Tag: linux

162 Hours on Udemy, Building the Foundation for a Career in Pentesting

When I first clicked “Enroll,” I didn’t know it would add up to 162 hours of training.
That’s almost a full month of time — stolen from late nights, weekends, and early mornings before work.

Like a lot of people breaking into cybersecurity, I started with curiosity and a mess of browser tabs. YouTube videos, Reddit threads, course recommendations. It’s easy to drown in the noise. What made the difference wasn’t just finding the right content, it was learning how to stay with it long enough for the dots to connect.

Udemy became my training ground. Not glamorous, not perfect, but consistent.
Over time, those 162 hours weren’t just “video time.” They became hours of repetition, frustration, and slow understanding.

There’s a phase in every learner’s path where you stop studying for a test and start thinking like the work.

That’s what those hours taught me, how to reason through a network like a puzzle, how to see the seams where systems and people meet, how to build patience in a field where curiosity is the only constant.

Looking back, those 162 hours weren’t just prep for certification. They were the price of entry, not into a career, but into a mindset.

Every scan that failed, every lab that wouldn’t load, every problem that took three days instead of three hours, they were all small rehearsals for the real work ahead.

And that’s the absolute truth about cybersecurity training: the time never feels fast, but it’s never wasted. You’re not just learning commands. You’re learning endurance. It’s the art of staying with a problem long enough to earn its answer.

The PenTest+ and the Long Game of Persistence

There’s a moment most people don’t talk about when they post their certifications, it’s that part where you stare at the screen, waiting for the result to load, rehearsing how you’ll feel either way.

That was me, after months of studying, rewrites, retakes, and nights when the last thing I wanted to see was another port, protocol, or payload.

I’d already passed the CompTIA trifecta, A+, Network+, Security+, and each one felt like a step forward. But PenTest+ was different. It wasn’t just about memorization. It forced me to think like an adversary, to build a structured approach out of controlled chaos. It was humbling.

There were setbacks. Long hours after long workdays. Missed weekends. That quiet voice that says, maybe this one’s just too much right now.

But that’s where persistence replaces motivation. I tell my students and training partners the same thing I remind myself: motivation gets you started, discipline keeps you moving.

When that “Pass” finally appeared on the screen, it wasn’t triumph, it was relief. And gratitude. Because every failed scan, every misconfigured lab, every late-night tracing network maps, they built the competence that makes the win real.

The truth is, no certification on its own changes who you are. The process does. The grind does. The decision to sit back down after the first, second, or third setback does.

In cybersecurity, as in martial arts, you don’t earn a belt to prove you’re done. You earn it because you’ve decided you’re not done yet.

And that lesson, more than any flag on a résumé, is what makes the next challenge possible.

Discover & Fingerprint: Nmap flags you should actually know (and when to use them)

Discovery and fingerprinting are where recon stops being guesswork and starts being a map. Over the next few weeks I’ll dig into Nmap and other recon tools — for now, here’s a compact, practical list of Nmap switches worth committing to memory for pentesting exams and real-world ops. Don’t just memorize the letters — learn the purpose and the use case.

Quick legal note: Only scan systems you own or have explicit permission to test. Unauthorized scanning can be illegal and definitely burns bridges.

Basic target input / listing

  • nmap -iL targets.txt
    Scan targets from a file. Use when you have a long list to automate.
  • nmap -iR 100
    Scan 100 random hosts. Good for practice/learning about global scanning patterns in a lab.
  • nmap 192.168.1.10 -sL
    List-only — no probes. Use to verify target resolution without touching ports.

Host discovery vs port scan

  • nmap 192.168.1.1/24 -sn
    Ping/host discovery only (no port scan). Fast way to find live hosts on a subnet.
  • nmap 192.168.1.1-5 -Pn
    Skip host discovery (treat hosts as up). Useful when ICMP/ARP are blocked but you still want to try ports.

Port specification

  • nmap 192.168.1.1 -p 21
    Scan a single port (FTP, in this example).
  • nmap 192.168.1.1 -p 21-100
    Scan a specific port range. Use when you want targeted scanning (faster than full 65k).

Service & OS fingerprinting

  • nmap 192.168.1.1 -sV
    Service/version detection. Helps identify vulnerable versions (e.g., out-of-date FTP/SSH).
  • nmap 192.168.1.1 -O
    Remote OS detection (TCP/IP stack fingerprinting). Useful when you need OS-level attack vectors.
  • nmap 192.168.1.1 -A
    Aggressive: OS detection + version detection + scripts + traceroute. Good for a quick, deep look — loud and obvious on the network.

Timing / IDS evasion

Timing templates adjust scan speed and stealth. Choose based on network reliability and detection risk.

  • -T0 Paranoid — ultra-slow. Used to evade IDS or noisy logging systems.
  • -T1 Sneaky — very slow.
  • -T2 Polite — slows scans to reduce bandwidth/impact on target.
  • -T3 Normal — default.
  • -T4 Aggressive — faster, assumes stable network.
  • -T5 Insane — very fast; only on extremely reliable links or internal lab networks.

Memory tricks & practical tips

  • I/O flags: -iL = Input List. File-based scanning automation.
  • List-only: -sL — “List targets only.” No probing.
  • Host discovery: -sn = scan no ports (ping only).
  • Skip discovery: -Pn = treat hosts as Up (No ping).
  • Service info: -sV for service Version, -O for OS.
  • One-shot vs range: -p 21 vs -p 21-100. Single vs range.
  • Aggressive -A = one-shot deep recon; loud but thorough.
  • Timing -T# = speed vs stealth. 0 is slowest/most stealthy; 5 fastest.

Mini workflows (real use-cases)

  • Quick inventory on a subnet:
    nmap 10.0.0.0/24 -sn → find live hosts, then nmap -sV -p 22,80,443 <host> for details.
  • When ICMP blocked:
    nmap -Pn -p 1-1000 <host> → skip discovery, probe ports directly.
  • Stealth check in an IDS lab:
    nmap -T1 -sV <host> → slow timing to reduce IDS noise.
  • Full noisy recon in a lab environment:
    nmap -A -T4 <target> → quick comprehensive view.

Closing — don’t memorize blindly

The exam question isn’t “what flag is X” — it’s “which flag solves this problem.” Memorize the purpose and practice applying them in labs. Over the coming weeks I’ll publish deeper examples for each of these switches, show script usage, and map Nmap output to real exploitation workflows.

CompTIA Pentest+ and the CEH exam in the works + some fitness follies

Well, well, well, the world has changed a lot since my last post. Definitely have a lot of irons in the fire as the old saying goes. Currently working on the PenTest+ certification from CompTIA. I’ll be following that up with the CEH exam. Between those two certs I’ll be working on and getting the ISACA’s Cybersecurity Audit Certificate. 2024 is shaping up to be another great year!

Hit a new deadlift PR at 521/237

Another beautiful day in the country

Physical training for the day:

A1. Incline curls 10, 10, 10, 10 – :03 second lowering/eccentric load; rest 0
A2. Seated hammer curls 20, 20, 20, 20; rest 0
A3. Standard EZ bar curl 20, 20, 20, 20; rest 2mins
B1. Bench dips 20 x 3; rest 0
B2. Banded press downs 20, 20, 20; rest 0 – pause for two deep nasal breaths at the top of every 5th rep
B3. Triceps push-ups max effort/push to failure; rest 2mins
C1. EZ bar close grip curls 15, 15, 15; rest 0 – try to stay at the same weight for all 3 movements
C2. EZ bar drag curls 15, 15, 15; rest 0
C3. EZ bar overhead triceps exts. 20, 20, 20; rest 1
+
7 n 7 for 7
7 Hang power cleans & push press
7 walk out burpees without the pushup

On Monday I accepted an offer to begin teaching, part-time, for Chegg/Thinkful.com in their Cyber Security program. I’m really looking forward to helping the next wave of cyber sec professionals. It’ll be another great way to help keep up with current trends, continue to reinforce the fundamentals, and also share past and present experiences with a wide swath of new IT pros. Who knows, before long I just might be able to start posting videos of training and teaching again.

Current affairs:

The bravest are surely those who have the clearest vision of what is before them, glory and danger alike, and yet notwithstanding, go out to meet it.

Peter Onuf’s Jefferson & Reclaiming 1619

Pelosi & Congress Claims Sovereign Immunity in Federal Court to Keep January 6 Videos and Emails Secret

Hawks Smear War Opponents Again by Ted Galen Carpenter

Putin Wants His Own Monroe Doctrine by Patrick J. Buchanan

Rep after Rep — Easy Day

Don’t no rep me

When I first wrote this, I wasn’t chasing promotions or algorithms. I was just trying to keep showing up to train, to learn, to get a little better each day. Back then, “rep after rep” was more than a training mantra. It was a way to stay grounded when progress felt invisible.

The hardest part wasn’t physical. It was the repetition, the daily grind that felt endless. Whether I was refining form under the barbell or troubleshooting code that refused to run, the challenge was the same: staying patient when nothing seemed to move forward.

Some days you make the lift. Some days the lift makes you. But the point is always to come back tomorrow.

At some point, I stopped expecting each session, physical or mental, to feel like a breakthrough. The breakthrough was the habit itself. The more I showed up, the more the process began to reveal patterns: what worked, what didn’t, and how small adjustments compound over time.

In strength and in cybersecurity, consistency is the quiet multiplier. Each drill, each review, each run-through, one more rep toward mastery.

That same mindset carries through everything I do now — training teams, hardening systems, or writing content. I don’t chase perfect outcomes anymore. I look for steady iterations. A little tighter form. A cleaner line of code. A stronger policy.

That’s how resilience is built, not simply through intensity, but through consistency.

Progress doesn’t shout. It stacks. And one day, you realize the work that used to test you has become the warm-up.

Training for the day:

7 mins of:

7 Banded Sumos

7 Banded bodyweight squats w/moderate band

7 Calf raises

+

A. Back Squat 10, 10,10,10; rest 2/2:30 – 10 RM-ish

B1. Heels elevated air squats x 10 x 3; rest :10

B2. RDL w/an empty bar, sweep away — lumbar focus x 15 x 3; rest 1

C. SL RDL stability, unloaded x 10 x 3; — 5 per leg; rest 1

+

10min alt EMOM:

20 Step-ups – 10 per

15 push-ups

Martial skill work — 5 x 5 min rounds of Z2-Z4 striking, upper push/pull bodyweight movements in trapping/grappling range, and take down defense/sprawling/working underhook escapes et cetera.

Today in my world of Linux and pentesting I worked on building out an Active Directory Lab and worked on the initial attack vectors when attacking an AD based system. Things like LLMNR Poisoning, Capturing NTLMv2 Hashes with Responder, Password Cracking with Hashcat, LLMNR Poisoning Defense, SMB Relay Attacks, Discovering Hosts with SMB Signing Disabled, Start SMB Relay Attack Defenses, & Gaining Shell Access.

Current affairs:

We Got Him (Again, and Again, and Again): On the Latest ISIS Takedown In a Long Line of American Military Actions by Andrew Bacevich

Virginia Supreme Court throws out challenge to Youngkin mask order

Bombshell Proof The ATTACK On Joe Rogan Is Politically Funded! This Is Deeper Than Spotify!

Boom: Rumble offers Joe Rogan $100M to leave Spotify…

And of course, the twat waffle who is Jonah Goldberg, is returning to his roots.

水滸傳
The Outlaws of the Marsh

Work more, talk less

this is the way

Warm-up – 10 mins of:
5 air squats
10 banded shoulder pass-throughs
15 banded good mornings
30 Shoulder ROT/stability – 10 to horizontally to the chest, 10 semi-vertically front/down to clavicles, 10 BTN, then…

7 sets of:
6 goblet reverse lunges per leg
3 goblet step-ups per leg
3 goblet squats
6 SA KB Press per arm
6 SA KB Row per arm
6 SA KB Swing per arm

Martial skill work

45 mins of JKD and Wing Chun striking + short-range kicking and counter wrestling

Today’s studies included:
Linux: working toward mastery of the CLI & searching and extracting data from files and archiving. I also focused my practical network penetration testing studies to privilege escalation in a Linux environment.

Bipartisan Congressional War Drums Are Beating Again

The GOAT calls it a career — Tom Brady officially announced he is retiring today.

Just Do Work

Get after it

Find it in you

Today I spent a few hours prepping for the Practical Network Penetration Testing certification.

Today’s course material focused on Reconnaissance. Topics included Passive Reconnaissance, Identifying the Target(s), Discovering Email Addresses, Gathering Breached Credentials with Breach-Parse, Hunting for Breached Credentials with DeHashed, Hunting Subdomains, Identifying Website Technologies, Overall Information Gathering with Burp Suite, Google Fu and everyone’s favorite Utilizing Social Media to find out about all of your friends and neighbors – should be highly informative.

But first! To get my mind right I was able to hit the gym again🤙🏽 — today’s training was:

Upper pressing and scapular stability work

A1. Strict shoulder press – 2 x 10 warm up sets with an empty bar
– then 15, 15, 15; rest 0

A2. Banded upright row 20, 20, 20; rest 0

A3. DB Shrugs 30, 30, 30; rest :90

B1. Strict DB press 15, 15, 15; rest 0

B2. Plate bus drivers 20, 20, 20; rest 0

B3. Front plate raises 20, 20, 20; rest 2

C1. Partial rear delt flies – bottom – 20, 20, 20; rest 0

C2. Full ROM rear delt flies 10, 10, 10; rest 0

C3. Partial laterals – top –5, 5, 5; – perfect controlled reps so you can feel the squeeze at the very top; rest 0

C4. Face pulls 20, 20, 20; rest :90

+

5 sets of:

:20sec AB pedal at 80% effort

15pushups

10 swings

-rest as necessary

Google Admin Security Specialist Cert plus brief life update(s)

Amplified IT’s Google Admin Security Specialist Certification

Over the last two weeks Ive been doing my best to balance my undergraduate work, my non-existent weightlifting, Wing Chun, BJJ, Jeet Kuen Do (I refuse to continue cosigning to the universal misspelling of the romanization of fist or style of fighting which in Cantonese is kuen vs kune), Thai boxing, and my actual job as a cybersecurity sys admin. Something else Ive added into the mix over the last two weeks is adding in some google education system admin training. I’m happy to report that over these last two weeks I have been able to earn the Amplified Admin Security Specialist Certification for the of us who, at least in a small part, work in the Education Google Workspace Admin arena. It’s an advanced-level, security-specific training for Google. The training built upon the foundational and advanced Amplified Admin Level 1 and 2 courses. It provides a comprehensive understanding of cybersecurity risk factors facing EDU leaders and how to appropriately mitigate through setting configurations.

Next up is Heath Adams’ Practical Network Penetration Tester certification. The #PNPT cert covers Practical Ethical Hacking, OSINT Fundamentals, the External Pentest Playbook, & Linux + Windows Privilege Escalation for Beginners. Once I can get this and just a few more certs under my belt I’ll be able to relax and maybe even take a vacation soon. But who knows, we’ll see 😉