whoami - whitecyberduck's Blog

### Ayub Yusuf (he/him) 👋🏿 - [LinkedIn 👔](https://linkedin.com/in/ayubyusuf/) - [Twitter 🐦](https://twitter.com/whitecyberduck) ### Certifications - GIAC Security Expert (**GSE**) - GIAC Penetration Tester (**GPEN**) - GIAC Cloud Threat Detection (**GCTD**) - GIAC Critical Controls Certification (**GCCC**) - GIAC Certified Intrusion Analyst (**GCIA**) - GIAC Certified Incident Handler (**GCIH**) - GIAC Security Essentials Certification (**GSEC**) - OffSec Certified Professional (**OSCP**) ### Notable CTF Accomplishments - Hack Red Con 2023 CTF (**1st place Black Badge**) - Enterprise Penetration Testing August 2023 CTF (**1st place Challenge Coin**) - HackSpaceCon 2023 CTF (**2nd place**) - Way West 2022 CTF (**3rd place**) - Cloud Security Threat Detection November 2022 CTF (**3rd place Challenge Coin**) - Deadwood 2022 CTF (**6th place**) - SANS NetWars Global Preview 2022 (**6th place**) - BIC @ Thotcon Village 2023 CTF (**7th place**) - H@cktivityCon 2021 CTF (**9th place**) ### Presentation and Publications - “[Understanding Cryptography for Offensive Security](https://youtu.be/S8esOtKmFDc),” BHIS Webcast (Jan 2024) - “Hacker’s Guide to Starting Your Security Career,” BSides Atlanta (Oct 2023) - “[To Cert or Not to Cert](https://www.blackhillsinfosec.com/prompt-zine/prompt-issue-infosec-survival-guide-second-volume/),” Infosec Survival Guide Vol. 2, p.g. 10-11 (Oct 2023) - [EP 89 Getting My First Job in Cybersecurity with Ayub Yusuf](https://www.yourcyberpath.com/podcast/89/), Your Cyber Path Podcast (Feb 2023) ### Blog Posts - [My Favorite Web App Pentesting Extension - Firefox Containers](https://www.whitecyberduck.com/My+Favorite+Web+App+Pentesting+Extension+-+Firefox+Containers) - [Useful Cybersecurity Websites](https://www.whitecyberduck.com/Useful+Cybersecurity+Websites) - [Windows & Linux Hashing Guide for n00bs](https://www.whitecyberduck.com/Windows+%26+Linux+Hashing+Guide+for+n00bs) - [Six Things I Wish I Knew for the OSCP](https://www.whitecyberduck.com/Six+Things+I+Wish+I+Knew+for+the+OSCP) - [Wrong time on Kali Linux 2020.4?](https://whitecyberduck.medium.com/fixing-time-in-kali-linux-2020-4-8a6b7eb1b238) ### Books - Beyond Snowden: Privacy, Mass Surveillance, and the Struggle to Reform the NSA by Timothy H. Edgar - The Code Book: The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh - Getting Started in Infosec Consulting by Ted Demopoulos - The Cuckoo's Egg: Tracking a Spy Through the Maze of Computer Espionage by Cliff Stoll - Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon by Kim Zetter ### Courses - Active Defense & Cyber Deception w/ John Strand - Advanced Network Threat Hunting w/ Chris Brenton - Binary Exploitation: An Oral History w/ TsarSec - Breaching the Cloud w/ Beau Bullock - CS50 Web Programming with Python and JavaScript w/ Brian Yu [in-progress] - Cyber Threat Hunting Lvl 1 w/ Chris Brenton - Effective Information Security Writing w/ Chris Sanders - External Pentest Playbook by Heath Adams - INE Azure Pentesting by Slavi Parpulev - INE Cloud Fundamentals by Tracy Wallace - INE Penetration Testing Student by Lukasz Mikula - Intro Malware Reverse Engineering by Randy Pargman & Josh Galloway - Intro to Offensive Tooling w/ Chris Traynor - Introduction to PCI w/ Nathan Sweaney - Linux 101 by Brent Eskridge - Linux Command-Line Dojo w/ Hal Pomeranz - Modern WebApp Pentesting w/ BB King - Next Level OSINT w/ Mishaal Khan - OSINT Fundamentals by Heath Adams - OWASP Top 10 w/ Kevin Johnson - OffSec Penetration Testing with Kali Linux (PWK/PEN-200) - Offensive Tradecraft: Introduction to Pentesting w/ John Strand - PowerShell for Pentesters by Joe Helle - Practical API Hacking w/ Aaron Wilson - Practical Ethical Hacking by Heath Adams - Practical Malware Analysis & Triage by Matt Kiely - Practical Web Application Security & Testing by Michael Taggart - Practical Windows Forensics by Markus Schober - Professionally Evil API Testing w/ Jennifer Shannon [in-progress] - Professionally Evil Application Security w/ Kevin Johnson and Jason Gillam [in-progress] - Python for Defenders, Pt. 1 w/ Michael Taggart - Red Team Fundamentals for Active Directory w/ Eric Kuehn - Responsible Red Teaming w/ Matt Kiely - SANS SEC401 Security Essentials Network, Endpoint, and Cloud w/ Bryan Simon - SANS SEC503 Intrusion Detection In-Depth w/ David Hoelzer - SANS SEC504 Hacker Tools, Techniques, and Incident Handling w/ Joshua Wright - SANS SEC541 Cloud Security Attacker Techniques, Monitoring, and Threat Detection w/ Shaun McCullough & Ryan Nicholson - SANS SEC560 Enterprise Penetration Testing w/ Jeff McJunkin & Tim Medin - SANS SEC566 Implementing and Auditing Security Frameworks and Controls w/ James Tarala - SOC Core Skills w/ John Strand - Securing the Cloud: Foundations w/ Andrew Krug - Security Leadership and Management w/ Chris Brenton - Security with BHIS and MITRE ATT&CK w/ John Strand - Splunk Fundamentals 1 - Story-Telling Workshop: How To Tell Stories that Get People’s Attention w/ Ed Skoudis - Treehouse Beginner Python - The Bug Hunter's Methodology w/ Jason Haddix - VMware Carbon Black Cloud Fundamentals - Windows & Linux Privilege Escalation for Beginners w/ Heath Adams - Windows & Linux Privilege Escalation for OSCP & Beyond! w/ Tib3rius