NordbySec

I’m still in the process of working through the footprinting module, which was estimated to take two days of study. This obviously breaks down to 24 hours of study time which can be a lot on top of all the other day to day things that life spawns. It’s also like twenty some lessons that compose near entirely of text walls followed by short labs. So this post is a short one about a side quest that I’ve taken up along side my CPTS/OSCP study. My goal in this side quest is to go from zero to hero in Splunk.

.

.

I have zero formal experience with Splunk or other SIEM/aggregate systems and have noticed that it is a popular skill to have for defenders, analysts, and SOC teams. I read the initial documentation in a sleepy haze at 1:00 or 2:00 in the morning and missed the part where there’s a Windows .msi installer, which led to me learning some basic Docker the next morning and spending a couple hours spinning up an Ubuntu instance on my server and installing a Splunk container there. At the end of my config, I went back to the beginning of the documentation, lo and behold, a link to a Windows installer. Five minutes later I was signed in and running through the dashboard on my Windows localhost.

.

.

I started working on some of the Splunk Power User cert and want to tackle that and the Splunk Cyber Defense cert in the next month or so. The content doesn’t seem too hard, the system is intuitive enough. My one concern is that it’s wasted time, considering the state of AI and the likelihood of it replacing most jobs that are primarily focused on logging and log analysis. I figure it’s a good skill to have regardless, so I’ll waste some time on it and throw it on my resume. I’ll be back next week with an update on my footprinting methodology and some short write ups on things I found interesting.