About
Enthusiastic and success-driven IT professional with over 4 years of experience in IT…
Activity
-
Crazy to think it’s already been three weeks since I started my new role as a Jr. Cybersecurity Analyst! I thought I’d share some insights into the…
Crazy to think it’s already been three weeks since I started my new role as a Jr. Cybersecurity Analyst! I thought I’d share some insights into the…
Liked by Frederick Alonge
-
The Cybersecurity Certification Scam Why We're Paying, but Not Winning The security industry wasn’t always like this. Back in the 1990s…
The Cybersecurity Certification Scam Why We're Paying, but Not Winning The security industry wasn’t always like this. Back in the 1990s…
Liked by Frederick Alonge
-
Excited to announce that I have officially earned the CompTIA CySA+ (Cybersecurity Analyst) certification! This certification reinforces my…
Excited to announce that I have officially earned the CompTIA CySA+ (Cybersecurity Analyst) certification! This certification reinforces my…
Liked by Frederick Alonge
Experience
Education
-
Seneca College
-
Project Leadership, Systems Development, Quality Assurance, Risk Assessment, Project Control
-
-
Authentication and Access Control, Security Architecture, Information Security, Ethical Hacking, IT Security Forensics, Mobile Application Security Assessment
-
-
Licenses & Certifications
Projects
-
Malicious Document Analysis
-
-Examined malicious documents to identify hidden indicators of compromise (IOCs) for threat intelligence.
-Implemented both static & dynamic analyses to examine the documents’ nature and contents, and understand their behaviors and capabilities.
-Consulted the MITRE ATT&CK framework to understand the strategies adopted by threat actor.
-Highlighted effective defense strategies to defend against macro malware and mitigate potential attacks.
-Other tools used include…-Examined malicious documents to identify hidden indicators of compromise (IOCs) for threat intelligence.
-Implemented both static & dynamic analyses to examine the documents’ nature and contents, and understand their behaviors and capabilities.
-Consulted the MITRE ATT&CK framework to understand the strategies adopted by threat actor.
-Highlighted effective defense strategies to defend against macro malware and mitigate potential attacks.
-Other tools used include Exiftool, Oletools, Virustotal, Joe Security Sandbox and CyberChef -
Penetration Testing - Eternal Blue
-
-Deployed Kali Linux and hacked into a Windows machine, leveraging eternal blue vulnerability.
-Utilized Metasploit to exploit flaw, escalate privileges and retrieve sensitive system files. -
Phishing Email Analysis
-
-Checked the content of the email for anything uncharacteristic of the supposed sender.
-Conducted email header analysis to identify indicators of compromise and potential threats.
-Applied security controls to mitigate associated risks.
-Tools used include PowerShell, HashCalc, Mozilla Thunderbird, VirusTotal and AbuseIPDB. -
Security Operations Center (SOC) Lab
-
-Created a home lab setup on VMware, configuring Windows Server 2019 with client machines and administering AD user accounts and group policies.
-Automated user account creation through PowerShell scripting, improving efficiency in user management.
-Implemented Sophos EDR for threat detection and integrated Sumo Logic for log analysis.
-Conducted vulnerability assessments with Nessus, applied necessary patches, and monitored for compliance.
-Deployed advanced…-Created a home lab setup on VMware, configuring Windows Server 2019 with client machines and administering AD user accounts and group policies.
-Automated user account creation through PowerShell scripting, improving efficiency in user management.
-Implemented Sophos EDR for threat detection and integrated Sumo Logic for log analysis.
-Conducted vulnerability assessments with Nessus, applied necessary patches, and monitored for compliance.
-Deployed advanced security policies in Microsoft Defender to safeguard users from phishing, spam, and malware.
More activity by Frederick
-
🎉 I PASSED THE CISSP EXAM! 🎉 To say I’m in disbelief would be an understatement. I didn’t feel ready at all. The only reason I even took the exam…
🎉 I PASSED THE CISSP EXAM! 🎉 To say I’m in disbelief would be an understatement. I didn’t feel ready at all. The only reason I even took the exam…
Liked by Frederick Alonge
-
Flew all the way to Japan to interview the one and only Josh Madakor 😁🤝 Any guesses on the topic of our interview? 👀 Super excited to share…
Flew all the way to Japan to interview the one and only Josh Madakor 😁🤝 Any guesses on the topic of our interview? 👀 Super excited to share…
Liked by Frederick Alonge
-
Uniting Nations Against Cyber Criminals: A Call to Action! Join the urgent discussion at the United Nations, as our speaker emphasizes the necessity…
Uniting Nations Against Cyber Criminals: A Call to Action! Join the urgent discussion at the United Nations, as our speaker emphasizes the necessity…
Liked by Frederick Alonge
-
🚀 #SecTor2024! 🚀 I had an amazing time connecting with clients, partners, and friends at Toronto's premier cybersecurity conference. Representing…
🚀 #SecTor2024! 🚀 I had an amazing time connecting with clients, partners, and friends at Toronto's premier cybersecurity conference. Representing…
Liked by Frederick Alonge
-
Learn 100+ Premium Cybersecurity Courses Online With Lifetime Membership -> https://lnkd.in/gpvdaCSX Apply $100 Discount Coupon: BFCM24 Black Friday…
Learn 100+ Premium Cybersecurity Courses Online With Lifetime Membership -> https://lnkd.in/gpvdaCSX Apply $100 Discount Coupon: BFCM24 Black Friday…
Liked by Frederick Alonge
Other similar profiles
Explore more posts
-
ITExamtools™ - Best of IT Learning
🛡️ Top Entry-Level Cyber Security Certifications for You in 2024 ------------------------------------ Are you ready to embark on a career in cyber security but unsure where to begin with certifications? Choosing the right entry point is crucial to building a strong foundation in this dynamic field. Our guide highlights the top entry-level certifications to consider in 2024, tailored to kickstart your cyber security journey. What You'll Learn: ➤ Certification Options: Discover the best certifications for beginners and those transitioning from other IT roles. ➤ Career Path Suitability: Understand which certifications align with specific cyber security career paths. ➤ Preparation Tips: Gain insights on preparation resources and training courses that will set you up for success. Avoid the common pitfalls and misinformation about starting certifications. Whether you're a complete novice or an IT professional pivoting to security, we'll guide you to the right certification. 🔗 Empower your cyber security career with the right certification https://lnkd.in/dT4t8yNJ
-
Samuel Darko
A very busy day in the life of Cybersecurity Analyst · Phish Alerts:15 Spam Messages(Benign), 2 true Positive, 5 legitimate messages. · CrowdStrike Falcon Alerts: 10 alerts, 7 False Positives and 3 True Positive · Proofpoint Alerts: 0 alerts 😅 · DUO (MFA) Alerts: 5 alerts (False Positive) · Privileged Access Requests: 5 requests under review for approval · Vulnerability Management: Tickets created assigned to HD · Sam's Open Tickets: 20 tickets working on these · Microsoft Sentinel Alerts: 11 alerts under review · Created our Monthly Phishing Campaign, going out sometime soon · Software request tickets: 10 tickets under review for approval 😀 😒 😩
2 Comments -
David Gadd 🇬🇧 🇨🇦
Save Your Time (which means you save money....) & Save You Getting Hassle! If you are looking for Cybersecurity or IT Security skills, with the cyber job market opening up, along with more & more security professionals looking for their next job move, the last thing you want is to be inundated with non-relevant applicants & being hassled by agencies promising the world❗ Our recent clients turned to TechCyber Solutions rather than advertising their jobs online due to the amount of time wasted, cost and hassle they went through the last time they tried to hire directly. By engaging with our extensive Cybersecurity & IT Security network & community, for these clients, we have established the required skills within time & budget, as well as preventing our clients from receiving direct hassle. Let us keep your hiring campaigns out of the 'online' spotlight and let us deliver through our existing relationships with our engaged network. DM me so we can discuss your needs👍 #cyber #cybersecurity #cyberjobs #ciso #cisos #cisolife #infosec #informationsecurity #infosecjobs #talentacquisition
-
CTG Infosec Jobs
Aspiring SOC Analysts... Want to know the TOP Tasks, Knowledge and Skills Hiring Managers need from an Entry Level SOC Analyst? My colleague asked 4 SOC Hiring Managers what the most important Tasks, Knowledge, and Skills they need from entry level talent. Here’s what they said. Top Tasks: - Characterize and analyze network traffic to identify anomalous activity and potential threats to network resources. - Identify anomalous network activity - Determine causes of network alerts - Analyze network traffic anomalies - Coordinate with enterprise-wide cyber defense staff to validate network alerts. - Validate network alerts - Communicate cybersecurity attacks and intrusions alerts - Document and escalate incidents (including event’s history, status, and potential impact for further action) that may cause ongoing and immediate impact to the environment. - Document cybersecurity incidents - Use cyber defense tools for continual monitoring and analysis of system activity to identify malicious activity. - Perform continuous monitoring of system activity - Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings). - Provide intelligence analysis and support - Correlate threat assessment data - Correlate incident data - Notify designated manager, cyber incident responders, and cybersecurity service provider team members of suspected cyber incidents and articulate the event history, status, and potential impact for further action in accordance with organizational procedures and policy. Top Knowledge: - Risk management processes (e.g., methods for assessing and mitigating risk). - Laws, regulations, policies, and ethics as they relate to cybersecurity and privacy. - How traffic flows across the network - Network security architecture concepts including topology, protocols, components, and principles (eg., application of defense-in-depth) - Application Security Risks (e.g. Open Web Application Security Project Top 10 list). - Computer networking concepts and protocols, and network security methodologies. - Cybersecurity and privacy principles. - Cyber threats and vulnerabilities. Top Skills: - Detecting host and network-based intrusions via intrusion detection technologies. - Evaluating the adequacy of security designs. - Recognizing vulnerabilities in security systems (vulnerability and compliance scanning) - Applying cybersecurity and privacy principles to organizational requirements (relevant to confidentiality, integrity, availability, authentication, non-repudiation). If you are looking to enter cyber as a SOC Analyst, go deep on these skills, get a cert or two to back it, and you are ready to interview!
-
Robert Muskett
The Big Cybersecurity secret Numerous sources have shared that large numbers of teachers are leaving the field. So where are they going? They all can’t be earning a living as an Instagram influencer. Data shows that teachers are seeking positions which provide a more robust salary and benefits package but also a more professional work environment. For some it is earning their Project Management Professional ( PMP) certification while others are getting their cybersecurity certs. For employers, this is a good transition because of the large numbers of openings and the fact that most teachers have or are completing a masters degree. I believe the numbers will only increase as teachers entering the Cybersecurity field share the benefits with other teachers who are in many cases overworked and underpaid. Just as the private sector has ways to attract and keep employees, the K-12 education field has to develop ways of letting teachers know they are appreciated and needed. Lanyards and coffee cups are nice but what teachers want more than money if to feel like their administrators view them as colleagues and valued. Maybe a cupcake, too!
-
David Meece
Are you still looking for a job in cybersecurity? I have 102,243 folks in my network to share with you. "Let's network together and help each other get hired in 2024!!" Let's take full advantage of this networking opportunity and connect with likeminded individuals and make meaningful relationships today. ✅️ Opportunities comes from building relationships and networking. ✅️ BONUS networking opportunity: 🔥👇👇👇 🚨🚨 https://lnkd.in/gkrcCxMc I believe in the power of networking on LinkedIn.. I want you to connect to me and the other great folks in my network today. Lets make genuine and meaningful connections today. Feel free to connect to with me and my network. Grow your professional network by following these 3 simple steps below: 👉 1. Introduce yourself (tell your story) 👉2. Engage with people in the comments (network and build relationships) 👉3. Repeat this process consistently each week (make meaningful connection) Every weekend, I host a Cybertech Dave networking event. :) I want to see people leverage LinkedIn to get a job in cybersecurity. Let's build our network together. And help each other.. Don't forget to send a note and connect with these folks: 👇👇 Lorraine K. Lee Kevin Kovach Jason Haddix Alexandre BLANC Cyber Security Laios Barbosa Dr. Martha Boeckenfeld Jean-Francois Maes Jorge Orchilles Carolina Bozza Andréa Thomé Burcu YARAR Dan Williams Rana Khalil Aaron Lax Phillip Wylie Chris Roberts Confidence Staveley Sabrina Ramos Zinet Kemal Chuck Brooks Alexis Ahmed ☁️ Christophe Foulon 🎯 CISSP, GSLC, MSIT Ataide Junior 🐾 Carol Valencia Gabrielle B. Andréa Thomé Carolina Bozza Thomas Richard Jean-Francois Maes Jessica B. Tib3rius Shane Simmons Eric Crump Ashwin Krishnan Jane Frankland Candace Williams MBA, CCISO, CISA, CISM Dr. Willie Sanders, Jr. Monica Verma 🏳️🌈 Maril Vernon, CEH, MSCSIA Caitlin S. All of these professionals have so much good content it's hard to catalog. Please start following everyone I mentioned above to enhance your cybersecurity content in your daily LinkedIn feed :) #cybersecurity #infosecurity #infosec #leadershipbyexample
64 Comments -
Kenneth Ellington, Cyber Security Instructor
Landing your first role in Cyber/IT is hard. Becoming a senior in Cyber security is extremely hard. Getting recruiters and other businesses to reach out to you for various opportunities is beyond hard. So how did I figure out how to do it? Better yet how do I teach my students the same techniques in order for them to achieve the same or similar results that I got over the years? Pretty simple, it’s called putting yourself out there or getting comfortable with being uncomfortable. Two quicks things, see how I said simple and not easy? Two completely different things. Second thing the above and below will not guarantee you will get a job or new business opportunity after one week of doing it. The biggest thing is consistently showing up every single day over and over again. Putting yourself out there could mean many different things. ✅Posting on LinkedIn ✅Sharing your insights on Youtube ✅Going to network events or conferences and volunteering ✅Doing freelance work Again, the biggest thing is starting and not being afraid to fail. Just ask Courtney Wright or Hazel Miranda two of my former and current apprentice instructors. Now if you need help with this strategy and want someone to guide you down the right path as it relates to SIEM and SOAR technologies. DM me the phrase “Jointhedarkside” to start the conversation. #cybersecurity #ellingtoncyberacademy #engineering #siem
5 Comments -
Query
In case you missed it... 😖 SOC Analyst #1: Tell me again, why don’t we store all of the observability and network logging data in the data lake? 😇 SOC Analyst #2: Well, that would be a lot of data to keep indefinitely! 🤦 SOC Analyst #1: Uh, yeah, duh. The IT Ops team has it though, it’s inside of Amazon OpenSearch Service. 😨 SOC Analyst #2: Don’t you need to know Lucene to get at the data? 🤓 SOC Analyst #3: Actually, I am pretty sure it is a domain specific language… 😆 SOC Manager: You’re both right, it can use either, or a graphical interface. 😠 SOC Analyst #1: Okay, that’s well and good, but we got off the SIEM and moved to the data lake and I feel we’re still missing stuff. I thought cheap storage was the reason to get off of the old SIEM?! 🤓 SOC Manager: Well, those things tend to equal out, we also have to be careful with our compute charges. 🤑 SOC Analyst #3: They always get you! 😮💨 SOC Analyst #1: Alright, fine, I’m here to do SecOps not to do FinOps…even if IT does give us access, I don’t miss having to search across a bunch of different indices and learn another query language. Ain’t no one got time for that! Any chance Query can help us dodge that bullet again? 😤 SOC Analyst #2: Hold on. [TYPES FURIOUSLY] Yes! They are working on an Amazon OpenSearch Service integration right now! No Lucene, no DSL, no one-index-at-a-time – just like they do it for our lake and our other tools! 😀 SOC Manager: Yes…says they will handle all of the query translation, and normalize the data in OCSF like everything else, so we can reuse a lot of our playbooks and automation content. 😍 SOC Analyst #1: LFG! I love OpenSearch Service and Query together. Nothing is beyond our reach! 😎 SOC Analyst #2: Based. Read more: https://hubs.li/Q02-pdDW0 #opensearch #opensearchservice #loganalytics #elk #siem #federatedsearch #observability #aws
-
Query
😖 SOC Analyst #1: Tell me again, why don’t we store all of the observability and network logging data in the data lake? 😇 SOC Analyst #2: Well, that would be a lot of data to keep indefinitely! 🤦 SOC Analyst #1: Uh, yeah, duh. The IT Ops team has it though, it’s inside of Amazon OpenSearch Service. 😨 SOC Analyst #2: Don’t you need to know Lucene to get at the data? 🤓 SOC Analyst #3: Actually, I am pretty sure it is a domain specific language… 😆 SOC Manager: You’re both right, it can use either, or a graphical interface. 😠 SOC Analyst #1: Okay, that’s well and good, but we got off the SIEM and moved to the data lake and I feel we’re still missing stuff. I thought cheap storage was the reason to get off of the old SIEM?! 🤓 SOC Manager: Well, those things tend to equal out, we also have to be careful with our compute charges. 🤑 SOC Analyst #3: They always get you! 😮💨 SOC Analyst #1: Alright, fine, I’m here to do SecOps not to do FinOps…even if IT does give us access, I don’t miss having to search across a bunch of different indices and learn another query language. Ain’t no one got time for that! Any chance https://query.ai can help us dodge that bullet again? 😤 SOC Analyst #2: Hold on. [TYPES FURIOUSLY] Yes! They are working on an Amazon OpenSearch Service integration right now! No Lucene, no DSL, no one-index-at-a-time – just like they do it for our lake and our other tools! 😀 SOC Manager: Yes…says they will handle all of the query translation, and normalize the data in OCSF like everything else, so we can reuse a lot of our playbooks and automation content. 😍 SOC Analyst #1: LFG! I love OpenSearch Service and Query together. Nothing is beyond our reach! 😎 SOC Analyst #2: Based. Read more: https://hubs.ly/Q02Z3msP0 #opensearch #opensearchservice #loganalytics #elk #siem #federatedsearch #observability #aws
3 Comments -
vulns.space
🚨 SECURITY ALERT: CVE-2024-44208 🚨 📝 CVE DETAILS: - 🆔 Vulnerability: CVE-2024-44208 - 📅 Publication Date: 2024-10-28 21:15:06 UTC - 🛡️ MITRE Tactics and Techniques: Tactics: - Tactic Name: Active Directory Access Control. Brief description of the tactic: Restricting access to Active Directory objects. MITRE ATTCK ID: TA0003 - Tactic Name: Privilege Escalation. Brief description of the tactic: Gaining higher-level permissions. MITRE ATTCK ID: TA0004 - Tactic Name: Defense Evasion. Brief description of the tactic: Techniques for evading security tools and processes. MITRE ATTCK ID: TA0005 - Tactic Name: Execution. Brief description of the tactic: Running malicious code. MITRE ATTCK ID: TA0002 - Tactic Name: Initial Access. Brief description of the tactic: Gaining initial foothold in a system or network. MITRE ATTCK ID: TA0001 - Tactic Name: Data Recovery. Brief description of the tactic: Restoring data from backups or other sources. MITRE ATTCK ID: TA0010 Techniques: - Technique Name: Exploitation for Privilege Escalation. Brief description of the technique: Exploiting vulnerabilities to gain higher privileges. MITRE ATTCK ID: T1068 - Technique Name: External Remote Services. Brief description of the technique: Leveraging external remote services for access. MITRE ATTCK ID: T1133 - Technique Name: Valid Accounts. Brief description of the technique: Using valid accounts for access. MITRE ATTCK ID: T1078 - Technique Name: Multi-Factor Authentication Interception. Brief description of the technique: Intercepting MFA tokens or requests. MITRE ATTCK ID: T1566 - Technique Name: Network Intrusion Prevention. Brief description of the technique: Detecting and blocking malicious network activity. MITRE ATTCK ID: T0615 - Technique Name: Security Information and Event Management. Brief description of the technique: Collecting analyzing and correlating security logs. MITRE ATTCK ID: T0603 - Technique Name: Endpoint Detection and Response. Brief description of the technique: Monitoring endpoint activity and detecting malicious behavior. MITRE ATTCK ID: T0622 - Technique Name: Patch Management. Brief description of the technique: Applying patches to remediate vulnerabilities. MITRE ATTCK ID: T0610 - Technique Name: Data Backup. Brief description of the technique: Creating backups of data to enable recovery. MITRE ATTCK ID: T0625 - Technique Name: Sandbox. Brief description of the technique: Isolating code execution to prevent harm. MITRE ATTCK ID: T0617 - 🌐 References: https://lnkd.in/g2KjzaGe #CVE #CyberSecurity #InfoSec #Vulnerability #TechNews #AI #Automation
-
Amine ZERARKA
🚨 Zero-Day Alert: New Microsoft Vulnerability Discovered After September Patch Tuesday! 🚨 📅 16 September 2024 Severity: High (CVSS 8.8) A new zero-day (CVE-2024-43461) targeting the Windows MSHTML platform has been added to Microsoft's September Patch Tuesday. This vulnerability, actively exploited in the wild, allows attackers to spoof legitimate content and trick users. It’s linked to CVE-2024-38112, a vulnerability patched in July 2024, but hackers have found a way to bypass the initial fix. 🔑 Why It Matters: If exploited, CVE-2024-43461 can mislead users into interacting with malicious content, posing serious risks. Though it's being actively exploited, Microsoft did not list it as "under active attack" in its advisory, making it essential to apply both the July and September updates to stay fully protected. Other critical zero-day vulnerabilities fixed in September include: CVE-2024-38014 (Privilege Escalation) CVE-2024-38217 (Security Feature Bypass) CVE-2024-38226 (Microsoft Publisher) CVE-2024-43491 (Remote Code Execution) 💡 What You Can Do: Enable automatic updates to ensure security patches are applied immediately. Configure firewalls to block suspicious traffic. Enable system logging and monitor for unusual activities. ⚠️ Awareness Tip: Zero-day exploits spread fast! Keep your systems up to date and review your security controls regularly. #CyberSecurityAwareness #ZeroDay #PatchTuesday #MicrosoftSecurity #ThreatAlert #StayProtected #CyberResilience
-
Query
🙄 SOC Analyst 1: Dude. I hate how fast we close acquisitions these days. 🤨 SOC Analyst 2: Why? What seems to be the problem? 😤 SOC Analyst 1: Well, the last three companies we bought all had Carbon Black Cloud Enterprise EDR. So, when I get these CISA alerts about indicators, I have to check three separate platforms in three different organizations for the indicators. 😎 SOC Analyst 2: Not anymore! I fixed that. 🧐 SOC Analyst 1: Oh, did we merge them all into one platform? 🧠 SOC Analyst 2: LOL…no. Query released an integration for Carbon Black, so now one Query search will cover all three platforms, plus all the other integrations we have set up — Splunk, CrowdStrike, etc. 🤯 SOC Analyst 1: YES! That is going to really reduce the time it takes me to search across all the platforms, AND we didn’t have to move all of this data into our SIEM to do it — we could leave it where it is! Wow, think of what I can do with all of this free time! 🤓 SOC Manager: Did someone say they had free time? —-------------------------------- Read more: https://hubs.li/Q02Ct4P80 #carbonblack #edr #federatedsearch
-
Cyber Coffee Hour Podcast
Ok, Let's boost up this Monday. BSCP (PortSwigger ) + OSCP >= CISSP. Remember, cite Alfredzo Nash (The MoCF) don't fight him Coffee Makers. CISSP is listed on every industry job requirement, however the Cybersecurity industry is consistently evolving and we need to focus on which certifications align to addressing workforce shortages and secure by design. Stay tuned for more. WIP on blog and more from your fellow Coffee Makers. Remember, stay caffeinated and take longer 15 minute breaks were applicable #coffeemaker #bartertown #levelfyi #skillup #speedrunner
-
Tyler Wall, MSc., CISSP, CCSK
Aspiring SOC Analysts need to have a Medium blog. I tell people this, and they never do it, and I'm just going to keep on sayin' it. And it would be best if you blogged 2x a week. Don't even put any thought into followers. If you get them, great, but it's not why you're there. You're there to establish your backstory (why you're interested in cybersecurity and what brought you here) and your journey to become a SOC analyst. You will create walkthroughs of your cloud lab projects so your peers can follow along and write reviews on any training or books you've read. There is plenty to blog about as a beginner. Medium has great SEO that will make your name searchable on Google, and it has a huge built-in tech audience. Your resume should include a link to your Medium and be cross-posted to your LinkedIn to ensure the hiring manager spends more time considering you as a candidate. Don't disappear in social media algorithms in just a couple of days. #SOCAnalyst #SecurityOperationsCenter
31 Comments -
Bo Jane Brown
Here are my thoughts on OffSec's new OSCP+ certification, formerly just OSCP, & exam ( https://lnkd.in/eT6JJFQM ) 1. Due to government requirements for certificate recognition, many companies have switched to an expiring - cert model, most notable CompTIA. Having to frequently update your certification is unnecessary and annoying for many positions, so OffSec's model of simply downgrading OSCP+ --> OSCP is a clever solution. 2. While I agree with removal of the extra credit, I believe they should have allowed anyone who purchased the Learn One pass to follow through and take the old OSCP exam with the extra credit up until their pass expired. The 10 points extra credit may have been a deciding factor for a number of people who chose to enroll in PEN-200, and announcing that this is being taken away with just 2 months notice does not seem fair to me. 3. The Active Directory section being made harder and mandatory to the point where it is 100% impossible to pass without fully compromising the AD machines, whereas previously it was possible to pass without AD if you had the extra 10 pts. This is reflective of the dominance of AD in industry, and this is OffSecs way of saying "you need to understand AD if you want to be an industry pentester."
1 Comment
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore MoreOthers named Frederick Alonge
1 other named Frederick Alonge is on LinkedIn
See others named Frederick Alonge