About
Hey!
I’m a Cybersecurity Professional working in Melbourne, Australia. Passionate about Cyber Security, this blog documents my learning process as I strive to further develop my skills and knowledge.
This blog simply serves as a record of the new things I’ve learned, and experiences I’ve gained.
I hope you join in to discuss, learn and help me along the way.
Kento
Highlights
A collection of recent or popular blog posts
Exploring The Integration of Artificial Intelligence and Cybersecurity with PhishText.Ai
It’s no secret that Artificial Intelligence and Large Language Models are dominating the technology industry in 2023. After years of speculation and predictions, ChatGPT burst onto the scene in November last year and quickly became an overnight sensation. This explosion in AI adoption and the seemingly endless possibilities inspired me to start building programs that…
Preparing for and Delivering My First Conference Talks
In July last year, I took a big step outside of my comfort zone and delivered two talks at local New Zealand cyber security conferences. These talks were a big highlight of my 2022, and I haven’t had the chance to fully reflect on my experience preparing for and delivering the talks. While we’re still…
Finding and Disclosing My First CVE’s
CVE’s, short for Common Vulnerabilities and Exposures, are a reference model for publicly known security vulnerabilities. Whenever a vulnerability is identified and disclosed, a new CVE can be requested and issued to document this vulnerability. Over time, as countless vulnerabilities have been discovered and documented, CVE’s have become the de facto method to classify vulnerabilities…
Spoofing an Android Phone to Exploit the Razer Local Privilege Escalation Vulnerability
Intro Last Sunday, on a particularly lazy afternoon, I came across a Tweet that caught my attention. It was a demonstration of a local privilege escalation vulnerability that is possible when plugging in a Razer device to any Windows machine. The TL;DR of this vulnerability is that Windows identifies the drivers and software required for…
Burp Suite Certified Practitioner (BSCP) Review and Tips
Over the past few months, I’ve been honing my web application testing skills by studying Portswigger Labs and Academy content. Recently, I decided to pursue Portswigger’s relatively new Burp Suite Certified Practitioner (BSCP) certification. Although Portswigger and Burp Suite have long been staples of the web application testing industry, the certification exam was only launched…
Pivoting Through Internal Networks with Sshuttle and Ligolo-ng
“Pivoting” is the method used to navigate throughout a network, by using a compromised “foothold” host to gain access to other internal networks and network components that otherwise wouldn’t have been accessible directly. In most networks, there will be various network segments that will contain different servers or devices of interest. It is therefore an…
How To Pass the OSCP – a Beginner Friendly Guide
I wanted to make this post detailing everything I did when studying for the OSCP examination. I made a lot of mistakes along the way, and my path was far from the most efficient or effective method for studying toward the OSCP. Nevertheless, I did learn something from every resource listed here and I strongly…
Leveraging Artificial Intelligence and Automation for Enhanced Capability in Cybersecurity
I’ve recently been interested in Artificial Intelligence technologies and how they could be used to improve the cybersecurity capabilities for both individuals and organizations. This prompted me to build PhishText.Ai, which I showcased in my previous blog post. I wanted to expand on this topic and write down some broader thoughts I’ve had, while brainstorming…
How I Passed the CISSP Exam in 6 Weeks
Around the middle of January, I decided to commit to studying for the Certified Information Systems Security Professional (CISSP) exam. The CISSP was something that had sat on my list of goals for at least the last few years, and I finally made the call to dedicate the required time and effort into passing this…
How to Pass the eJPT
Having recently completed the eLearnSecurity Junior Penetration Tester (eJPT) certification, I decided to write this post detailing the commands and techniques I used to pass. The hope is that this resource can be helpful to other student studying for this certification. For my full thoughts on this certification in the form of a review, check out…
Follow Me
Get new content delivered directly to your inbox.
KentoSec 