XSS and bypassing an Imperva WAF with JSFuck
Grumpy Admin here!
OMG my brain is hurting. This week has been hard! Grumpy admin, through his own stupidly did a decent business case to his manager and got his self a place on a CISSP course.
Now, after due consideration it was decided that I should attend a boot camp, the first camps we looked at were cheap but long, and well the boss could cope without me for more than a week, so based on my prior experience with the CHE I went to firebrand!
This is where my week of mental hunger games begin! Oh no… Sept 1st I started to preload and prepare for my cissp! I don’t know if I have passed, I am writing this after coming out of mock exam! If i get more than 75% it will be a wonder!
I started by buying a book and using my CBT nugget subscription to over a course of two weeks watch the 18 hours of videos! I Also did the included Transcender exam questions! I had what I thought was a strong background in INFOsec, lots of exposure to crypto and security. I thought that it would be mostly review and reinforcing of my skills and knowledge
Oh how wrong was i? Very – there was so much material that was in the provided course ware that I not seen before, that I at time questioned if I was on the correct course.
The instructor, rick, was Canadian, and he knew his shit! As you would expect. My problem was trying to relate the concepts in to management speak!
I am a tech guy trying to do a management level qualification! It good that I am going to have this qualification, if I pass and make it pass the endorsement phase, but it will be a few years before it real value become apparent and as a foundation yep, this is going to be great!
If I knew what I know now, even after reading all the blogs and exam tips etc, I think I would have done about 300% more study before attending this boot camp! Started a few months before and really got my grips with CRYPO and just learning the lexicon would have been a massive help!
I found myself looking up words on the internet because I didn’t know what the meant! This maybe because I was the only no graduate and management type on the course!
The fast pace, is good, and you live and breathe CISSP… you wake up in the middle of the night and think omg ACCESS control or what is the Recovery Time Objective.
I also found some of the technical elements a bit weak or found myself disagreeing with them on technical points, but at the end of the day this is an exam and if they say it’s because of this then that the answer they will test you on so you have to go with that!
I hope I pass the mock and I do well tomorrow who will know! Either way returning to firebrand is a good thing.
Walking in the first person I saw was my old instructor from the CEH and he remembered me and we had a good old chat! The staff are always friendly and the coffee is free and on tap 24/7.
The hotel is basic, but it’s what you need, my room in the army was worse, so I can’t complain…. you will put on weight with all the free food at breakfast and lunch and evening meal!
There is a bar! and while I am not a big drinker, I did visit it once or twice, as well you do after 13-14 hours of intense study you need some sort of relief!
Unlike my CEH course, this group wasn’t very close tended to go their own way and not hangout and talk and banter but that could be due to the types of people and the level these people are. However, toward the Thursday, clicks had developed and we knew, the who and what!
There was a very broad range of experiences on the course, and I learned quite a bit from other attendees as well as the instructor.
So my TLDR for this is
- Plan the amount of preparation work you want to do
- Then double it!
- Work hard, don’t get distracted
- Jump in and be immersed in the subject!
- Don’t answer work emails or take calls… tell that women you not available because you need all the processing power to be on the job at hand!
- Well fingers crossed
PS why am I writing this non-tech blog! Because I have run out of clean cloths and they will get me a free t-shirt for the blog post!
Update – on the Mock test, I did I got 76% – which is a pass, a low pass but still a pass! So hoping for tomorrow!