MSc Assignment 4 - Open Professional Practise - Cyber Security


A padlock engraved into a circuit board.

I'm doing an apprenticeship MSc in Digital Technology. In the spirit of openness, I'm blogging my research and my assignments. This is my paper from the OPP module - where I can choose any subject. I picked Cybersecurity. You can read my Digital Leadership paper, my Data Analytics Paper, and my Business and Technology essay. I've previously written about the Art of Hacking course. The middle two parts of this paper are about that - why I chose it and how I put it into practice. The first and …

Continue reading →

APMG Linux Proctoring - Certified In The Art of Hacking Exam


Vertical questions, but horizontal buttons.

As I mentioned in a previous blog post, I was unsure how I was going to complete a security exam due to ProctorU not supporting Linux. I'm delighted to say that the examiners - APMG - were understanding about my plight. They were aware of ProctorU's limitations and had a workaround. They had me install Beyond Trust's "bomgar" Linux client - which is a simple Remote Desktop app. It was preconfigured with my invigilator's details and they were able to remotely see my screen and control my…

Continue reading →

Certified in The Art of Hacking - Day 5


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Verdicts Some of the lab tasks were impossible without looking at the cheat sheet. I got stuck on one because the question told me to go to one URl, but I had to guess the one which was vulnerable. Felt like a bit of a "gotcha" moment. Perhaps in a proper lab environment it might have made more sense - but…

Continue reading →

Certified in The Art of Hacking - Day 4


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! The penultimate day. Try not to worry about the upcoming exam! Today was lots of HTTP, TLS, and other low-ish level stuff like that. But mostly focussed on common website attacks. Verdict Bit of a repeat of yesterday's Windows session to make up for the broken labs. The exam requires 50% right answers to…

Continue reading →

Certified in The Art of Hacking - Day 3


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Day 3 - the day I was dreading most of all… Windows! I've been avoiding M$ WinDoze (LOL!!!) since long before it was fashionable. Even at my earliest jobs, I'd find a way to convince the IT department to let me run Linux on their kit. I'm penguin-powered, baby! So, what can an Ubuntu toting geek learn about …

Continue reading →

Certified in The Art of Hacking - Day 2


Logo for QA's certified in the art of hacking course.

This is a diary of what I've learned. Hopefully it will let other learners know what the course is like, and if it is worthwhile. Oh, and it might just help me remember what I'm learning! Day 1 was all about password cracking and metasploit. Today? Linux Hacking! Sadly, we aren't learning anything to do with distributing 1337 cracks for warez (so 1998!). One point to note is that the questions we're set are extremely vague. Here's a sample: Exploit the HeartBleed vulnerability on…

Continue reading →

Certified in The Art of Hacking - Day 1


Logo for QA's certified in the art of hacking course.

As part of my MSc, I have to take three "Professional Practice" courses. The course provider, QA.com, let me choose anything from their online catalogue. The first I'm doing is Certified in The Art of Hacking. As regular readers will know, I'm pretty reasonable at hacking. I have received bug bounties from Google, Twitter, Samsung, and a bunch of others. I don't claim to be an expert - and I doubt I'll be on any top-10 lists - but I have a reasonable, albeit informal, background. It's that…

Continue reading →