In April 2019, I took CompTIA’s PenTest+ exam. Along with CySA+, this bridges the gap between Security+ and CASP. As the name suggests, it’s all about penetration testing. This is a relatively new exam, and it’s still on the first release (PT0-001). Because of that, it’s not very well known, so I haven’t seen any […]
Author archives: John C. Kirk
SSCP
In September 2018, I took the (ISC)2 SSCP exam (Systems Security Certified Practitioner). This was a bit different from any of the previous exams I’ve taken: normally I would sit the exam(s), then get a qualification if I passed. In this case, the exam is only one component: you also need to be endorsed by […]
Security+ (SY0-401)
In November 2016, I took CompTIA’s Security+ exam. NB I did the SY0-401 syllabus; CompTIA replaced it with SY0-501 in October 2017, so some of the info in this blog post will now be a bit out of date. In brief, I think that this is a worthwhile certification. It emphasises breadth rather than depth, […]
Sextortion
For the last couple of years (since July 2018), I’ve been receiving “sextortion” emails. There a few variations, but the basic gist is always the same: “I’ve hacked your webcam and filmed you masturbating, now pay me money or I’ll send the video to everyone you know.” They often include my password, in an attempt […]
Active Directory lockouts
A lot of organisations set up security policies so that users will be locked out if they enter the wrong password too many times. The idea is to prevent brute force attacks, where an attacker could sit there all day running through the dictionary until they guess the correct password. The downside is that this […]
Assessing ability
I’ve recently had a few conversations with recruitment agencies, where they’ve asked me to rate my IT skills from 1-5. However, I’m reluctant to answer, because I think the concept is flawed.
ITIL Foundation (2011)
I recently earned the ITIL Foundation Certificate in IT Service Management, after about a week of study. I’m currently job hunting, and I’ve noticed that a lot of adverts list this as essential. It won’t get you a job on its own, but not having the qualification might exclude you from certain jobs, if the […]
Ethernet cables: solid vs. stranded
When you set up a wired network using Ethernet cables (e.g. Cat5e or Cat6), there are 2 types: solid and stranded. The rule of thumb is that you use solid cables when they’re not going to move, e.g. between a wall socket and a patch panel. You use stranded cables when they will move, e.g. […]
Definition Update for Windows Defender – infinite loop
I recently came across an odd situation involving Windows Server 2016 and WSUS updates. On the WSUS server, I typically see several new Definition Updates for Windows Defender (KB2267602) every day. E.g. on 2017-11-26, Microsoft released: 1.257.995.0 1.257.996.0 1.257.998.0 1.257.1001.0 1.257.1003.0 1.257.1005.0 The update with the highest number will supersede the others, so I only […]
Windows FTP clients
I’ve recently been setting up a new FTP server, and I wanted it to support FTPS. However, I ran into a few problems when I tested it, which turned out to be partly due to the client software I was using. I’ve been using CuteFTP for several years: I registered for version 1.0 back in […]