Yaseen Ahmed, a talented Year 10 student and member of Muslims in tech describes his cybersecurity work experience in his own words.
If you’re looking for help finding an internship, reach out to us at info@muslimsintech.org
What did you do during work experience?
Gridware has a training program for newly hired junior-level penetration testers to get OSCP certified if they are not already. It involves doing several training modules on various websites. The ones that were assigned to me were:
Portswigger Academy:
Server-Side topics
- SQL Injection
- Authentication
- Directory traversal
- Command Injection
- Business logic vulnerabilities – Labs can be skipped but recommend having a read through.
- Information disclosure
- Access Control
- File upload vulnerabilities
Client-side topics
- Cross-site scripting (XSS)
- CSRF – Labs can be skipped but recommend having a read through.
- CORS – Labs can be skipped but recommend having a read through.
- Clickjacking (Did not finish)
- DOM-based vulnerabilities – Labs can be skipped but recommend having a read through. (Did not finish)
Advanced topics
- JWT attacks (Did not finish)
- Essential skills (Did not finish)
Tryhackme – only did the free rooms:
- Introduction to Pentesting – Free
- Pentesting Fundamentals
- Principles of Security
- Network Security – Free
- Passive Reconnaissance
- Active Reconnaissance
- Nmap Live Host Discovery
- Nmap Basic Port Scans
- Nmap Post Port Scans
- Protocols and Servers
- Protocols and Servers 2
- Net Sec Challenge
- Vulnerability Research – Free
- Vulnerabilities 101
- Exploit Vulnerabilities
- Vulnerability Capstone
—– SKIPPED ——-
- Metasploit – Paid OPTIONAL
- Metasploit: Introduction
- Metasploit: Exploitation
- Metasploit: Meterpreter
- Privilege Escalation: Paid OPTIONAL
- What the shell?
- Linux Privilege Escalation
- Windows Privilege Escalation
The program ended with a capstone project of trying to get the root flag on the HackTheBox machine Haircut and then writing a short writeup on it. Normally this program takes a month to complete, but I ran through it in a week and produced a write-up (attached just below).
How was your experience?
It was an absolutely wonderful experience. The team was super helpful, kind, and patient. It was a very welcoming space with a very encouraging team that genuinely cared about me and my progress. It was a wonderful introduction to the world of IT and cybersecurity.
What did you learn?
I refreshed my knowledge of penetration testing knowledge and had a bit of an introduction to linux privilege escalation. I also learnt how to use tools like Burp Suite and various web-app attacks, such as SQL injection, file uploads, and command injection.
How did Muslims in Tech help?
Muslims in Tech played a large part in me securing this internship. The Muslims in Tech community helped me build connections through their many keynote events and get-togethers and meet many people who helped me on this journey, including someone who would refer me to the CEO of Gridware.
Final thoughts and comments
For anyone who is looking to do Work Experience soon, heed my advice and pick a job that you will actually be interested in doing in the future. I see too many of my friends pick any job they can get just to get it done while wasting this massive opportunity. Find a place that you would like to work in the future, and try and learn as much as you can in the week that you have. It will pay massive dividends later
At Muslims in tech, our network is at your disposal and we will go out of our way to help you in your journey. If you’re looking to join a supportive and talented community, go to muslimsintech.org/join and spread the word to others!
