This actually helps with impostor syndrome. Not what I came here for, but the effect I notice. Since I've been doing the job, I figured I can pull it off mostly but... it often still feels like I barely know what I'm doing.
Reading this list, the topics are quite varied from network to filesystem to scripting, and yet I'm definitely confident in 47 of these 50 topics. Two of the remaining three I can do as specified, but not more deeply. For the final one, I already knew I'm lacking ($cloud vendor specific permission stuff) but I just don't find that area very motivating even if it looks like the established cloud vendors are here to stay. Feels rather dull to memorize vendor-specific words for established techniques and learn platform-specific attacks like the metadata service on AWS.
Anyway, it also seems like a good list (nice to say when you just said you know basically all of this? heh), because the topics are so varied yet it seems to aptly cover what I indeed use in daily work. Some points are more rare of course, like PMS logging for Wireshark (most of the time you do MITM rather than make the client log decryption keys), but still good to know of. I will probably refer to this next time someone asks me how to get into security! My answers to that question were previously quite basic, like just read up on attacks for the systems you're interested in or familiar with, or start with the OWASP top 10 if you don't know where to start. Then again, this list might also seems daunting if you need to ask the question of how to get started, hmm.
One thing to perhaps add would be subnetting / network isolation. It's not something you need in every assignment, but more often than you might think. Even if you do a simple web assignment and you find an SSRF through which you can obtain something important, being able to explain what isolation they are lacking and how it's supposed to be implemented without being able to bypass e.g. the VLAN tagging is helpful to your client (even if only the most high-security organisations care to properly implement it). The list mentions CIDRs, but knowing that there exists such a thing as IP ranges is of course not the whole story.
Also, the number of times the customer came with an isolated offline environment for either exams or sensitive systems... with a recursive DNS resolver... But I suppose #22 could cover that even if it doesn't specifically mention DNS tunneling.
Reading this list, the topics are quite varied from network to filesystem to scripting, and yet I'm definitely confident in 47 of these 50 topics. Two of the remaining three I can do as specified, but not more deeply. For the final one, I already knew I'm lacking ($cloud vendor specific permission stuff) but I just don't find that area very motivating even if it looks like the established cloud vendors are here to stay. Feels rather dull to memorize vendor-specific words for established techniques and learn platform-specific attacks like the metadata service on AWS.
Anyway, it also seems like a good list (nice to say when you just said you know basically all of this? heh), because the topics are so varied yet it seems to aptly cover what I indeed use in daily work. Some points are more rare of course, like PMS logging for Wireshark (most of the time you do MITM rather than make the client log decryption keys), but still good to know of. I will probably refer to this next time someone asks me how to get into security! My answers to that question were previously quite basic, like just read up on attacks for the systems you're interested in or familiar with, or start with the OWASP top 10 if you don't know where to start. Then again, this list might also seems daunting if you need to ask the question of how to get started, hmm.
One thing to perhaps add would be subnetting / network isolation. It's not something you need in every assignment, but more often than you might think. Even if you do a simple web assignment and you find an SSRF through which you can obtain something important, being able to explain what isolation they are lacking and how it's supposed to be implemented without being able to bypass e.g. the VLAN tagging is helpful to your client (even if only the most high-security organisations care to properly implement it). The list mentions CIDRs, but knowing that there exists such a thing as IP ranges is of course not the whole story.
Also, the number of times the customer came with an isolated offline environment for either exams or sensitive systems... with a recursive DNS resolver... But I suppose #22 could cover that even if it doesn't specifically mention DNS tunneling.