Now that I have completed my Red Team Professional and had a taste of Red Team engagmenets, this week was all about self reflection, relaxing and thinking about what is next on the horizon for me. I haven't touched any HackTheBox machines recently and it looks like there are a lot of new active ones out, so I'm going to be trying to level up and sink my teeth into some juicy machines!
In regards to certifications, I'm required to do the CompTIA Security+ as part of my role. After this, there are a couple of pathways I could take, but these are just some options that has been floating in my mind.
Mandatory - Must have, no questions
Pathway 1 - More intense and difficult path.
Python for Pentesters: I think its essential to learn python and get a foundational level understanding on any programming language. Reading the Offensive Security Web Expert Guide and reviews, they state that python something that is required before jumping in. I might take this course first before jumping in so I can be ready.
Offensive Security Web Expert: I think this would be the next logical step for me if I want to do Web Application testing for companies etc. I've read a lot of reviews on this course and it sounds really in depth and difficult. A lot of de-sanitisation, code review and white box hacking. Getting shell from any web application, by creating your own python script to attack from scratch. I hear they give you the source code and you basically need to get RCE. I don't think its that hard, but who knows.
Pathway 2 - Expensive, World class Educations
Some SANS training would be really useful, but to be honest I would rather the Offensive Security certifications as I believe they are much difficult and can be an point of reference to judge a persons character and witt. In saying that, I wouldnt shy away from SANs. Perhaps GXPEN, Red Teaming (SEC654) or Purple Teaming (SEC599) courses would suit my strengths and passion. Maybe next year?