Tell me a bit more about yourself? Current occupation? Aspirations?
I started using PentesterLab at around 2014. At that point of time, I was a complete newbie to the security scene — I knew nothing about what XSS was, or SQL Injection, or any of the typical techniques a security person ought to know. It was then I started doing the Web for Pentester series (back when they were just offered as .iso files) and was hooked on to the exercises; the challenges were well paced and I really found myself learning a lot, stumbling a lot, but then getting back up and eventually solving a lot. What I really appreciated was that it was free — so even as a student, I had access to these materials that proved invaluable to my development as a security professional. I would say PentesterLab has been an integral part of my journey in security, and so I am more than happy to recommend you guys to anyone who’s new out there!
Today, I am a fast track student of the School of Information Systems at Singapore Management University, and will be pursuing my Masters in Information Security at Carnegie Mellon University. PentesterLab was invaluable in my roles when I was an intern at a consultancy (in their cyber security advisory department) and as a security researcher in a government agency in Singapore. I am also currently OSCP/OSCE certified. Because of what PentesterLab did for the community, I was inspired to do my own part — I organised a bunch of CTFs in Singapore, one for high school students (WhiteHacks@SG) and another for university students (CrossCTF 2017). I have also managed to contribute back to the tools I am using (I was a Nmap contributor last summer).
How did you come across PentesterLab PRO?
I was very fortunate that my alma mater had the foresight to enrol for several slots in PentesterLab PRO. I took advantage of the opportunity (having done some of the labs previously) and was surprised to see the content available. What really struck me was the quality of the content and how real world the exploits were — these were real CVEs — and from experience it takes a long time to set up systems like this to play with, so I really appreciated the resource! Furthermore, each exercise came with a guide so if you got lost you could just follow the guide to get back on track.
What have been your favourite exercises so far?
I particularly liked the Man-in-the-Middle exercises in PentesterLab PRO, which is something I have never played before and I was pleasantly surprised that an exploit like this can be done and taught over the cloud!
Do you do bug bounty? and if yes, did PentesterLab help you?
I currently don’t do bug bounty due to other time commitments, but with PentesterLab I am definitely confident to start!
What exercises/areas do you think PentesterLab should cover in the future?
I would really love it if PentesterLab covered more on enterprise network penetration testing — practicing how to pivot across different networks and learning more about how to exploit the Active Directory environment in Windows Servers!
Where can people follow your progress?
You can find me on Twitter — @waituckk