OSCP: T-minus 1 week

I get access to the PWK course material in a week, so I figured I'd write up a quick post about how I've been preparing.After I registered for the course I read through the syllabus and made note of…

Starting my OSCP journey

It's probably ironic considering one of my earlier blog posts is titled "Infosec is more than pentesting", but I've decided to try my hand at the Offensive Security PWK course and OSCP certification.I haven't published a blog post in…

HackTheBox Writeup: Bashed

As a career blue teamer I feel it's important to understand the tools, techniques, and thought processes of an attacker. The best way to learn is by doing, and one of my favorite ways to practice is HackTheBox. The machine…

InfoSec is Bigger Than Pentesting

So far this year I've interviewed several candidates for a security analyst position. It's a pretty straightforward blue team role involving things like vulnerability assessment and remediation, identifying anomalies in user or system activity, and some internal audit functions. Unfortunately…

Deploying Security Controls with Ansible

I use several tools for various security or compliance controls on production Linux servers. Some of those aren't automatically installed/maintained through our package management utility, and with 100+ machines it is far too time-consuming to manually deal with each…