Quintius Walker, Grey Hat Developer, Cybersecurity Consultant
17 March 2024
Absolutely everything on this blog pertaining to the term “hacking” is meant for training and educational purposes only. WE DO NOT ENGAGE IN NOR PROMOTE ANY ILLEGAL HACKING ACTIVITY!
Greetings, Family, Friends, and Community!
I’ll interject early to say we are still grinding on the Bug Bounty Job Role Path. This isn’t some twisted plot of my wrongly or misdiagnosis of ADD. As the voices in his head yells, “Naw, son…it’s BDP on mines all day!” That was a joke, chill.
Ya see what happened was, speaking of “job role”, I recently picked up a new gig and somewhere within my new job tasks my attention was captivated on Active Directory. Besides, about 98% of all corporations today use it. But what the heck do I know about Active Directory? Well, more than a few things actually but to contextualize the question I’m thinking along the lines of threats, attacks, and exploits.
With that, tools came to mind and I flashbacked to a year ago when I was on my PNPT grind. One that particularly came to mind was Bloodhound. I’d recently been searching for ways to get some hands on experience using the tool before introducing it into a production environment. So, instead of priming for AD from the ground up as any sane technician would, I found myself at the top of the mountain looking down into the AD environment. Gaining an understanding of an object by interact]ng with it. Staying true to the hacker way.
And the best way I knew to do that in real time was in a real engagement. Well, not real in the sense that I’d be getting paid for performing the service of an internal penetration test, but still, real in the sense that the pen test had something of value attached to it. It meant that I wouldn’t be just firing up the Attacking Active Directory module of HTB Academy and capturing flags as a measure of my skills.
From the top all the way back down to the PJPT
As with any exam I’ve ever taken that was delivered through TCM Security, my utmost take away is the hands-on experience and the weaknesses in my skill-set that gets exposed. I absolutely step away confident in my ability to perform said tasks in production along with tasks I know will require some research before signing on to the project. The PJPT definitely did not disappoint.
Having successfully completing the PJWT, attempting the PNPT several times to no avail yet, and now having success with the PJPT, I want to point something out to anyone who is considering to go for either of these certifications or, if you’re feeling extra confident in your skills and are going only for the PNPT -First all, by no means should you underestimate the “Junior” in the title of the two.
Here’s why….
One thing I’ve experienced, and continue to actually, many times over in this field are Hackers having a tendency to use the words easy, beginner, introductory, and “junior” very loosely when rating a hacker task. I think what happens is that hackers get so engulfed in their work that at times otherwise, like when engaging with folk in circles composed of other skill-sets, disciplines, etc., they forget their audience has changed and so address these other folk as if they’re still in the presence of other hackers. So I’ve learned it’s very hard to quantify what another hacker considers “Junior“.
But uniqueness makes us beautiful, right?
So what I did moving forward was developed a habit of not initially assigning weight to something a hacker told me was “Junior” but instead just approaching it as hard until proven otherwise. Because as experience has shown, even though what the hacker called Junior eventually turned out to be “easy”, there was still some hint of a struggle encountered along the way to establishing that to be fact. I’m just saying.
And such was my experience with the Practical Junior Penetration Tester exam environment.
Now, let’s say you’re a lot like myself with quite a few years of training where the scenarios were all capture-the-flag based before ever touching live systems in production. In that case, an ideal road map to success would be:
– [ ] Complete the Ethical Hacking course
– [ ] Complete the Bug Bounty course
– [ ] Get PJWT
At this point go back
– [ ] Complete the Ethical Hacking course again
– [ ] Get PJPT
Finally,
– [ ] Complete Ethical Hacking course again
– [ ] Complete the Bug Bounty course again
– [ ] Get PNPT
More importantly, if none of my two cents make any sense to you this last jewel is of grave importance: No matter how rational it may seem to seek other sources of training while attempting to accomplish the above task, save yourself the time and don’t. You will become the very definition of Scope Creep!
(One of the unique characteristics about TCM Security exams is it’s ability to provide absolutely everything you need to pass the exam, in the course.)
This redundancy may seem extreme. But what you’ll begin to see is a picture of an entire environment and the numerous ways that you can go about compromising it. Before it’s all said and done you should have a nice little functional lab to administer and build onto moving forward. My suggestion is not to tear it down if that’s at all possible but continue exploring and learning with it.
In summary, although it wasn’t a requirement to pass the PJPT, I went a step further and established persistence after compromising the domain controller. And of course finally, the moment everyone involved with a pen test is waiting for…the report!
Hack On, Ladz & Gentz!