An excellent certification with realistic labs, but not yet as widely recognized by employers.

Disclaimer: eLearnSecurity is a sponsor of the IoT Village, an ISE-run organization. I received the course and exam for free due to this relationship. eLearnSecurity had an opportunity to review the contents of this article before it was published but it nonetheless represents my genuine opinion.

I recently took the eLearnSecurity Penetration Testing Professional (PTP) course and passed the associated eLearnSecurity Certified Professional Penetration Tester (eCPPTv2) exam. As a security professional, I'm always on the lookout for new opportunities to improve my skillset and learn new techniques for attacking and defending networks, so I was excited to see what the course had to offer. I already have a few certifications including the Offensive Security Certified Professional (OSCP) and Expert (OSCE), so I have a pretty good background in the topics covered in the course, which include:

  • Fundamentals of buffer overflow exploits

“Extra credit” hardening options to maximize the security of your OpenVPN installation

In my previous article, I laid out a framework for building a modern, hardened OpenVPN server/client configuration. At the end, I noted there were some additional hardening steps that would be nice to take for extra security. In particular:

  1. Using an additional static TLS key in the initial TLS handshake to prevent denial-of-service attacks.

This guide will help you configure and secure OpenVPN using the latest best practices.

Since everyone is working from home for the foreseeable future, corporate IT departments are scrambling to bolster existing VPN solutions or deploy new ones as fast as possible. One of the most popular VPN solutions is OpenVPN, either used directly, or through appliances like the commercial OpenVPN Access Server or third-party VPN gateway products. Some third-party products are not quite upfront about being OpenVPN wrappers, so if you use an SSL VPN Gateway appliance, make sure to double-check the documentation to see if this guide applies to you. If it does, we’ll help you clean up your VPN configuration mess!

let’s clean up this mess

Why Hardening OpenVPN is Necessary

Windows 10 ships with two awesome features for users and developers who still work in Linux land. The first is the Windows Subsystem for Linux, which implements a subset of the Linux Kernel’s system calls to allow you to run native Linux userland utilities such as bash and friends, and ssh. It also includes a native windows build of OpenSSH, which means you don't even need to use WSL to SSH into your other machines! Unfortunately, neither option has any ssh-agent running by default, so if you have passphrase protected keys (which you should), then you'll need to enter the…

I’ve started experimenting with exposing some of my home lab services to the world without needing a VPN. Instead, I use Caddy (which is an excellent web server, and much easier to work with than Nginx) as a reverse proxy with TLS client certificates for authentication. Caddy’s built-in Let’s Encrypt functionality provides the server certificate, and my internal PKI provides the client certificates. I still want to have 2-factor authentication, though — a certificate is merely “something you have”, and I want to require “something you know,” too. Since all my PCs are recent enough to feature a TPM, I…

It seems convenient, but it’s a trap!

Two-Factor Authentication (2FA, also known as Multi-Factor Authentication, or MFA) is all the rage these days, and for good reason. Accounts secured by 2FA are much, much harder to compromise than accounts using only a single factor — so much more so that you can — sometimes — get away with an easier to type and remember (and therefore weaker) password when using it. The most common ways of implementing the second factor are SMS and TOTP (Time-Based One Time Password). When SMS is used, the site sends you a short numerical code via SMS after you enter your password…

Why Your Second Factor Isn’t Always as Trustworthy as a Password

The security of a 2FA-protected account is much greater than the security of an account protected by only one factor — in theory. In practice, there is more nuance to it than that. For 2FA, you are trusting the server to enforce the 2FA and not be compromised by hackers or compelled by law enforcement to allow them access to your data; meanwhile a service can be configured to use your password in a way that protects even against hackers or law enforcement. Understanding this nuance requires a deeper understanding of how 2FA works and how it does (or doesn’t!)…

Apple and Amazon Web Services allegedly affected, but issued strong denials.

Bloomberg published an article claiming that the US Government uncovered a hardware backdoor planted by the Chinese People’s Liberation Army in server motherboards produced by Supermicro, the world’s largest manufacturer of computer motherboards. The boards then made their way into the datacenters of US tech companies, including Apple, Amazon Web Services, and Facbeook. …

Tenable Security disclosed a proof-of-concept of a critical vulnerability in the Mikrotik RouterOS software, which powers their popular low-cost routers and wireless networking products. The vulnerability leverages a path traversal issue into full unauthenticated remote code execution; vulnerable routers can have their credential database stolen and a backdoor installed with just network access. The bug was originally disclosed as a medium-severity path traversal bug in August of 2018 and was subsequently fixed, but further research allowed Tenable to upgrade it to full remote code execution.

What is affected?

The bug affects all MikroTik-branded routers and wireless equipment running RouterOS versions below 6.42.7 or…

…and how do we secure it?

The world of consumer electronics is all abuzz about the Internet of Things (IoT) — from smart kettles to smart refrigerators, it can almost seem like everything with an electrical socket is also getting WiFi connectivity and a smartphone app. The demand for computerized appliances has flooded the market with low-cost, low-power radios, processors, and other components required to make toasters send emails, and the technology has begun to seep into other industries. One of the closest gaps the technology has jumped is from the consumer space to the industrial space, known in that space as the Industrial Internet of…

Shea Polansky

Security Analyst for Independent Security Evaluators

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store