious things I want to try on my personal gear.

What Learning Is On The Agenda This Week?

Security Blue Team-Intro to Network Analysis

I’m targeting having at least 3 modules of this course finished by next week.

Risk Management for Cybersecurity and IT Managers

This is a pretty short course, and I’m about halfway through, so I expect to be done this week.

Make-Your-Own Rubber Ducky

I’m going to look at some of the scripts that other folks have created for this, and pick something to try.

PentesterLab-Essential Badge

I’m targeting at least 4 exercises for this badge this week.

Anyone want to join in?

If you’re interested in taking this challenge as well, I encourage you to go for it! It can be a great way to keep yourself accountable, and also to be able to look back at all the cool stuff you did.