It has been a long time since the last post. And a lot has changed since then! I have finished my studies, started a new job and got Offensive Security Certified Professional (OSCP). But let me start from about a year ago.
MSc ETH CS
In October last year I have started with my Master thesis in the Network Security group at ETH Zurich. The title of my thesis is A Secure, Isolated and Air-Gapped Signing System and is about the following:
Keeping the signing key save and secure is a crucial part in a public key infrastructure (PKI). If an attacker manages to steal a signing key, he is able to sign requests by himself and making everyone believe that this request has been certified by the original key holder. Whereas today, signing certificates is often done by qualified certificate authorities (CA) like Symantec or Verisign, in the new Internet architecture SCION, medium sized businesses will take over the part of a CA. In this thesis we want to develop a prototype of an easy deployable and low cost signing system that uses commodity hardware, which eventually can be applied in an authority service in RAINS or in the control-plane PKI of a SCION isolation domain. The proposed system would not only eliminate the need of highly technical and secure infrastructure, but also reduces the number of qualified administrators who operate the new certificate signing system.
After very challenging and tough, but also very interesting 6 months (begin of April) my body had enough of coffee (just kidding, my body never has enough coffee) and I handed in my thesis. Around one week later I have receive the results and I was totally reliefed when I got the message that I passed. At this moment, it was certain that I get my Master diploma (this is after 19 years of school, including kindergarden).
The next two months I took my time and relaxed. Nevertheless, I had several ongoing projects. One of them was building a new website for my father’s business.
New Job as Penetration Tester and Security Consultant
As I knew (or hoped) that I will finish my studies this year, I have started to look for some job opportunities in the beginning of the year. The focus obviously was at companies who did IT security and preferably some Penetration Testing. In April 2018, when I definitely finished my studies, I was in the lucky position of already having a contract with such a company.
So on the 1st of June 2018 I started as a Penetration Tester & Security Consultant at Oneconsult AG in Thalwil, Switzerland. I enjoy to work there, as the team is very cool and the work interesting and cool! Part of the first three months at Oneconsult includes to get a certification for the Offensive Security Certified Professional (OSCP). So I started examining the PVK labs of Offensive Security which was a really fun but also challenging experience. Last week, on the 31th of July, I had my exam which went really well. I could gain root access to four out of five hosts which is 80/100 points (70 were needed to pass the exam). On the 3rd of August 2018 the confirmation, I passed! So I can call me now Offensive Security Certified Professional.
All the best, Fabian