I recently conducted an interview with Hackin9 Magazine.
The interview can be located here:
With the new phpmailer exploit, which provides remote code execution, that was released a few days ago, I decided to create a simple python script called phpmailer-chcker. I released this to check for the vulnerable versions of the phpmailer application. I’m sure ill make it easier to use in the future, but its a start for now.
The vulnerability and exploit was discovered by David Golunski
The original full advisory can be located here
For testing purposes only. Do no harm.
It can be found here.
So I wrote an article for Penetration Testing Magazine. For anyone who is interested in reading it, the link is located here.
PenTest OPEN: Cybersecurity and penetration testing. Trends in 2017.
CompTIA Security+ CEUs
A quick overview of the CompTIA Security+ CEU program
So today a coworker was working on getting his administrative accounts setup. Part of the process to get the accounts created by our help desk is that you have to have a current, the keyword being current, Security+ certification offered by CompTIA. My coworker was unaware that CompTIA had changed its program which now requires that certification holders complete CEUs in addition to paying a yearly maintenance fee. After looking at his certification he discovered that he would have to take the exam all over again in order to be compliant to receive his administrative accounts. Was he ever mad. He just assumed that since he has one of the good for life certifications that he would be “good to go”.
This got me thinking that I should probably check my account standing since it has been a while since I have submitted any CEUs. So I head on over to CompTIAs website at https://www.certmetrics.com/comptia/default.aspx and of course I discover I have some catching up I need to do. After logging in I find that I can write a blog of no less than 500 words about the Security+ certification and receive one CEU for this action. Score! So here I am writing about this experience, trying to catch up on CEUs, and of my coworkers experience.
For those that also hold the Offensive Security Certified Professional (OSCP) certification, it does not count for CEUs under CompTIA’s program. I have not reached out to EC-Council yet. Hopefully it does so that I can knock those CEUS for the year out of the way as well.
Some other items you can submit CEUS for are as follows:
(Note that this isn’t a complete list)
Write a book
Publish a blog
Publish a white paper/Article
Work experience (once per year)
Since I completed my Master’s degree this year, I was able to add the last two courses I took to get me 20 credits toward my 3 year goal of 50 CEUs. Each one of the graduate courses I finished this year gave me 10 CEUs per class.
So now I am almost half way toward my goal of 50 CEUs. I may have to go and take the CASP exam sometime soon. If you are able to pass an exam equal to or higher in regards to difficulty, it would give you the max amount of CEUs. This means that if you have Security+ and pass the CASP exam, you would be all caught up on CEUs for Security+. However, you would still have to do the CEUs required for the CASP exam, which I believe is a lot more.
The point of this program is to ensure certification holders are staying up to date on security and are staying aware of the latest types of attacks and ways to mitigate those attacks. I do wish that CompTIA would be more accepting of other certifications (like the OSCP) so that the time I spent on that course and exam would also give me CEUs for my other certifications such as Security+ and CEH.