Windows Admin seeks helps on Security certs

RT8

Hi Team,

I am just a beginner started to explore InfoSec and trying to shape up my career.

Myself with 10 years of experience in Active directory/PKI/Azure and IAM products like FIM, little bit on Oracle Identity manager. I have MCSA/MCSE/MCITP and 70-533. My current designation best describes as Sr. IAM expert with good proficiency in AD/PKI.

Since then gain knowledge in PKI, I have been thinking to route the career into InfoSec pathway but unfortunately don't have enough experience yet.

Further consult with peers/research including TechExams forum, I believe securing CISSP certificate which is the golden ticket to the InfoSec and might also weighs me of getting job.

My personal interest is to have CISSP + CCSP (since already have experience in Azure and have decided to spend good time to learn other cloud provider technologies) which accelerate to become a Cloud Security specialist/consultant in say 2 to 3 years!

I am not a programmer and my academic is on Electronics engineering so I’m not looking to crack Ethical hacking/Forensic (I believe it does need programming/code knowledge)

I may be wrong assuming things as InfoSec is broad domain, hence yours expertise advise on which certs are better considered, what are the possible career path I could look at and anything on this would be highly respected


Many Thanks,
RT8

Phalanx

Actually interested in this thread, as I'm in the same boat, with no coding background but a growing interest in security. Be interesting to see what veterans of the sector think.

NotHackingYou

I think you are on the right track. You might look at some of the Amazon cloud studies as well.

chrisone

CISSP is always a good goal to get. For experienced windows guys with AD experience I would also look into powershell hacking and active directory hacking. Those two are hot items right now and should come easy to experienced windows guys.

Phalanx

chrisone wrote: »

CISSP is always a good goal to get. For experienced windows guys with AD experience I would also look into powershell hacking and active directory hacking. Those two are hot items right now and should come easy to experienced windows guys.

Are there certifications to go with this, even if it's only part of the certification, or is it a skillset that is asked for but not certified?

TheFORCE

Phalanx wrote: »

Are there certifications to go with this, even if it's only part of the certification, or is it a skillset that is asked for but not certified?

they are included in the MCSA/SE tracks but obviously learning enough to pass an exam is not the same as being a guru in PowerShell scripting. Just learn as much as possible and expand your knowledge of PowerShell scripting.

RT8

Yes, that is definitely in the to-do list. Thank you!

RT8

This is a good spot! will include it in the bucket. Thank you!

So, in short having CISSP+ CCSA + PowerShell provides an edge in the security world. Thank you all for you valuable advice

rwmidl

I came from a similar background as you so here are my thoughts.

- Sec+ = good intro level security certification
- CISSP
- if you can afford it, look hard at SANS SEC505, Securing Windows and Powershell and then test/take the GCWN.

chrisone

Phalanx wrote: »

Are there certifications to go with this, even if it's only part of the certification, or is it a skillset that is asked for but not certified?

There are no Microsoft certifications based on the subject of powershell hacking or active directory hacking.

Several teams offer powershell/active directory hacking courses.

SpecterOps.io - pretty much the pioneers and gurus of PS/AD hacking taught by the creators of (Bloodhound, Empire, PowerForensics, PowerSploit)
www.SpecterOps.io
Trimarc "Sean Metcalf" - Is another genius pioneer in AD security training .
https://www.trimarcsecurity.com/training - https://adsecurity.org/
eLearnSecurity - Their PTX course/certification has some red team adversary tactics that go into active directory hacking but nothing as advanced as Sean Metcalf or the SpecterOps crew.
https://www.elearnsecurity.com/course/penetration_testing_extreme/
Pentester Academy - had an active directory attacks for red/blue team course at blackhat.
https://www.blackhat.com/us-17/training/schedule/index.html#active-directory-attacks-for-red-and-blue-teams-5727
http://www.pentesteracademy.com/course?id=21
http://www.pentesteracademy.com/course?id=35


There is really no big brand certification in regards to powershell hacking and active directory. I would gladly give up all my certs if I knew what these guys know about hacking with PS/AD. The skill and demonstrating it is more important that a certification. Id rather write a white paper or two about the topic and use that as my certification.

Phalanx

Thank you chrisone. Which of those sites would you recommend for someone starting into the training of it? I'm looking more at SpecterOps right now.

636-555-3226

I always recommend newbies start with Security+. A good, 101-level, broad introduction to most things infosec-related. Once you've got that under your belt you'll have a good idea of what interests you and which rabbit hole you want to go down.

chrisone

Phalanx wrote: »

Thank you chrisone. Which of those sites would you recommend for someone starting into the training of it? I'm looking more at SpecterOps right now.

SpecterOps is a very good place to start. For starters I would check the tools they created, read and get the general idea of what each does, then get deeper into how to use them. As you get into "the how" of using these tools you come across technologies such as powershell and active directory that you will have to do further research on. For instance I am getting into Bloodhound so I had to pick up other books to read up on Active Directory and using powershell to manage active directory. These are things maybe a seasoned Microsoft guy knows and have a better understanding than myself.


Will (harmj0y – security at the misfortune of others) and (Sean Metcalf - https://adsecurity.org/) I would say are leading the area of AD security/pentesting.
Empire (Powershell hacking) - https://github.com/EmpireProject/Empire
Bloodhound (Active Directory)- https://github.com/BloodHoundAD/BloodHound/wiki

Matt Greaber is a Genius in Powershell Pentesting and leads the SpecterOps Powershell adversary tactics course - https://github.com/mattifestation
http://www.exploit-monday.com/
https://twitter.com/mattifestation?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor


Jared Atkinson (Invoke-Ir - Genius at Forensics/PS Pentesting) - http://www.invoke-ir.com/ , https://twitter.com/jaredcatkinson?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor
Powershell Forensics - https://github.com/Invoke-IR
PowerForensics - https://powerforensics.readthedocs.io/en/latest/
PowerSploit (Like MetaSploit, but powershell ) - https://github.com/PowerShellMafia

Lee Christensen (PowerShell and Cobalt Strike Pentesting Genius) - https://twitter.com/tifkin_
https://github.com/leechristensen/

I am not a windows guru and I felt lost many times during these courses and classes. I was recommended Windows Internals and I am going over those now. Truth be told, I am going to circle back towards these courses in order to solidify the areas I struggled with.

Pretty awesome to map out Active Directory vulnerable attack paths and show management.
https://blog.stealthbits.com/wp-content/uploads/2017/03/BloodHound-Attack-Graph.png

SpecterOps company was announced at blackhat/defcon 2017. They are an allstar team of guys who built tools and worked at other companies that formed like voltron to create SpecterOps lol
https://specterops.io/who-we-are/the-team

I had to add and give credit to many of the guys who have seen my face, they would kill me if I didn't give them credit hahaha

RT8

Sorry for the late reply. Many Thanks for enlightened lots o details. Thank you!