TryHackMe: SOC Level 1

07/09/2024

A huge pathway on TryHackMe dedicated to the defensive side of cybersecurity. It covered everything from frameworks that structure a good security posture, to network traffic analysis, digital forensics and incident response, and email security. It covered Wireshark in incredible detail (which I enjoyed, because I really enjoy network traffic investigations), as well as popular SIEM tool Splunk.

CompTIA Security+

ongoing

During my free time at work, I completed online training for CompTIA Security+ through CBT Nuggets. This was a very helpful learning experience as it tied together a lot of things I had learnt independently and brought them all under one banner.

Note: I have not yet taken the exam for this qualification.

Note-taking website

31/01/2025

I needed somewhere to store all my notes (mainly related to my cybersecurity/IT learning) as the 600 page word document was getting clunky. I also needed more practice working with PHP, so I made my own wiki/note-taking website to help me out. Each topic is given a page, and they can all be linked, viewed, edited etc. This helps me greatly when I am looking for one specific command or fact that I know I wrote down somewhere but can't remember where.

TryHackMe: Web Fundamentals

28/05/2024

This pathway on TryHackMe taught the basics of web hacking, and how the web works in general. This included using Burp Suite for exploiting vulnerabilities. It also looked at other common web vulnerabilities included SQL injection, IDOR, file inclusion, request forgery and XXS.

Zombie Escape Video Game

15/04/2024

I made a simple 3D first-person shooter in Unity as part of my Level 1 award in Game Design and Development. I wanted the opportunity to push myself, and to test the skills I had already learnt, such as modelling in Blender, and C++. I followed the Build Your Own First Person Shooter in Unity guide by Wireframe, as a tutorial for getting starting in Unity. This project was done over eight days in order to be completed by the final deadline. As well as creating the game, I also had to document every step using screenshots.

TryHackMe: Junior Penetration Tester

14/06/2024

This pathway looked at the fundamentals of pentesting, including the ethics, and common methodologies used in pentesting. It looked at exploiting web applications and network protocols. It also looked at how to research vulnerabilities and escalate privileges once an initial foothold has been found.

Cisco Academy: Networking Basics

13/10/24

This was an online course offered by Cisco Academy that covered the basics of networking, including fundamentals like DHCP, MAC addresses, ARP, and more. It also made use of Cisco Packet Tracer to model some networks and provide some "hands-on" experience.

HackTheBox: Starting Point 1

28/05/2024

This is the second collection of boxes on HackTheBox, designed as an introduction to pentesting. It includes the following boxes:

  1. Appointment: A web application vulnerable to SQL injection
  2. Sequel: A vulnerable database service with weak credentials.
  3. Crocodile: An FTP service running with weak credentials
  4. Three: A website using a vulnerable S3 bucket for storage
  5. Ignition: A website with a vulnerable e-commerce platform
  6. Bike: A web application vulnerable to Server Side Template Injection
  7. Funnel: An insecure FTP service gives access to a machine with a PostgreSQL database
  8. Tactics: A Windows machine running an insecure SMB service

Web Scraper

24/05/2024

I created this web scraper on behalf of a client. They had a list of UK schools and they wanted to find as many PTA-associated emails as they could from the school websites. They were doing it by hand when they approached me, asking if I could help them out. The scraper itself looks for a sitemap to pull a list of all the pages on the site. From there, it crawls each page looking for links in the page. It then uses RegEx to check if the link is an email or a website. If it is an email, it is added to a list of emails to be checked. I then used another set of regular expressions to look for PTA emails in descending order of likelihood that it would be a PTA email. If an email was found, it was saved with a likelihood score, and if one wasn’t, that was recorded.

ISC2: Certified in Cyber

ongoing

During my spare time at work I completed the training for ISC2's introductory cybersecurity qualification, Certified in Cyber. As with Security+, this was a nice way to tie together a lot of cybersecurity knowledge I had from other learning.

Note: I have not yet taken the exam for this qualification.

TryHackMe: Complete Beginner

22/05/2024

This TryHackMe pathway was designed to give the core skills needed to start a career in cybersecurity. This included the fundamentals of Linux as an operating system, the basics of how networks and websites operate, the basics of cryptography, and the basics of exploiting Windows, including the use of Metasploit.

HackTheBox: Starting Point 0

20/02/2024

These are the very first boxes on HackTheBox. Most of them involve misconfigured services with passwordless entry enabled, making them relatively simple to exploit.

TryHackMe: Pre-security

08/08/2022

This pathway is meant as a pre-requisite for all other pathways on TryHackMe, and covers the basics of IT and computer systems, in order to build an understanding before looking at them from a cybersecurity perspective. This includes the fundamentals of networking, websites, and the basics of Windows and Linux.

Beginning C++ Through Game Programming

01/01/2024

A book by Michael Dawson. I used this a preparatory text before coding my simple 3D shooter in Unity. While Unity used C# instead, this was still a good introduction to C-style languages. The book itself covers basics such as variables and control loops, as well as functions, references and pointers. It also covered the details of classes and object-oriented programming, including inheritance, polymorphism and abstract classes.