My Professional Goals For 2021
For 2021 I want to work on improving my technical capabilities in areas where I am lacking. I chose to work on Windows internal network pentesting with AD, malware authoring/understanding, and public speaking.
I like the idea of certifications because I force myself to learn things for a respected end goal, using the training supplied for the cert. Thus, learning the skills is more important than the letters.
I lack Windows Networking and Active Directory proficiency, so this certificate directly works to fix that.
I like this certificate because it enhances CRTP skills around Active Directory by including more Red Team things and Windows Network assets and technology.
Possibly Offensive Security’s OSEP.
I like this certificate because it expands upon the other two certificates even more and should wrap up a foundational skillset around Windows internal network pentesting, especially with some perspective for writing/understanding malware on Windows and Windows networks.
I am not sure if I’ll have the resources or time required for OSEP in 2021.
While there is much more to learn, I have decided to limit myself to the things below. C2 and C programming mostly for me, Windows networking and AD mostly for work, and public speaking for both.
I want to finish most programming for my Violent Fungus C2 project, bringing me up to speed with the C and C++ programming language.
This project aims to learn to build a C2 (Command and Control) server and agents for Windows, Linux, and FreeBSD. Additionally, there are some other goals such as getting better at C and C++ programming (it has been a long time), use ICMP and other protocols for unintended purposes, writing Windows agents to evade detection, and joining in the fun of everyone else building C2 software.
Almost a spec here https://attack.mitre.org/tactics/TA0011/; it would be cool to support most of the things there. I don’t know how to do things yet, but having a project is a great way to figure it out!
Note that I am not interested in how other C2 projects work right now. I want to do a clean implementation without biases other than how I read the spec, what I’d like to do, and how I think things should work, having worked on the blue side before.
Windows Active Directory
Note that the certs for this year are also tied to this skill and Windows networking. I need to fill this gap inability for my penetration testing and red teamwork.
I’ve avoided Windows stuff for most of my career, and now I’m playing catch-up.
Basically, start speaking at cons, meetups, and the like. Probably join Toastmasters and start submitting talks to cons/meetups. The goal is to get over my fear of doing it and hopefully provide value to at least one other person.
In-real-life conferences and meetups
This is obviously dependent on where things stand with COVID-19 restrictions. I mainly want to meet with folks I know via Twitter and other places, conversing face-to-face and developing those friendships.
Here are some that come to mind.