CISSP Certification Unlocked!

So I took the plunge. I am officially a CISSP member. I know a lot of people don’t put a lot of stock in the certification from a technical perspective but I am happy with the achievement and really, that is all that matters!

Thoughts on the CISSP Exam

I spent some time reading the subreddit for CISSP and there seems to be a lot of anxiety around taking the exam. In all honesty, this was the first exam that I have taken where it just ends without you knowing whether you passed or not until you get the paper from the guy at the desk out front.

The exam itself has a minimum of 125 questions and a maximum of 175 questions which is taken during a 4 hour block. I went into the exam telling myself that if I was around the 130-140 range when the exam shut off, I would be in good shape. Once it got higher than that, I felt that I would need to be more diligent with my answers and potentially read the questions more thoroughly. I wasn’t really sure what to expect but this was the plan that I was going with.

I kept looking at the question numbers as I got a new question so I could keep an eye on that 125 mark. Once I hit question 125 and answered it, the exam shut off. At that point, I thought there was no possible way I could’ve passed. But once I got outside with my results, I was extremely happy and confused. I have heard stories of people getting all the way to question 175 and passing but others where they also failed at 175. I just didn’t think it was possible to pass at the minimum but looking back, it’s entirely plausible and possible. Reddit was a good way to see that I was not alone.

I thought the exam was tough but not incredibly difficult. Depending on your experience and study habits, it is worth a shot. (ISC)2 offered up a free retake if you took the exam for the first time by the end of October so I jumped on that. Thankfully, I didn’t need to ask for a retake voucher but it was worth it nonetheless.

My Study Materials

What did I use to study? Since this was more of a cram session due to time constraints, I had to be a little more deliberate with my studying. I chose to start with “Eleventh Hour CISSP: Study Guide” which really helped as it’s only about 200 pages. The Official Guide is much thicker and a better option if I plan on studying for a few months but the one I used was sufficient and to the point.

I also found a guy on Twitter who provides CISSP-type questions each day and then provides the answer the next day. His name is Adam Gordon and I thought those helped me a great deal as well. Obviously, they do not appear on the exam or exactly worded the same but they contain the content that might be on the exam. It was definitely a good addition to my studying.

There are so many other options from boot camps to the Official Guide but these are what helped me. I do have a few years working in the IT industry where I’m exposed to these topics so experience can sometimes allow you to know what the question is asking.

Are You Certified After Passing the Exam?

Short answer is no. There are more things that must be done but the hard part, in my opinion, is over once you have been given the official pass from (ISC)2 and then, it becomes more of a waiting game.

Once I received my official pass, I had to find an existing CISSP member to endorse me. Luckily, I had someone who I work with that was willing but if you do not have someone, you can let (ISC)2 do that for you. I did read that it could take a little longer but it can be done.

After you are endorsed by an existing CISSP member, you will just have to wait until the organization can review the endorsement. It took me approximately 2.5 weeks before I was notified but I also took it at a time where they offered the free retake so I’m sure they had an influx of applications to review.

Finally, I paid my maintenance fee which was $125 and I got my official notification that I was a member! At that time, you can download your digital certificate but your digital badge doesn’t come until a few days later. It was about 3-4 business days for me. They notified me that my official packet will arrive at my house in 8-12 weeks but that’s ok since I like having the digital versions right away.

I’m Officially a CISSP. What to do?

Well, you’ll need to 120 Continuing Professional Education (CPE) credits to keep it up but that will be over a 3 year period. The official website has an entire CPE portal and pages devoted to help with this. This is a bit better than having to take the exam over again like most renewals so I’m happy with it.

I would take a gander at the site once you are official to see some of the benefits that are afforded to you.

What’s Next?

Since we’re at the end of 2022, I’m going to take the rest of the year to relax and maybe do some TryHackMe streaming on my Twitch channel which is uploaded to my YouTube channel. The Advent of Cyber challenge should start in December for anyone who is interested! I’ll also start reading some of the books that seem to be stacking up on my bookshelf.

This is also the time of year where I decide what I want to accomplish in 2023 and look back on what I accomplished in 2022. These help keep me honest but also allow me to appreciate the work I put in throughout the year.

Hopefully, this post helps anyone who is looking to tackle this certification but also reduce some of the anxiety and scariness of the exam and process. Good luck!

Becoming Certified! – Passed the 402 Exam!

So the journey is now complete or at least until the renewals come around. I really had no idea that I would have gone this far in the process about a year and a half ago. But, I learned a lot throughout the process and can finally say that I have both 400-level F5 certifications!

Thoughts on the 402 Exam

The hardest part for these 400-level exams is the lack of practice exams to prepare you for what you might experience when you sit for the real one. I understand why there are not any exams but it does make it tough to browse the internet looking for F5 K articles or write-ups for a lot of the topics on the blueprint. Taking two months to study was probably the best thing for me so I didn’t feel rushed in the normal 30-day timeframe that I did with the 300-level exams. With that being said, the exam was tough and really focused on the cloud space, which I enjoyed.

Journey to the 402

If you’re interested in taking the 402 exam, the below graphic should paint a good picture on the pathway to get there. You will need to pass the 101 and 201 exams to achieve the BIG-IP Certified Administrator certification. Then you’ll be able to take both LTM exams (301a and 301b) and the BIG-IP DNS exam (302). This will give you the certifications in both LTM and BIG-IP DNS. These are definitely achievable to anyone with hands-on experience with the modules and LTM is a pretty common module, if you have any BIG-IPs deployed. I would suggest enjoying the journey and not just focus on the end result. It will not feel so overwhelming that way.

Those Study Materials

Like I did with the 401 exam, I tried to create a document that has all the blueprint objectives and any links I found that might apply to those objectives. Since there are no practice exams, this was the best I came up with. Now, I did not find links for every objective but what I did find helped me a great deal. I have provided a link to my Github repo that has the document and I also put it in the markdown file.

https://github.com/CoolPoole/f5-402-exam

I also wanted to call out the link below that provides some really good links to help with this exam. ArvinF from the F5 SIRT team provided his experience on the exam and his reading list. I would suggest using this as well.

https://community.f5.com/t5/technical-articles/f5-402-exam-reading-list-and-notes/ta-p/297746?sf259361488=1

Hopefully, you will find these helpful on your journey!

What’s Next?

I’m not really sure where I want to go from here, specifically. I find myself learning more and more on the security front so maybe that’s where I’ll head? For now, I’m just decompressing from this exam and will figure out what’s next shortly. I’m definitely in no rush.

Thank you for reading!

That Thing Called Configuration Sync Group Name

What is it?

There is a setting within the GSLB (Global Server Load Balancing) settings that allows multiple BIG-IP DNS devices to belong to a group allowing for synchronization of configs between them. There are actually multiple settings that can be configured (as you can see below) but I want to focus solely on the Group Name setting as it’s important for troubleshooting issues.

Config Sync Group Name

It is important to note that the default group name is “default“. It is configurable and a recommended best practice by F5 is to rename it to something unique.

Why do we care?

F5 BIG-IP DNS uses a protocol called iQuery, which operates over port 4353 (4 3DNS). I was once told that this was a reference to their old 3-DNS controller but not 100% sure if that’s true.

The iQuery protocol passes configuration information across the devices in XML format and allows an administrator to add a configuration object, such as a Wide IP or Server object, to only one device and it will replicate to the others within the sync group. Here is a sample of XML from iQuery:

iqdump example - default

As you can see above, there’s some information such as name, uptime, and port info. This information is important when you’re troubleshooting why a virtual server on the BIG-IP DNS is showing offline but the corresponding virtual server on the LTM is showing as available.

The iqdump command can be run from the command line and you just need to specify the Self-IP of the BIG-IP LTM that you want to see the XML being passed.

Changing the Synchronization Group Name

The screenshot in the earlier section was run with the synchronization group name still saying “default“. You can see this in the headers when running iqdump:

This works great out of the box, right? It does but it becomes problematic later down the road when you have a device that either needs to be RMA or reset to its default config. If this happens and all your devices are running the configuration sync group name as default and you add a new device, that blank configuration could wipe out the configuration on the other devices because they belong to the “default” sync group.

To remedy this issue, we can update the synchronization group name to something more unique like “FANCY-DNS“:

fancy-dns sync group

This allows us to add a new device without wondering if it will blow away our existing configuration on the other devices in the synchronization group. The new device would have a group name of “default” and would need to be added to the our existing sync group.

Where did it go?

When we run the same command before, we only get basic information. We do not see any of the virtual server information that we saw before. Here is why:

When we run our normal command of iqdump with the Self-IP of the LTM we are wanting to see data, we are still only looking at the “default” synchronization group. We changed this to “FANCY-DNS“. So in order to see the information, we have to add the “-s” switch to the command and use our new synchronization group name:

Now we can see our data again should we need to do any additional troubleshooting.

Story Time

This stumped me for a bit when we had a virtual server object on the BIG-IP DNS that showed as offline (red) but on the corresponding LTM, the virtual server was showing as available (green). Once I figured out how to see the virtual server data in the XML being passed back and forth, I could see that the virtual server name on the BIG-IP DNS did not match with the virtual server name on the LTM it was referencing. Once this was fixed, we were good to go.

The data in the XML is simple and gives you some good information so being able to understand and run iqdump will be a great add to anyone who has to administer BIG-IP DNS.

Hopefully this will help someone in the future but at the very least, I can refer back to it.

Helpful Links

Overview of BIG-IP DNS synchronization

Overview of BIG-IP DNS system software upgrades

Overview of the BIG-IP DNS big3d, bigip_add, and gtm_add utilities (11.x – 16.x)

Becoming Certified! – BIG-IP DNS Edition

Ok. So I know I said that it’s over but I don’t think learning is ever over. I’m proud to say that I’m officially BIG-IP DNS (formerly GTM) certified! It’s been almost a year since I took my last certification exam so I needed one to get back into the swing of things and seeing that “Passed” is always a nice feeling.

Thoughts on the Exam

This exam covered the BIG-IP DNS module which focuses mainly on DNS functionality. While I did not think this exam was terribly difficult, I did not get every question correct and I have some experience with this particular module. I felt the questions were pretty straight-forward and helped introduced some items or objects that you may or may not be using within your environment. For example, I have used BIG-IP DNS to resolve more than just A records such as MX, SRV, and TXT records in one environment, but in another environment, I’ve only used this module to handle Wide IPs. There are so many ways to utilize BIG-IP DNS that every environment will likely introduce something new which is always nice to see. There’s a lot of information in this module so make sure to use the blueprint to your advantage.

Getting 100% is not the goal. You get the same certification if you score 70% or 100%. A Pass is a Pass.

How Do I Become BIG-IP DNS Certified?

The exam required to become BIG-IP DNS certified is the 302 exam. As usual, F5 does a really nice job of providing a visual of this pathway :

As with any 300-level certification, you must first pass both the 101 and 201 exams to become a BIG-IP Certified! Administrator. Once you have gone that far, all 300-level exams become available to you.

Study Material

Operations Guide

What did I use to study? Like I mentioned earlier, I do have access to this module in a production environment and responsible for management of the device. Even with that level of access, I built a lab environment in AWS so that I could play around with some of the settings as I went through the Operations Guide and some F5 articles. One of the things that really helped me was looking at the GUI and then looking for a F5 article that talked about the settings in a particular section so I could better understand them. This section of the Operations Guide talks about DNS services:

Operations Guide – DNS Services

There are too many F5 articles to list out but building a lab is necessary, in my opinion. It allows you to screw things up and understand why you screwed it up. You can build out a lab in Azure as well since F5 has Virtual Editions in their marketplace. Please use whatever is comfortable to you and make sure to keep an eye on those charges, if you end up using one of these cloud environments.

Practice Exams

Practice exams are vital and should be considered a necessity when attempting any 200 or 300-level exam. As I’ve said in other blog posts around these certifications, they give you a similar experience as you have on exam day even if the questions are not on the exam. I love having these available to me and you can purchase 1 practice exam for $25 or 2 for $40 dollars. You have 90 days to use them. I, typically, take one at the beginning of the process and then one about a week or so before exam day so I can get an idea on how I’ll do on the exam. The practice exams are offered here:

Exam Studio – F5 Practice Exams

What’s Next?

Well, I’m on the path to taking the 402 and becoming an F5 Certified! Solution Expert – Cloud. I plan to take this exam at the end of September so we’ll see how it goes. This exam is focused more around cloud technologies and how F5 will fit into these architectures. Cloud is all about sizing and the larger you go with a particular VM, the more expensive it becomes. So I’m interested in learning more about cost-efficiency and what changes now that you don’t have access to Layer 2 anymore.

Until next time!

Becoming Certified! – The Road to 401 is Complete!

It’s finally over gang! As you can see above, I was successful in passing the 401 exam and achieving that nice looking blue badge. I’ll admit that I wasn’t a fan of the color changes to the badges but I have come around and really like that blue.

Thoughts on the Exam

Overall, I thought it was a tough exam. I think the toughest part of the exam was trying to answer questions on technologies that I do not actively use or have experience in but I understand why you might be tested on those. This certification exam tests your knowledge on all things F5 and while during the 300-level exams, you are tested on configurations for a given module but here, you need to know everything so you can education or influence your customer on the right solution. It only makes sense so once your understand that, you’ll be fine. The exam itself is tough and can make you question yourself as an engineer but like anything, it will be worth it once you pass.

I won’t say what is on the actual exam but the blueprint does a good job of pointing all that information out so that’s a good place to start.

The lack of practice exams is a killer!

So You Want To Take That 401?

Here is a visual of what you will need to achieve to be able to sit for the 401:

It’s a long journey but you will learn so much if you put the time into it. Overall, you will take 6 exams to become eligible for the 401 exam which results in 4 certifications so it is not like you are taking all 6 exams with nothing to show for it. The one great thing about the process is that each higher level exam will renew the one below it. For example, a 300-level exam will refresh the 201 and a 400-level will renew every certification that is required for it.

What Did I Use to Study?

With the lack of practice exams for 401 and not really knowing how the questions might be asked, I created my own study guide comprised of a combination of F5 resources and Youtube videos. I placed the word document in a repository on my Github but also copied it into a ReadMe file on that repository as well. You can find it below:

https://github.com/CoolPoole/f5-401-exam

Where Do I Go From Here?

I think I’m done taking F5 exams for the rest of the year, so I think I’ll plan to learn some things that I’ve been putting off. I like to play around on TryHackMe and I really want to learn some Node.js and Javascript as well as play around in Azure. I also want to build out some labs in Azure and AWS so really I will just continue to learn.

I really hope these posts will help someone but at least, I can look back and just exhale on what I’ve accomplished in 2021. Take care and keep learning new things!

Becoming Certified! – F5-CTS BIG-IP APM Edition

Yep. If you were paying attention, I passed 301b just a couple of weeks ago and since I enjoy punishment, I decided to schedule 304 immediately after it. I was a little cautious since I do not care for taking exams so close together but I’ll explain later in the post as to why I needed to take it so quickly. But before I do that, I will go through my experience with APM and what I used to pass this exam. I hope you enjoy it and find it helpful.

Working with APM – A Real Mystery

I was introduced to Access Policy Manager back in 2015 on version 11.6 by John Bailey and John Alam (two visionaries!). I had no clue on what it was or how I could use it in our environment. I was lucky enough to have a great Manager, Mike Walter, who I could always go to if I felt I needed training (which I did a lot with F5). I spent a lot of time in New York City on 33rd street taking F5 trainings which were really good to get you started as well as also providing a nice lab book that could walk you through some configurations. I think we only used APM to provide logon pages for applications that could do lookups against Active Directory and do queries for group memberships, then allowing should the query return successful. That was really it but there was so much more to it that we never explored.

Once I moved on, I was able to see APM in all of its glory. I saw Portal Access being used, Kerberos for SSO, and SAML Authentication, both as an Identity Provider and a Service Provider. I was also exposed on the configuration for On-Demand Certificate authentication and SSL VPNs. These items were foreign to me from a configuration concept or how they could be leveraged but I soon began to see them in action. Those configurations are only a small sample of what APM can do for an application.

I do not really see a lot of commentary on Access Policy Manager, especially with F5 pushing Nginx, SSL Orchestrator or the new acquisition of Volterra.   It definitely has a place with respect to securing applications fronted by the BIG-IP. 

What Do I Need To Do? Let’s Talk Requirements

The requirements to be eligible to take this exam are really straight forward, like all the other exams. You only need to have passed 201 and be a BIG-IP Certified Administrator to be eligible. That certification allows you to take 301a, 302, and 303 in addition to 304. Here is a great illustration that shows the path and can be found here:

My Lips Are Sealed

I cannot tell you what is specifically on the exam but you can expect to be asked anything and everything that Access Policy Manager provides so knowing the big topics like AAA (Authentication, Authorization, and Accounting) or Portal Access will likely be needed as they are such a big part of APM.

I am lucky enough to have access to APM in a production environment but you could easily spin up a virtual machine in AWS or Azure and provision APM so that you could just look at the GUI to see what is available. But remember, this exam is based on code version 12.1 according to the blueprint. So use the blueprint to make sure you are studying the material needed for this exam.

My Study Materials

Practice Exams

I love the practice exams provided by F5 and Exam Studio Online. As I mentioned in my previous post, I like to take one before I start studying so I can see where I am the weakest so I can spend a little more time there. You can find them here. They are fairly inexpensive with one exam costing $25 and two costing $40. You will need a F5 Candidate username to log in though.

Operations Guide

I’ve mentioned AskF5 in my previous blog post, Becoming F5-CTS BIG-IP LTM Certified!, but AskF5 has an operations guide for Access Policy Manager which goes over licensing, use cases, high availability, and security. It is really comprehensive and is a good starting point for those who have not accessed APM in some time or are new to the module. It can be found here.

So What’s Next?

So I alluded to this earlier in the post but my Application Security Manager certification is up for renewal next month so instead of renewing it, I decided to see if I can get 401 certified before ASM expires. So yeah…I love punishment. I’ve scheduled it for the end of the month and with no practice exams available, it will be a challenge.

Regardless of the outcome, I'll be sure to write another blog post about it.  Fingers crossed!

Becoming F5-CTS BIG-IP LTM Certified!

Yes! I can finally say that I have survived the one thing that haunts me and that is a certification that involves passing two exams and one that requires you pass the first exam to be eligible for the second exam. I have always preferred the one exam per certification route but I can say that I learned a lot with this path. I will try to provide what I used for both exams in the hope it will help someone who is looking to tackle this certification.

My F5 Background

Let us begin by saying that I am not new to the F5 BIG-IP nor to many of its modules. I was exposed to the BIG-IP as a SQL developer where our main relational database was being load balanced behind one of its virtual servers. One day, I had the opportunity to log in (basically the only one who was around) and had no idea how to navigate. A few years later, I would have the opportunity to manage one. This eventually turned into fourteen but things tend to multiply.

I was lucky enough to get plenty of hands-on with Local Traffic Manager, BIG-IP DNS (GTM for the old people – me included), Access Policy Manager, and Application Security Manager. This definitely made it easier for me to learn how the BIG-IP worked and how each module fit into the overall plan F5 has with making applications go faster and become more secure (applications, not the control plane CVE in 2020). It’s not impossible to pass an exam without having physical access to the BIG-IP but it definitely helps.

Let’s Talk Exams

There are two exams required to achieve the LTM certification, which is at the 300-level. The certification team at F5 actually does a great job at providing the necessary info on requirements as well as resources to study materials. While there are no official study guides for the 300-level exams, the F5 certification team provides exam blueprints as well as access to practice exams for each exam. I’ll explain where to find those later but here is an interactive guide to prerequisites for each exam.

Exam 301A – Where It All Begins

This exam will measure your ability to set up a BIG-IP device in multiple ways (i.e. Standalone, Active/Standby, or Active/Active), architect the BIG-IP so that it fits into an existing network, as well as deploying applications behind it using the many configuration options the device provides.

If you have experience in onboarding a BIG-IP into an existing network, deploying applications behind different types of virtual servers, setting up high availability with multiple BIG-IP devices, you should not have an issue with at least being in the ball park to pass this exam (minimum score of 245). Depending on your environment and exposure will determine how much you need to study.

I started out in an environment where everything was simple and had very little segmentation so no way I was passing this exam. I am no in an environment where I am exposed to more than just a standard virtual server and round robin load balancing. The Exam Blueprint can be found here so take a peek and see if there are any items that you need to do some more research.

ProTip:  If you pass 301A, I would not post that you are 301A certified.  Dr. Ken will be in your comments quickly to tell you this. 

Exam 301B – Last Person Standing

Passing this exam will get you pass the finish line and that really nice looking purple badge! I mean that’s really what you’re after right?

This exam will test your ability to troubleshoot issues with the BIG-IP devices and application configurations. This can be anything from consolidation of redundant or unused items in an existing configuration, deploying custom alerting (I see you MIBs), upgrades and rollbacks (ouch!), and profile modifications. Time is not your friend on this one. Troubleshooting can be time consuming and these questions are no different. Again, having some experience in a production environment will help (a lot) but still not impossible if you have access to a lab. But remember, passing this will get you that fancy badge so good luck!

Oh…before I forget, you can find the Exam Blueprint here but there was a nice blog post that I found where someone was kind enough to put some information to some of the items in the blueprint. I would personally like to give “Erik” a shoutout because his blog actually filled in some gaps for me. Check it out (not spam!).

Other Study Items That Really Help…I promise!

Practice Exams

There is a practice exam for each F5 exam so both 301A and 301B both have their own exams. My personal method is to buy two ($40) and while there is only one exam, I take one early on in the study process and one before I take the exam. The questions do not appear on the exam but they do, at least, give you an idea on how the questions are formatted. This is a big part of the exam process, in my opinion. They are provided by Exam Studio Online and are located here. I do believe that this ties in with your candidate login information but don’t quote me on that. It’s been a bit since I signed up and I can barely remember my password and username.

I do recommend at least purchasing one ($25) unless you like to live dangerously and if that is the case, rock on!

Labs

While I’m lucky to have access to actual devices, I know some don’t. However, I have deployed some personal devices in Amazon Web Services where you can only pay for the time that they are running (so make sure to turn them off!). This can be helpful to learn the GUI or run TMSH commands to help with learning. You are definitely going to want some hands-on experience with these because as you navigate through the GUI and command line, you can see how items relate such as how “/sys” at the command line corresponds to the “System” section in the GUI or how “/net” allows you to list the interfaces on the BIG-IP similar to how you can see them in the “Network” section. See where I am going? It helps…trust me.

AskF5

The last resource I used and really in conjunction with the labs section is AskF5. This is a great resource that will explain configuration options for a profile, tell you the default value, and even provide some “gotcha” items in the event you plan to change a value on a profile, for example. I used these quite a bit when I wanted to learn more about certain items in a given profile or configuration that you do not configure regularly or at all. Here is an example of what it might look like:

What I like most is that you can see how often it’s updated and which version of the BIG-IP software it might apply to.

In Conclusion

My only hope for this blog post is to provide some sort of insight into what it takes to become certified with Local Traffic Manager as well as give some tips that helped me pass these exams while also minimizing spelling and grammar errors.

At the end of the day, you should take these exams because you want to and not because you feel like you have to. I use certifications as a way to keep me honest while I am learning, otherwise I feel like I would not put as much effort into it. Take them for yourself because you want to learn and not because you feel like it will validate what you know.

Thank you for taking the time to read this post and I wish you good luck!

About Me

Hi there! It looks like you may have taken a wrong turn on this thing we call the internet but I’m happy you found me.

My name is Shannon Poole and I try to pretend that I’m good at what I do but I’m mainly putting out fires and constantly learning. I’ve been lucky enough to work for some really smart people that allowed me the flexibility to learn new things. I’ve been a Military Police officer, Shipping/Receiving Clerk, Warehouse Selector/Forklift Operator, Business Analyst, SQL Programmer, Database Administrator, Exchange Administrator, F5 Administrator, and Manager. I’ve been all over the place with my work but Information Security is where I plan to settle in and to be specific, DFIR, is where I would like to end up.

My path is not conventional. I’ve worked in warehouses and corporate offices. I’ve worked midnight shits so I could get take college classes during the day. I’ve slept in my car, on the floor, on the couch so I could accomplish my goal. I’ve dug fox holes, and low crawled. The point of this is that while it might not feel like it at the time, you are making an effort to get to where you want to go and all you have to do is stay the course. There will be doubts for sure but know that it will all be worth it in the end.

Thanks for stopping by!

Turning Hostnames into IP addresses

So, it has been a couple of months since I passed the CompTIA Security+ exam and a little over a month since I wrote a blog post about it. I thought it might be time for a new one. I haven’t been able to turn my experience as a system administrator and certifications with Cisco, F5, and AWS into a role in Cybersecurity or Information Security but that doesn’t mean it won’t happen. I’m trying to keep an open mind but in the meantime, I’ve been trying to learn Python. Truth be told, I am trying to learn more than just Python, such as Malware Analysis and Incident Response but learning Python can help me toward my goals. In this post, I’ll talk about my first program with Python and my experience writing it as well as what I think of the language.

Why Python?

As I try to keep my learning to being more security-centric, I see a lot of scripts on Github and other repositories that are written in Python. From reading (a lot of reading) posts and viewing YouTube videos, it appears that the language and IDE are pretty lightweight and fairly easy to learn. There’s a lot of resources out there as well as some books that can help you along the way. Also, I’ll post a few that I have purchased but in the end, performing a simple Google search will be the best resource in my opinion but I love books so buy some books if you like books. I also want to mention that I used Visual Studio Code as my text editor because it has so many integrations and is really easy to use.

Why Hostnames to IP addresses?

From my experience with troubleshooting or just performing some OSINT (Open Source Intelligence) on domains or hosts on your network, sometimes you get a list that you need to look up and it would just take a long time (not to mention boring) to run a nslookup or ping command on each one separately. You really have better things to do with your time. I also had some requirements based on that experience such as having a program that could be used for list of domains or hosts as well as a single domain or host. I also wanted to be able to write the output to a file with a timestamp that allowed you to run it multiple times in a given day without having to delete or rename the previous file. The most important requirement was to have ASCII art and colors because let’s be honest, that’s what other programmers really want to see. Code is code but if you can have some really nice ASCII art or some nice colored output, you’re on your way to being…what is it again? 1337? 31337? L33t? Something to that effect.

The Program

So there are two scripts that were written to accomplish my goal. The first was a menu-based program, called hostnames-to-ipaddresses.py. This one was my first experience with Python and really wasn’t too bad to write. I had to first learn the syntax for concepts like functions as well as conditional statements like if…then…else. Functions and conditions aren’t written much different than other languages but they still have own syntax. Here is an example of a function:

def single_input():
    single_domain = input("\nPlease enter your domain: ")
    print("\nLooking up", single_domain, "...\n")
    time.sleep(1)

    try:
        ip_address = socket.gethostbyname_ex(single_domain)
        print("The IP for", single_domain, "is", ip_address, "\n")
    except socket.gaierror:
        print("Your domain does not exist.")

As you can see with the code above, the function is set with a colon and inputs can be passed through as usual but the rest of the code is pretty standard and easy to figure out. That is just one example of how Python (at least for me) was easy to understand or at least figure out as I looked at blog posts, videos, and error messages.

With the rest of the program, I was knew that I needed a couple of options, single input and file input. As I mentioned previously, I wanted to use the same program regardless of looking up a single domain/host or a file with a list of domains/hosts. I also make the decision that I don’t need to output to a file if I am looking up a single domain/host. This made the single input function much easier to write than the file version. You can see the above code and see how it’s just asking the user for the domain and printing the output.

Getting the IP address from a Hostname

Let’s talk about the actual module being used for translating a hostname into an IP address, Socket. The Socket module contains a couple of functions that can be used to perform this action. I initially used gethostbyname, but that gave me a false sense of accomplishment. This function is a little misleading unless you read the documentation because it will only return one IP address even if there are multiple IP addresses assigned to that domain name. This is where gethostbyname_ex is the better option for what I was wanting in my output.

ip_address = socket.gethostbyname_ex(single_domain)

Reading and Writing a File

For the next requirement, I needed to be able to build a function to read in and write out to a file. This is a little more complicated than just using a built-in function from an imported module. Reading in a file means that there are more than just one line to input so in addition to figuring out the syntax in Python to read a file but I also needed to be able to loop through the file to produce the expected output. You can read this link but here is what it looks like:

with open(filename, "r") as ins:

As you can probably tell, I’m telling Python to open the file in the variable “filename” and telling it to read it with the “r” argument. So it’s really that simple but there are so many different types of files that can be read such as binary but for my purpose, it could be a simple TXT or CSV file.

Writing to a file isn’t much different as you can see below. I just decided to put the action into a variable that I could call later within the For Loop. It was pretty straight forward and I was even feeling extra generous and put a comment for the strip function. I really did it for myself because I will likely look back on this and without any comments, I’ll probably think I am a little crazy and losing my mind.

outF = open(file_out, "w")
            for line in ins:
                
                try:
                    ip_address = socket.gethostbyname_ex(line.strip()) # strip() will strip any trailing or leading blank spaces
                    print("The IP for", line, "is", ip_address, "\n")
                    outF.write(str(ip_address))
                    outF.write("\n")
                except socket.gaierror:
                    print("Domain does not exist.")

Adding Datetime to a Filename

The ability to add a timestamp to a file name is pretty common. For my purpose, I wanted to be able to run the program multiple times per day without having to delete the file to avoid errors. I accomplished this using two variables. I’m sure there are better ways and likely can be done in a one-liner but for beginners, it might be easier to break the process down in multiple steps and as you become more comfortable, combining lines will make more sense. In the below code, I used the strftime function from the time module to set a timestamp and then added that to the file name within the file_out variable. I’ve used this type of way for adding timestamps in T-SQL scripts so it made sense for me.

date = time.strftime("%Y%m%d-%H%M%S")
file_out = ("hostnames-to-ipaddress-output-" + date + ".txt")

The Real Reason to Write in Python – ASCII Art!

The real reason why we write Python. I’ve always seen this done in scripts and thought it was a colorful way to put your mark on it. For this, I used Pyfiglet which is a nice module for this purpose. It’s really easy to use and there are so many different font types you can use too. I haven’t seen it used a lot but it was a nice add to give the script some aesthetics.

ascii_closing_banner = pyfiglet.figlet_format("Smell Ya Later!\n")

Final Thoughts

The rest of the script is really just an IF…ELSE statement that calls the single or file functions based on which option the user chooses via the menu. The entire script is less than 90 lines with some of those consisting of comments. After spending some time googling error messages or learning the syntax, I can safely say that my experience with Python was rather enjoyable. I’m not sure learning C++ again after such a long time would have been as easy but there are so many resources devoted to Python that it made it easy to find resolution to any errors or questions that I had. I would definitely recommend learning Python. I hope this blog post helps anyone trying to learn Python but at the very least, it will help me remember what I was doing with this code.

Honorable Mention – host2ip.py

I was able to trim the number of lines down with the host2ip.py version that uses arguments rather than menu. I wanted to have a simpler version that can be used to type one line and get the output rather than going through menus. It’s really a preference as both work the same way but I did add color to the output of this version so it’s fancy.

References

Python Crash Course by Eric Matthes

Automate the Boring Stuff with Python by Al Sweigart

What I Used to Pass CompTIA Security+ SY0-501

Yes! I passed the CompTIA Security+ SY0-501 exam!

Passing this exam was something I had on my list of things to do in 2020 and as usual, I waited until the final month of 2020 to mark it off my list. But it’s off my list and that’s the most important thing, at least for me. While I do have some experience in IT, I’m really glad I decided to go after this certification. I will not get into the degree versus certification discussion as I think everyone has their own opinion and we’ll leave it at that. One thing I am a firm believer in, is the ability to take whatever path you choose but make sure you can understand the basics before attempting higher level knowledge. You don’t have to go after things like CCIE or OSCP starting out but having basic networking and security knowledge is a great help when it comes to troubleshooting and making decisions around configuring systems or architectural designs.

My reasoning for taking the Security+ exam was to ensure that I do have a solid foundation of security concepts but also I plan to move into the Information/Cyber Security job space permanently (hopefully in 2021). Having the Security+ certification also helps if you are planning to work in the government sector as they follow DoD Directive 8570 so make sure to check that out if you are looking to move toward that space.

Since the exam doesn’t expire until July 2021 and there aren’t as many resources available for the new SY0-601 exam, I opted for the SY0-501. I also wanted to achieve the certification before 2021, so I gave myself about 30 days to study which is fairly aggressive but I did not feel like I needed to study every subject area thoroughly as I did with Cryptography. I also followed my usual study method of watching videos, reading the book, and taking practice tests. Doing those three things has always helped me when studying for a certification. I’ll go through each and give a review on the tools I used so hope this is helpful.

Books

I always use books as my main source of study aid when I’m looking to chase a certification or learn a new thing. For the Security+, I used the CompTIA Security+ Get Certified Get Ahead by Darril Gibson. Books tend to have so much more information and detail that really helps drive home some concepts that might be tough to consume. This book, in particular, has a pre-assessment test in the beginning and practice questions after each chapter. By purchasing the book, I believe there are some other study tools that come with it but I didn’t use them. For the book itself, this one was really good and easy to understand. The book isn’t too expensive but if you’re into reading on a Kindle, there is a Kindle version for $10.

Videos

Videos are really nice to give an overview on a topic but it’s not going to give you the detail and understanding you need in 10 5-minute videos. However, it does partner well with a book and that’s how I tend to use them. I usually watch the videos first, then read the corresponding section to really drive it home. I opted to use Mike Meyers videos on Udemy which were really good and he’s a bit animated so that helps keep my attention as you know, sitting and watching an hour’s worth of videos on security foundations might not be the most interesting thing to do. Since I had a shortened timeline for this certification, I only focused on certain videos and topics such as Cryptography or Wireless since I felt those were really important to understand the detail.

Practice Tests

In my opinion, practice tests are a must and vital to getting in that testing mindset. For this, Udemy had 3 practice tests by Mike Meyers. I took all three during the last week leading up until the test but I did take them multiple times so I really could understand why I wasn’t answering some correctly. One method I have always used with these tests, is to make sure you can explain or understand why a provided option of a multiple-choice question is the wrong answer more so than finding the right answer. If you can do this fairly well, you should have a better chance on questions you might not know the answer to on the actual exam. These practice tests on Udemy actually grades the test and provides the answers. You can filter by ones that you answered incorrectly, correctly, or just by all the questions. They do provide a bit of detail for each option on a question and why they are correct/incorrect. So this does help you study and see where you need more work.

Additional Online Material

Some additional online material that helped me came from Professor Messer. He has a few various tools that are really beneficial and most importantly, they are FREE! I’ve listed these below but in short, he has a monthly study group where he goes over practice questions, posts sample questions on his Instagram page, and offers some sample questions on his website. I used these as fillers when I didn’t feel like reading or watching a video. The study group on YouTube is something you can just listen while you do other things. I really enjoyed them.

I’m sure this is a lot of information and a lengthy post but my hope is that someone finds this helpful as they try to study for the Security+. One thing to remember though…there is no one right way to do it and you should always understand that sometimes the most direct path isn’t the most rewarding one.

Thank you for reading and Good Luck!