Sailor Security

Mindset

In my journey through offensive security, I embrace the “Try Harder” mindset as I sail the vast ocean of technology, seeking vulnerabilities. Just like a sailor, I persist in the face of challenges, exploring new approaches when old ones falter. Creativity is my compass, guiding me to think innovatively and uncover hidden vulnerabilities to stay ahead of threats. Additionally, my perceptiveness enables me to navigate complex environments and manage resources effectively. By embodying these qualities, I not only find vulnerabilities but also master the art of offensive security every day, ensuring to stay ahead of threat actor.

Foundation – College, CCNA, Azure, CompTIA Security+

I am based in Ottawa, Ontario, Canada, and recently graduated from a Networking Coop Program, in Dec 2023. Currently, I work full-time as a network analyst, leveraging my strong networking and system administration skills. Since late 2022, I have been actively immersing myself in the field of penetration testing. To establish a solid foundation, I obtained the CCNA certification to gain a comprehensive understanding of networks, both theoretically and practically. Additionally, I delved into Microsoft Active Directory and Azure through practical project implementations, aiming to grasp network design principles. Furthermore, I obtained the CompTIA Security+ certification, which deepened my understanding of security principles, risk management, mitigation strategies, and zero trust concepts.

Offensive Security – OSCP Certification

With a strong background in networks and cybersecurity, I dived in the world of offensive security, pursuing the Offensive Security Certified Professional (OSCP) certification. In around three months, I successfully passed the exam on my first attempt in October 2023. Throughout the certification process, I gained practical experience in vulnerability assessment, in-depth enumeration, crafting exploits, and attacking Active Directory. My skills also include network pivoting, lateral movement, privilege escalation, antivirus evasion, password attacks and cracking, SQL injection, XSS, and various web application vulnerabilities. Importantly, I learned how to effectively mitigate these vulnerabilities and present my findings in comprehensive reports.

Founding the Offensive Kali Club

Building upon the knowledge gained during my OSCP journey, I took the initiative to start a student club at my college, focusing on offensive security. I engaged with over 20 students and the college’s offensive security faculty, leading efforts to build a new hacking team. This team participated in CTF competitions between colleges in the region and achieved an the 4th place in a competition held in late November 2023. Additionally, I organized hackathon challenges at the college, further promoting interest and engagement in offensive security topics. Witnessing the growth of this community was incredibly rewarding, especially as new students continued to join and eager to learn. Today, even after my graduation, the club remains active, and I’m proud to have initiated its founding.

OSWA Certification Journey

After graduating in December 2023, my passion for continuing to learn about offensive security led me to dive into studying for the Offensive Security Web Assessment (OSWA) certification. I’ve been learning various topics, and exploring the depths of exploiting web vulnerabilities such as SQL injection, Cross-Site Scripting (XSS), Traversal Attacks, XXE, SSTI, Command Injection, IDOR, and SSRF. I particularly enjoy the hands-on approach of manual enumeration and exploitation using tools like BurpSuite and Wfuzz. I’m eagerly preparing to take the OSWA certification exam in late March 2024.

Sailor Security Blog – Sharing and forming community

I am passionate about sharing my offensive knowledge and skills with peers through my Sailor Offensive Security Blog, where I regularly post CTF walkthroughs covering vulnerability exploitation and mitigation strategies, as well as publish new offensive tools as resources for others in the community. Additionally, I maintain a Discord server where over 50 like-minded offensive security enthusiasts collaborate on developing new tools, participating in CTFs, pursuing further certifications, and providing support to each other. I believe in the importance of community and sharing knowledge to advance the field of offensive security.

If you’re as passionate about offensive security as I am, or if you have any questions, insights, or collaboration ideas, I’d love to hear from you. Let’s connect and learn from each other!