I haven’t posted in a while, so I thought I’d clear the cobwebs by posting about some recent changes to my site and an update on what I’m working on now.
When I first started publishing to this domain a little over a year ago, I was running Ghost on a Digital Ocean droplet. This would typically cost me between $5 and $15 per month, depending on the amount of traffic the site received. I looked into various static site options and decided to migrate to Hugo on AWS S3.
I ran this setup for a few months and saw a drastic decrease in cost. I was basically only paying $0.50 per month for Amazon Route 53 DNS, but adding content was a bit more complicated. Nothing terrible, but enough to dissuade me from doing much or posting many updates. So, I did more research and discovered Netlify.
It took me about 20 minutes to completely shift from Amazon to Netlify, and I can pretty much do all updates from the command line. I haven’t quite got “netlify deploy -p” working, but I assume it’s just user error. My montly cost has completely reached zero, however.
After completing the OSCP last summer I hit a bit of a “hangover”. That cert had been a goal of mine for the past 2-3 years, and it took a pretty significant amount of focus and energy to work through the material and sit for the exam. Once it was done I wasn’t really sure what to do next.
I applied to graduate school for a Masters in Cyber Security, got accepted, then ultimately rejected as my undergrad is from a nationally accredited school vs a regionally accredited one (thanks, ITT). That was pretty disheartening and didn’t help matters, so I took a break.
Right around the start of 2020 I decided it would be fun to get involved in the bug bounty scene. However, OSCP touched a bit on web application hacking but didn’t go very deep into the topic. I researched training options to gain more exposure and decided on the eLearnSecurity Web Application Penetration Testing course. I registered for it and am currently working through the course material and labs. I’d like to sit for the exam in March or April.
In the meantime, I have signed up at both HackerOne and BugCrowd and am learning about the platforms and the various programs they host. I’d love to get connected to a mentor in the bug bounty scene, so if you run across this post and have experience in that area feel free to reach out.
I’m also spending more time on HackTheBox and renewed my VIP subscription there, which has resulted in a nice chunk of ISC2 CPE so far this year. I have a backlog of machines I completed last year that are now retired, so I may post a few more writeups in the near future.