[TCM] Practical Ethical Hacking Kickoff by TCM Security

PNPT TIME!

I'm stoked to kickoff The TCM Security course Practical Ethical Hacking, one of a few courses that I will be taking from the company before attempting their PNPT certification. 

I'm bringing in a fair amount of foundational knowledge already but think I may need some extra study in a few areas, so I'll be sure to detail those as I get to them. 

If you don't know a ton about TCM or the PNPT well here's a challenge to you. Check out the links, join the discord channels available, and absolutely follow TCM/Heath Adams on LinkedIn, Twitter, Twitch, YouTube. 

Blowing Past the Introduction

In all honesty, I quite carefully paid attention and took some notes, so don't actually blow past the first sections as some great time is spent speaking about what it will take not only be on a red team but to succeed (and stay) in this industry. For shortness in this blog post, however, I'm going to skip into the first meaty part, Notekeeping.

If Pentesting is anything like Incident Response and Forensics, I can already imagine how keeping organized notes is a critical skill to sharpen. Don't skip out on this time to practice! 

The course takes us through several tools to organize notes during an engagement but in essence I'm taking away that we'll need to develop and refine methodical practices. The report writing part isn't romantic but it's critical. As I'm training folks to run investigations into email compromises and various other scams and fraud, note taking and report writing is a core component. Imagine performing 40 hours of work for a client and not being able to tell them the story of how they got hacked - nahh, that's no good. TCM does a great job reiterating how important this part is. 

Tools and Skill Building:

Since half of this course is free (as of Jan 2022), I'd urge you all to check it out and see for yourself what the TCM crew suggests. Personally, I'm a fan of OneNote (to which Joplin looks similar and is open source) and some good old fashioned screenshots (this might change if I can find an application for Mac that has great reviews, drop me a note on LinkedIn with your recommendation!). 

But to gain the skill of note taking, the Digital Empress has 2 FANTASTIC sessions on Notetaking, studying, scheduling:

Extra resources found while doing research for this segment:

• Note-Taking for Bug Bounty Hunters - this video (below) does focus on a specific tool but I liked some of the side commentary about process and workflow. 

• 9 Secure Note-Taking Apps - I can't vouch for all of these but will be checking a few of them out for this course. 
• rmusser01 | Documentation & Reporting - bless rmusser01 because this is a gorgeously documented collection of documentation resources. 
  

If I missed anything or should know about any particular tools please reach out and leave a comment on my LinkedIn post.

Look for the next post soon!