Hello there. I'm 0xFF00FF aka SirOcram and i completed my bachelor's degree in computer science with majority in cybersecurity in august 2023. You find me on various CTF/Bug Bounty platforms and i'm interested in penetrationtesting and writing down my thoughts for others or for me to recap myself what i just have learned.
I have started with Try Hack Me and at this moment i'm in the top 3% 🎉
Here are some certificates of attendence of the learning paths:
- Pre Security (Download)
- Introduction to Cyber Security (Download)
- Jr Penetration Tester (Download)
- Web Fundamentals (Download)
- Complete Beginner (Download)
So i decided to switch the platform to Hack The Box and start the "Penetration Tester" path.
I also did some courses from The Cyber Mentor like the following:
- Practical Bug Bounty (Download)
- Practical API Hacking (Download)
- Beginner's Guide to IoT and Hardware Hacking (Download)
- Practical Ethical Hacking (Coming soon)
- Windows Privilege Escalation for Beginners (Coming soon)
- Linux Privilege Escalation for Beginners (Coming soon)
I had my first "1st Annual TCM Invitational CTF" from MetaCTF (https://metactf.com/) with 3 international team mates and we gained place #38 of 166 teams 👏
 (1).png)
Yes there are just points from 3 of 4 people. One of us didn't get a single point because he just have startet with ethical hacking from about 3 months ago. That is not bad because he learned from us how to get some flags. As someone from us got a flag he described his path for us in the discord chat so the others can learn something.
I also got a certificate of completion of the "1st Annual TCM Invitational CTF" (Download).
In this book i will write down my paths through the boxes how i solved them. On the other hand i write some technical and non-technical reports from the solved boxes - as pentesters do.
- https://www.linkedin.com/in/marco-ris/
- https://www.xing.com/profile/Marco_Ris
- https://github.com/marcoris
- https://hackerone.com/sirocram
- https://bugcrowd.com/SirOcram
- https://app.intigriti.com/profile/sir_ocram
- https://tryhackme.com/p/0xFF00FF
You can get an insight of the Terms of contract which will always be the first part of a Penetration testing engagement. This content will just overkill the whole Pentester ~ Paths and Reports ~ Project. That's the reason why it will just stay there and counts for all Penetration tests and reports.
You can look the structure of a Penetration test and report as following:
- Terms of contract
- Disclaimer
- Contract Information
- Assessment Overview
- Assessment Components
- External Penetration Test
- Internal Penetration Test
- Finding Severity Ratings
- Risk Factors
- Scope
- Scope Exclusion
- Client Allowance
- Executive Summary
- Scoping and Time Limitation
- Testing Summary
- Tester Notes and Recommendations
- Key Strengths and Weaknesses
- Vulnerability Summary & Report card
- Discovered weaknesses
- External Penetration Test Findings
- Internal Penetration Test Findings
- Technical Findings
- External Penetration Test Findings
- Internal Penetration Test Findings
- Cleanup
- Additional reporting
- Additional Scans and Reports