Level Up! My Evolving Cybersecurity Skillset in Year 2
Lessons Learned, Challenges Overcome, and Goals Achieved
Pre Requisites
If you haven’t read my article on my first year in CyberSecurity, start here: “Cybersecurity Quest: My 365 Days on TryHackMe” This article serves as a continuation of that journey.
Table Of Contents:
🔴 Completing Junior CyberSecurity Analyst Learning Path
🔴 CSI Linux Exploration and Contribution
🔴 Participation in TraceLab CTF
🔴 Development of Open Source Tools
◾️ Sensei HackLabs
◾️ YT Evidence Collector
🔴 National Level CTF Preparations
◾️ National Level on-site CTF Experience
◾️ Post-CTF Reflections and Learning Journey
🔴 Conclusion
◾ Encouragement for Continuous Growth
Completing Junior CyberSecurity Analyst Learning Path
This year was filled with fascinating experiences in cybersecurity. Let’s dive in.
First, let me share about my Junior CyberSecurity Analyst Learning path by Cisco, which I mentioned in last year’s article. I completed that path on August 22, 2023, and learned almost all the fundamentals of cybersecurity, such as pentesting, threat intel, GRC, and Cisco networking device management.
CSI Linux Exploration and Contribution
I was enrolled in a CSI Linux Investigator course and exploring CSI Linux when they recommended an FBI-wanted tool for our OSINT practice. I faced challenges downloading the list of wanted individuals but resolved the issue after checking the tool’s source code. I even had a conversation with the creator, Richard Mwewa (LinkedIn), who later converted the project into an FBI API pip library. Consequently, I created an enhanced version of the FBI-MostWanted tool.
After completing the CSI Linux Investigator course, I joined CSI Linux as a volunteer to contribute to building CSI Linux. I admired their work on CSI Linux OS during my learning phase, prompting me to collaborate with them to enhance it further.
I created several graphics, including the CSI Tor logo and a cheatsheet, but primarily focused on development. Initially, I developed helper functions like docx and odt template filling function, case management functions, and an API key file encrypt/decrypt function, among others. Subsequently, I worked on creating proper GUIs for some tools like ‘whatsmyip’ and API key manager, followed by developing a tool from scratch called Recon Browser, which supports tools as extensions. This project will receive future updates. I also created CSI libs to manage all the shared libraries used by CSI Linux tools.
If you’re interested in joining CSI Linux as a Volunteer/Intern, you can contact Jeremy Martin on LinkedIn. Check out the CSI Linux repo for more information.
You can check the CSI Linux repo:
I left CSI Linux as a volunteer in February 2024 but plan to work with them again in the near future.
My First Challenge Coin
I participated in the RunZero Coin Challenge and won the First Challenge Coin.
Here’s my solution to that challenge: https://medium.com/@pakcyberbot/runzero-coin-challenge-solution-22ad56c835e6
Participation in TraceLab CTF
This year, our team participated in TraceLab CTF with a new member, Ashar Khalil (LinkedIn), an OSINT expert. This year, I improved my OSINT skills compared to the previous year.
I also participated in TraceLab’s CTF as a Coach in April 2024 and received a free 6-week professional license for a forensics OSINT tool.
Development of Open Source Tools
This year, I developed 2 tools:
Sensei HackLabs
Automatically sets up my hacking environments for every pentest engagement.
YT Evidence Collector
Gathers evidence from YouTube, including downloading videos, collecting data about videos and channels, taking snapshots in the Wayback Machine, and generating DOCX files and HTML webpages.Downloads YouTube videos
TCM Courses Completion
I completed all 5 free courses from TCM, that I received the previous year from PNPT Live classes, by the end of October 2023, significantly improving my Active Directory skills.
HackTheBox Journey
I began my journey on HackTheBox in October, solving my first machine during HTB Open Beta Season III. By the end, I achieved a Platinum rank.
I didn’t get help with some machines, while others required assistance, and one remained unsolved. Here’s a piece of advice: never give up. If you’re unsure how to breach a machine, take some time to research, try harder, and seek advice if needed. Don’t just blindly aim for flags. The main purpose is to learn. If you can’t solve a machine, read the write-up, understand it, and learn new things that will benefit you in the long run. Sometimes, even after solving a machine by yourself, read solution write-ups from others to gain new insights and perspectives.
National Level CTF Preparations
Mohsin Shah (LinkedIn) invited me to join his Revolt team for the Ignite national-level CTF. Thanks to him for this opportunity. Before the CTF, I prepared myself by participating in international online CTFs and the Black Hat MEA CTF competition with Team Revolt. We qualified for the finals in Riyadh, KSA. I wrote the solution writeups on my https://pakcyberbot.github.io/CTF-Writeups
I also participated in other CTF events, and my mentor, John Hammond, acknowledged and reposted my Snyk Fetch the Flag post, which was a motivating achievement for me.
My mentor, John Hammond, from whom I’ve learned so much, replied and reposted my “Snyk Fetch the Flag” post. This gesture not only motivates me but also counts as a small achievement, in my opinion. 🤔
National Level on-site CTF Experience
My first experience with an on-site CTF was during the Ignite national-level CTF in Karachi. I participated with my team comprising Mohsin Shah, Ali Ashber (LinkedIn), and Khuzaima, and had the opportunity to meet experienced cybersecurity professionals. Although the experience was great, my performance in the challenges was not as strong as I had hoped. However, Ali Ashber successfully solved one of the challenging tasks. You can check out his article here and show some support by following him.
Our team qualified for the finals in Islamabad, securing the first position. During the finals, we stayed in a hotel in Islamabad for three days, where I connected with new individuals and teams such as M4lware, Sigma 4, and Team 4n6k. You can check out these posts to connect with those team members: M4lware, Sigma4, and Team 4n6k. For other team members check my comment. This experience allowed me to make valuable connections in the cybersecurity community, contributing to my growth in this field. Although we performed well compared to Karachi, we ended up ranking 7th due to the presence of more experienced and skilled hackers.
Post-CTF Reflections and Learning Journey
After the CTF, I identified areas that required improvement and began focusing on enhancing my skills in reverse engineering and cryptography. I also participated in another CTF challenge as an individual to evaluate my skills further.
Additionally, I started improving my web app pentesting skills by completing PortSwigger labs. I will provide updates on my progress with these labs on LinkedIn or Twitter/X.
Google Cloud Certification
I applied for the Google Cloud Get Certified program to obtain a free certification as a Google Cloud Security Engineer. I successfully completed the first stage of this program and was selected for stage 2. Following that, I will prepare for and take the certification exam. I will keep you updated on my journey through my LinkedIn or Twitter/X profiles.
My Social Media Stats
Just wanted to share the stats of my social media for this year.
- Received the Bronze Star Struck badge on my GitHub.
- Reached 100 subscribers on my YouTube channel 😂
- Reached 200 followers on Twitter/x.
- If you support or enjoy my content, I’m just 10 followers away from reaching 100 on Medium.
- Stats of my eJPT experience article.
That’s all from me for now. If you’ve read my previous article, you might be wondering about my TryHackMe streak. I lost that streak due to focusing on other platforms. However, I have been actively solving crackmes challenges, engaging in cryptohack, and planning to learn from platforms like LetsDefend and PentesterLab in the near future.
I have also created another room on TryHackMe, which I have submitted for public release. In case of rejection, I will share the private link of the room on my social media channels.
The next year’s journey write-up will be published on the new year, unlike May when I started the journey.
Conclusion
This year has been incredibly productive, filled with invaluable learning experiences and skill enhancements. I ventured into new fields, explored different platforms, and actively participated in various CTF events.
As I conclude this writeup, my primary aim remains to inspire and uplift others. If you find yourself lacking in achievements, remember my journey from my first year in cybersecurity. I began with limited resources and opportunities, but through consistent effort and determination, I made progress. Regardless of your circumstances, whether you feel overwhelmed or inadequate, remember that every small step counts. Just like how little drops form the sea and individual grains compose the sand, every bit of learning contributes to your growth.
It’s crucial to understand that true motivation comes from within. External sources like motivational videos or songs may provide a temporary boost, but lasting motivation stems from facing challenges head-on and persisting through difficulties. Rather than avoiding or ignoring obstacles, confront them with courage and resilience. Identify the root cause of your demotivation and work towards resolving it.
Consistency is key to success, even in the face of setbacks or moments of doubt. Stay committed to your goals, and remember that overcoming challenges only strengthens your resolve. Your journey may have its ups and downs, but with perseverance and determination, you can achieve exponential growth.
Encouragement for Continuous Growth
Fostering a passion for learning and nurturing curiosity are essential for personal and collective advancement. These qualities are the catalysts for innovation and exploration, leading to groundbreaking scientific discoveries. Age should never hinder one’s quest for knowledge; continuous learning is vital for individual growth and societal progress.
Remember, every individual possesses a unique inclination towards learning. Identify your interests and delve deep into the field that resonates with you. With the vast resources available on the internet, acquiring knowledge has never been easier. However, it’s crucial to discern where to direct your attention amidst the abundance of information. Avoid falling into the trap of distractions that offer no real value to your life.
In ancient times, knowledge seekers embarked on arduous journeys in pursuit of wisdom. Today, while knowledge is readily accessible, the challenge lies in effectively managing and focusing our attention amid the deluge of information.
I invite you to explore resources like this channel, which may offer valuable insights and support in your learning journey. Remember, each step you take towards learning and growth contributes to your personal evolution and the betterment of humanity as a whole.
If you found this article helpful or informative, I would greatly appreciate your support by giving it a like and following me on Medium and my social media accounts. Your support will motivate me to create more content and share my knowledge and experience with others. Thank you for your support!
You can follow me for more informative material on:
- Twitter: https://twitter.com/PakCyberbot
- LinkedIn: https://www.linkedin.com/in/pakcyberbot/
- Medium: https://pakcyberbot.medium.com/
- GitHub: https://github.com/PakCyberbot
- Instagram: https://www.instagram.com/pakcyberbot/