/biz/ - Business & Finance

1/5

>>14291877
Nice dubs. Just got Kali. Will follow up in 3 mos

2/5

3/5

>>14291877
op much appreciated, do you happen to have link for original thread archive?

4/5

based.

5/5

Link to original thread (will add this to general! thanks anon):
>>14246491

yeah bud im sure someone will hire someone with 3-4 months experience for 120k starting i believe you

>>14292174
hey go fuck yourself in another thread

Thank you based Anon.

thanks man

>>14292174
If you google OSCP starting salary, you will see that the average stated is 90k. I feel this is low due to the mislabeling of IT jobs in the industry. Some jobs labeled "Penetration Tester" are actually analyst jobs, and not true penetration testing, which probably pay more like 60k and hurt the average. They also do not require OSCP, like the true pentest jobs.

A good remote pentest job that requires OSCP should get you easily above 100k.

I will add that I would not even bother talking with a recruiter or hiring manager if they are not offering 120k for a pentest job. I would say it is ok to take less for your first gig, but after that, you should require 120k+ . If they are not willing to pay that, then you do not want to work for them anyway. Either the job is not really hacking, or they are shorting you and it would not be a good place to work.

Thanks for the replies and bumps anons!. You got this!

>>14291877
Hey dude thanks for this, fascinating stuff. If you want to monetize your generous education of neetcels consider making a blog or something and affiliate market books/paid products related to the field. No reason to work for free trying to motivate stinky NEETs.

>>14291877
Been working my way through the ebooks I could find from your suggestions, as I'm traveling and only have my tablet. Looking forward to getting home in a couple days and getting started with Kali.

Thanks a million anon, I'm excited to see where this takes me.

>>14292313
I have considered monetizing. I may still do something along those lines in the future. But I am making really good money, and I stay quite busy hacking and researching. Maybe down the road. I don't mind sharing this info for free here with anons, because as I have said before, 4chan is special to me. I want my fellow anons to succeed.

>>14292323
That's great! I'm excited to hear about your progress. Feel free to send questions or request resources as you continue your quest.

>>14292380
You're a nice guy, but you will kick yourself in a few years for not exploiting your niche knowledge and generous desire to educate to get even further ahead. An extra 10-20k a year can mean the difference of being able to retire on passive income 5 years early, and 10 years early.

You have specialized knowledge of how to break into an on-demand career field and also are keyed in to internet culture in a way that lets you communicate effectively woth the zoomers that will one day be the backbone of information security, since it is unlikely they can h1b a workforce for the field.

I'm an air traffic controller with 10 years in my career, but your product, such as it is, is compelling enough to get me to consider taking it up and learning it on the side since you demonstrate its value very well.

Anyways, think about it. I hope you get people emailing you down the line thanking you for making them aware of the opportunity. Quality posting is rare in biz.

>>14292539
You make some good points. I will consider what you have suggested. I would be interested in figuring out a way to mentor people interested in this career path, without simply trying to sell them the information. I just always felt the area was so niche, that advertising on a blog, or adsense of videos or something just would not generate enough revenue to make it worthwhile. And I don't want to try to sell videos or books right now. I have made videos in the past on different topics, and it is a lot of time and work. I'm open to suggestions of how to monetize, without simply keeping the info behind a paywall. I genuinely love hacking and want others to discover it. I don't want to keep anyone from this info. I believe it should be freely available.

I am already getting a ton of emails from anons with lots of appreciation and thanks. That is what really inspired me to make the General thread here and keep going. I'm glad to help, and having positive vibes in my life is already a good payoff.

Here is another great resource anons:
https://github.com/codingo/Reconnoitre

Reconnoitre is a tool developed specifically for use on the OSCP lab. It automates the initial recon process (running nmap & other tools.) It also creates folders for your target machines, and includes .txt file output files that suggest further recon. Not only does the output tell you to run Nikto or Dirb on a certain finding, but it gives you the command line syntax for doing so!

I did not write this tool, but I do really appreciate the person who did, whoever they are. It helped a lot while working on OSCP. It would also be really useful for practicing on hackthebox.eu or against vulnhub vms.

I still make use of it in my daily work.

>>14292756
i will send you a cute email one day.

>>14292829
hey Ive been working for a while off and on towards getting my OSCP cert. When do you suggest I take a shot at the test? Ive gotten into about 30 machines in the lab so far. Also I will probably shoot u an email later. Do you have a discord or something u chill in with other pen testers?

>>14292380
>I want my fellow anons to succeed.
Perhaps the real penetration was breaking into the hearts and minds of your fellow anons. Thank you based OSCP anon.

>>14291877
Do schools teaching pentesting exist? Do they even make sense?

>>14292925
30 machines is pretty good. I feel like 40 is the target number for feeling very confident on the exam. 30 will get you by, but it may be a stressful exam. Those last 10 machines will be some of the harder ones you do and force you outside your comfort zone in terms of methodology.

Keep in mind that the exam usually has a waitlist, just like when you signed up for the course. You may have to wait 3-4 weeks to get the day/time you want for testing, so be sure to take that into consideration, and maybe do some hackthebox.eu in the meantime if you have to wait a while to test.

I am not on discord. Honestly, I spent so much time in my company's slack and Teams channels, that I do not really have time to hang out with other hackers outside of work these days. I usually just mingle at conferences.

>>14292937
kek. good post anon.

>>14292988
as far as I know, schools do not teach "pentesting." There are schools that offer cybersecurity degrees, but at this time, I would say it is not a good value. Most people I meet with a cyber degree can't really do much hands on. I feel like the degrees are for management. So if you wanted to manage pentesters, then the degree is a good option. Otherwise, your best option is still online learning and DIY. Maybe this will change in the future, but I think the best instruction will always be from private companies like Offensive Security and eLearnSecurity, as well as a few Govt agencies.

>>14292834
Always appreciated

>>14291877
Hey anon, let's say I have a background in programming and i'm up to date on everything you listed but I don't have certifications, are those just for proving to HR you know what you are doing or are they mandatory to work in the field?

>>14291877
thanks for doing this anon

Hardware recommendations? Need a new laptop soon.

>>14293114
cont.
Also any tips for getting/passing interviews?
Could you tell us what the hiring process is like?

>>14293114
A good pentest job will require some kind of cert. Either CeH, OSCP, or GWAPT. I never bring up GWAPT because SANS is crazy expensive. CeH I don't believe proves anything other than having a decent memory.

Serious firms require OSCP. The certs are required by their clients and customers, usually as part of the contract for the work.

>>14293125
Hacking does not actually require much in the way of hardware. I did all my self learning on a really old samsung laptop with an i3 I think (I was poor before I got my cert.) As far as my current recommendation on hardware, well I just bought a System76, and I love it. But don't do that if you want windows or want to game. They are designed for linux and you will not have an easy time getting windows drivers. Other than that, here are some hardware specs to consider:

16GB ram minimum. Don't buy a machine right now with less.
SSD or M.2 drive . A fast hard drive is important and worh the cost.
Ryzen threadripper. Multi-tasking is about the only area that matters too much for hacking. You want to be able to process as many threads at once as you can. The Ryzen threadripper 2950x is a great processor for this purpose.

>>14293161
Interviews are never pleasant. When you first transition into this career, you will not get hired on many interviews. Play the numbers game. You only need 1 person to say "yes". If you get through the 1st interview with a good penetration testing firm, they will likely have a test for you to take. For my current role, I had to take a test similar to the OSCP exam. It was remote. If you can pass OSCP though, then it is easy and actually a great way to prove your competence if you do not have experience on your resume yet.

As for getting interviews. Linkedin and DICE. I got my last 3 jobs from Linkedin. Once you get OSCP and put it on your linkedin page, you will start getting contacted by recruiters and hiring managers, guaranteed.

>>14293059
As I suspected. I don't pretend to be that educated on the matter since I'm not pursuing this career, but back in the days (high school) I enjoyed hacking and social engeneering, and for what is my knowledge-base on the matter all majors I've met on campus related to computer security are fucking retarded. They go around parading as "muh the hacker-guy" or similar archetypes, but are really ridiculously gullable. One of them was in charge of their department's network. Guess which password used for root?

>>14293125
sorry noticed you specified laptop and I suggested a cpu for a desktop. Anyway, the other specs still apply and basically you should be spending around $1100 for a good laptop with proper RAM , CPU (probably I7), and drive specs.

>>14293270
From your story, I imagine the pass was probably one in this list:
https://www.securitymagazine.com/articles/89694-the-top-100-worst-passwords

Also, a quick note for those practicing hacking in kali. The rockyou password list is pretty good for cracking hashes. They are some good cracking lists in kali by default. They reside in /usr/share/wordlists . I usually copy this folder to /root/ or desktop for quicker access.

>>14293257
What about CISSP?
Iv heard a lot of people say you should go for that one to do pen testing.(pic related)

Also let me ask, in the tests what exactly are they testing you on?
Just scanning and running some metasploit scripts?
Do they test your programming skills or is it all script kiddie stuff?

>>14293438
CISSP is for defensive jobs and/or managers. The technical stuff is mostly defense, and it also deals a lot with policy and legal. You do not need this to be a pentester, and you would be better off devoting your time and effort into other areas. OSCP is the king of pentesting certs at this time. You could also do AWAE (Advanced Web) or OSCE it maybe called now for the online version. It is somewhat advanced and should not be attempted until you are OSCP though.

They test you in a way that is very similar to hackthebox, vulnhub, OSCP lab. You get a single machine as a target and the objective is to root it and maybe capture a "flag". Usually these tests are setup in a way that metasploit is near useless, in order to filter out the script kids. For my last test, I had to find somewhere in a web app to inject code. Such as php injection or something, can't remember what language / framework exactly, but it was code injection in a parameter. On the box, I had to escalate privilege, which was done by abusing some poor sudo configs. Then the flag was encrypted file. I had to find a way to decrypt it. Nothing too crazy, but metasploit was useless for that particular test.

Metasploit is a great framework and I use it in my job, but exams will usually be designed in a way to avoid relying on it. Or in the case of OSCP, you can only use metasploit on 1 of the 5 target machines for the exam.

>>14291877
thank you for this thread anon. you're a good man

>>14293595
Very interesting, thanks anon.

>Then the flag was encrypted file. I had to find a way to decrypt it.
Do you remember how you decrypted it?
Was their something on the machine or did you actually have to break the encryption?
I could do everything up to this point. Crypto kills me. :(

>Metasploit is a great framework and I use it in my job, but exams will usually be designed in a way to avoid relying on it. Or in the case of OSCP, you can only use metasploit on 1 of the 5 target machines for the exam.

How is the exam proctored?
Do you have internet access or are you completely offline while doing this?
How can they know if you used metasploit or not?

>>14291877
Care to share a backstory? How did you find out about this?
I was planning on becoming a webdev, but since you said that this niche is scarce, it seems like the wiser choice. Might as well put the money from crypto in some good use

>>14294089
Not OP, but i don't think it's as easy as OP makes it sound.
You basically have to have the same understanding as a systems admin, a good grasp of linux, be able to code, and now it seems like Cryptology is also required. (fuck cryptology it's a glorified guessing game)

Usually being good at just one of those things is hard for people, and enough to land a job.

Maybe i'm wrong though, I don't work in that field.
I'm over here in programmer land.
And as a citizen of programmer land, I can tell you, don't learn webdev. Learn to program in a real language and you can pick up webdev easily after. C#/Java are the bee's knees now.

>>14293798
thanks anon.

>>14293822
>Do you remember how you decrypted it?
There were things on the machine which provided info on how to decrypt, if you could spot them and knew what they were for. If you could do everything else, then you would have been fine.

>How is the exam proctored?
Webcam

>Do you have internet access or are you completely offline while doing this?
You are online. You vpn into their testing network for the test, but you have access to google and everything like normal.

>How can they know if you used metasploit or not?
You submit a report at the end of the test, detailing how you broke into each machine. Also, metasploit leaves some evidence of use on the target.
I heard that there is also a new requirement to share your screen with the proctor. Not sure exactly how this works, but the idea is that they can see what you are doing. I didn't have to do this when I tested, but it shouldn't matter really.

>>14294089
It was not a discovery I made all at once. I pieced the information together over time. I did a lot of stuff I probably didn't need to do. Like one time I took a whole course on router security. That was probably not necessary. So once I went through this process and figured out what was most important to my success, I organized the information for others. I mentor people on Linkedin and offer my advice within the IT industry on various platforms. I recognized that there was not a google single point of contact for this info, so I sought to help others with what I had collected, as well as help them avoid the pitfalls I had to go through.

>>14294265
The difference is that you are not required to be an expert in any of those fields. You need a broader knowledge, sure, but you never have to specialize in any of them. You don't need to be able to program. You just need to be able to recognize what code is doing. You don't need crypto. That was a one off no an exam, which is Not part of OSCP lab.

>>14294265
I think it was basically "bonus points" that I was able to decrypt the file. It took me about an hour of research via google and white papers to figure out how to do it. I don't know much about crypto.

Most the time when I am testing for work, I can google whatever technology I am trying to break into, and someone has done it before. I can use the info available to build my attack. It's mostly research on the fly. I know that sounds crazy, but that is honestly how it works.

The best hackers I know are not the most knowledgeable persay, but rather, the most persistent and willing to research what they don't already know.

>>14294358
>Most the time when I am testing for work, I can google whatever technology I am trying to break into, and someone has done it before. I can use the info available to build my attack. It's mostly research on the fly. I know that sounds crazy, but that is honestly how it works.

Same for programming friend.
It's only the brain dead cert people and universities that think you should be memorizing entire books instead of using google.

I still get PTSD for some of those cert tests.

If you are telling me this is a skills test, where I can just go in knowing what i'm doing and pass the test instead of having to memorize and enter the exact file location of some file you would never edit without tab complete, find, or locate, then i'm sold.
Thanks anon. :)

>>14294562
That's right. The OSCP exam and exams I have taken for jobs, require no memorization at all. You have access to google and your own notes. OSCP exam is to hack into 4 of 5 machines and then explain how you did it. Nothing to remember :)

Feel free to email me or summon me here, if you are looking for resources as you pursue this path. You can do this.

Before I start is this feasible for the average person capable of reading instructions or should I have prior experience?

I've been using linux for 5 years on my desktop and have fucked around with servers off and on but aside from that I don't have much experience

>>14291887

I couldn't even figure out how to break into hackthebox.eu. Don't think this stuff is for me.

t. Software Developer for 2+ years

>>14291877
based and checkd

Is it actually possible to get money from this? Mom says I have to stop neeting... already familiar with linux and basic bash scripting

>>14291877
I can't figure this one out. Any anons who get scammed by this dood come back and tell us what he did and I'll send you 20 dollars of link.

>>14295013
hackthebox.eu is a bit advanced. It is also CTF style.

There are guides to how to hack into it. Just use one to get started. Once you are on the site, you will find it is not so bad. Also, hackthebox.eu is not a great starting point if you dont have much prior experience. I would suggest starting with vulnhub.com . Download a few of the VMs which are described as easy to intermediate difficulty and practice against them in virtualbox or vmware.

You have to start somewhere anon. I didn't say it would be a cakewalk, but it is doable if you are persistent.

>>14294961
This is feasible for a person of average intelligence who can follow instructions. But you must be determined.

>>14295029
I make 150k / year. Entry level positions start at 90k according to google, but I think you can start at 100k+ if you have gained OSCP or some comparable certifications and show competence by having your own github or attending conferences. I posted about this somewhat early in the thread. It is a good job in terms of pay, and you can work remote.

>>14291877
I have my eCPPT Gold. Can I get some small jobs to get some side hussle money somewhere?
What would you recommend?

>>14295200
Thanks OP, you might have just provided me with some direction in life. Also, you are a dubs magnet

>>14291877
Why does T'pol look so weird in this gif?

>>14295290
I don't really know too much about freelance pentesting. I have always been concerned that somebody sketchy would use me for some blackhat stuff and then I would be in trouble.

Sites like upwork.com have some posts looking for freelance pentester. You could try there, but I would just say be careful and vet your client if you can. Keep records of your correspondence with them, so if you need to, you can show it as evidence that you were acting on a legit job posting

.>>14295737
no problem anon. keep me posted on your progress and let me know if you need anything along the way. here's to hoping for more dubs

>>14295031
here's a scam for ya. convert those stinkies to VID and send em my way. I'll tell you my master plan myself.

I am raising an army of l337 4chinz ha0xx0rs to one day defend the earth from our future AI overl0rds. You can donate those links now or thank me later.

bumping a good thread

Hey OP, can you test this pen for me?

CHECK EM

>>14296511
kek and checkked

https://m.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g

Just want to mention Corey Schafer. Best channel on YouTube for beginners of Python.

>>14296734
Thanks anon. I'll add this to the General post.
>>14296349
Thanks for the bump. And the cat picture.

Should have mentioned this sooner, but I'll add it to the General post.

Darknet Diaries is a great podcast for anyone who enjoys podcasts and is interested in learning more about tech. In particular, episode 36 is about exactly what we have been discussing in this thread, and walks you through a typical professional penetration test.
https://darknetdiaries.com/episode/36/

Hey anon, thanks for making all this info available for everyone. You're a great guy

>>14292380
>>14291877
are you all in LINK fren? the train hasn't left yet. also i'm a junior in cybersecurity, do you have any tips for me? I've been using Kali and currently in my first class of cybersecurity reading Cybersecurity essentials by James Graham

>>14297672
Hey OP could you email the information you sent anons the other day? Thank you.

klairvoyance1@protonmail.com

>>14298064
I don't have a lot of LINK. I was actually debating buying some more. I do wish it was listed with coinbase though. Hopefully it will either get listed there or be on the new us exchange for binance in the future.

Given your current situation, I would recommend doing the Junior Penetration Tester cert from eLearnSecurity. If you find that to be no problem, then consider starting the OSCP. If you feel like you still need some more prep, you could do the next eLearnSecurity cert, the Penetration Testing Professional (PTP.)

Here's a link to get started:
https://www.elearnsecurity.com/certification/ejpt/

>>14298146
no problem anon. on the way

>>14298155
I'm also going to do an AWS cloud cert but thanks for the info, I'll look into getting that pentesting cert.

>>14298175
AWS cloud cert is a very high value cert. If you are into cloud, then you may just want to stay on that route, honestly. You will make just as much money as Senior Penetration Tester, from what I see on the job listings in my area.

But if you want to work remote or hack, then certainly check out those pentest certs. Either way you will do well.

>>14298155
Thanks man! Appreciate what you're doing.

>>14295954
>here's a scam for ya. convert those stinkies to VID
Yes that does sound like a scam.
Anyway, my offer stands.

Something an anon brought up to me in email that I had forgotten about (I will add this to General post for next thread):

https://overthewire.org/wargames/bandit/

Over the Wire is a wargames style method of learning linux. It's really cool and very useful for starting out with linux command line.

>>14291877
I lost everything. My country currency got fucked and the economy went bonkers. It's impossible to get a job for guys like me. I was surviving by making translations and copywriting for pennies online. Even if I wanted to work in a minimum wage job, there is no way I can do it because the mother of my son disappeared and left me with the little blessing, so I'm a full-time stay at home dad. I'm practically a teen, so this is actually a possible way out of this crappy situation, even if it takes me a couple of years of sleeping only a few hours at night, if I can give my son a decent future, I will owe you everything.

I'm writing this almost in tears. OSCP anon, you're the real MVP.

>>14299506
It may take some time. I think your goal of "a couple years" is within grasp though. No bullshit, I am sure if you have that much of a reason to do it, and you use that fuel for determination, you can complete training and obtain a great paying job within 2 years.

My email was listed on the 1st post, but here it is again. OSCPanon at protonmail . com

Keep in touch anon. I'm pulling for you and I'll assist with info as much as I can. You got this

>>14291877

Nice to see you're still lurking, I remember your thread a few days ago blowing up /biz/ like no other. This general is the passing of the torch of old /biz/ with /affiliate/, /dropship/, and /mushroomfarmers/ before it turned into 100% crypto.

>>14300045
thanks for the bump anon.

crypto is great. But my pentest gig pays the bills, and the extra helps me to invest in coins. I also just really enjoy hacking. It's the only job I didn't completely hate. I actually enjoy it.

>>14300188
So is it contracting or do you get a steady salary? And are certs really enough to land at least a low paying job without an actual degree?

>>14292233
I am moving this direction, into security. I've been building custom CRUD websites with php and asp.net for years. The people who audit my code get paid more than I do for breaking my sites with htaccess rules for rather academic vulns.

I have a sec+ test voucher but didn't take the test. I looked into oscp, but their website was absolute garbage. I probably should have signed up for oscp instead

>>14300807
Dedicated salary

>>14300940
If you have a voucher, you may as well cram and take the Sec+ . But yeah, the OSCP is the ticket to doing pentests and assessments. And you are correct, I certainly make more than the developers for the sites that I break into. I would agree that you should go Security. Your development background will make it that much easier, too.

>>14301026
Are you still mostly exploiting the same old vulnerabilities that have been around for the last few decades?
Namely,
SQL injection
XSS
XSFR
Directory traversal
Etc.
?

>>14301026
Oh did you recommend hackerone in your write up?

>>14301074
Usually yes. The OWASP top 10 is still mostly what I deal with: https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet

Penetration tests are time compressed. I am not doing 0day development on projects. I may work on that kind of stuff for a special project, but 99% of the people I work with never do exploit development. Just using what is known.

>>14301118
I did not recommend hackerone. Hackerone is a good sight, but it is not for n00bs. It is cool that you can make money finding vulns in well known websites, but it is not really a learning site. I will add that information in my write-up for how to monetize the skill. A few anons requested a write-up on monetization via email, so i will be putting that together for next weekend's General thread and posting then. I will be sure to add hackerone in there.

>>14301141
bless u anon

I have a Net+ and Sec+, what should I do next anons

>>14301171
If you are not already working, then get a job as a "Cyber Security Analyst" . Your certs work well for that job title and you can make good money. If you decide to add Comptia CASP , you can boost your income by 10k-20k easily with you current certs. CASP is not much more info that Sec+ but really boosts your value to employers.

Then go and study hacking, and get OSCP. With OSCP, you will double your Sec+ level income, instantly.

>>14301152
thank you anon. let me know if you have any questions and feel free to email me along the way

>>14298620
overthewire is fun as fuck, did a few of the sets a year or two ago

>>14301230
emailed you, I'll go back through the dead threads and ream em before bed

>>14301327
overthewire is great. I am definitely adding it to the guide and General post for next week. Don't know how I forgot about it.

This is the first RPG General thread, so there is not a ton in the dead threads, but check back each weekend, I'll be here. You can always email me, too. Thanks for the bumps

>>14291877
Thanks again Op. I'm getting my OS ready.

What are your 10/10 desktop specs for pentesting? I think you mentioned Threadripper CPUs earlier.

>>14301740
Yeah Threadripper has it on lock when it comes to multi-processing, which is important. When I am pentesting, I end up with a ton of different terminals open, running a bunch of different tools, all running as many threads as they can get. IMO, the best value right now is the Threadripper 2950x. It's on sale on amazon, too, last I checked.

Beyond that, I would say get 32GB ram, DDR4 if you can. A motherboard supporting both the ram and cpu probably run you $300. You can go to partpicker.com to check which motherboards are compatible with ram and cpu.

GPU is not really a big deal unless you are going to be doing a lot of password/hash cracking. (you shouldn't need to really.) Hash cracking uses GPU mainly, so it can be important for that. But really if you get into hardcore hash cracking, usually you just want to build out a GPU rig for just that. Don't worry about GPU too much for a main hacking system build.

I would then go M.2 or a real nice SSD for main drive, probably 500GB. I personally like to have an extra HDD internal as well, 1-2TB, but you can always use an external as well. This is good for storing your VMs, snapshots, and just backing up your whole system.

From there, use part picker to select parts compatible with those main components and you will be good to go. Don't skimp on the RAM.

>>14301740
sorry, pcpartpicker.com

>>14301875
Thanks, anon. You know your thread might get way more traffic on /g/. Biz is pretty much just a crypto board now, lol.

>>14302058
Fair point. I started it here because the topic came up here. I'll take a look at /g (haven't been there in a long time,) and maybe I'll cross-post it there next weekend when I run it again.

>>14301230
>>14291877
Im pretty good with Windows and Linux admin stuff, maintain and contribute to a couple projects, and know a bit about security, worked IT years ago. I'm thinking about getting these OSCP certs but I have a pretty lengthy criminal record from back in my drug days. Mostly possession and shoplifting type stuff and nothing computer or fraud related, but bad enough that I can't get approved for an apartment. Do you think id still have a chance getting a pentest job or working through a contractor with a record? Or just a waste of time. It seems like this field might ignore such things more than others

>>14302058
>>14302116
No stay on /biz/ pls

>>14302157
Oh I won't leave /biz/ . I am only considering adding a posting to /g/ as well. Unlikely though. /biz/ is my crowd.

>>14302130
Don't worry about your record. I got caught selling drugs in college, and not in small amounts. I have other issues with my record as well. I don't break the law anymore, but I used to be in and out of court all the time. You are correct, this industry ignores more stuff than most. I can't get a job at a gas station, but I can pentest banks all day. Odd world we live in. You will be fine.

>>14302252
nice, thx

>>14302058
>>14302116


I would stay away from /g/, it isn't what it used to be... This is the best board for people that want to make it. Once an autist here has a plan he will move mountains to complete it.

>>14291877
What the fuck was wrong with the 90s, look how retarded she looks

>>14291877
good bread anon

>>14302363

90's aesthetic is kino

watch the movie if you haven't it's a classic

>>14302363
I forgive you anon.

>>14302396
It is still one of my favorite hacker films. People hated on it when it released. I remember the AOL splash screen getting hacked and the ad for the movie being defaced (hilarious.) But it is actually really good. The part playing tape recordings to the pay phones to spit out coin? Classic phreaker.

>>14302396
>>14302548
She looks like that stupid stargate guy with the shit on his forehead

>>14302588
kek. my apologies if you thought this was a Stargate thread. I understood your frustration.

>>14302319
this

>>14302252
should I tell them or just say I don't have a record?

>>14302639
It's always best to be honest, anon.

Besides, any decent firm is going to do a normal background check. They will see it. If you don't disclose, then it seems worse when they find it. If they do not ask, I would not bother to bring it up. If they do ask, be honest.

>>14291877
Hey anon. Thank you so much for the material and opening our eyes to a new field. Could you mail me the information you sent other anons aswell ? Thanks

thehomie697@protonmail.com

>>14291877
You can see Angelian Jolie's boobs for 1 second in Hackers.

Also, buy Zuck Bucks.

http://zuckbucks.cash/

>>14302731
I got you, anon. Email sent.

I will also be updating the guide and General post, based on some interactions with anons. Be sure to check back in each weekend, as I will continue to update this info in the General first post.

>>14302786
kek at zuckbucks. I told anons to buy VIDT earlier in the thread. mfw I'm holding VIDT, LINK, and Ethereum Classic en masse.

Based posting. Am also in infosec.

>>14302855
Could I also get an email? Been neeting and need to figure a way out
omegamarck@protonmail.com

>>14302903
Sent. Update me on your progress, anon. We're all gonna make it.

>>14302855
Could you send it to me as well? I'm currently at helpdesk.

xzil@tuta.io

>>14291877
why...is this in /biz/ and not /g/

>>14302977
Business and Finance. This is my business, and this is how I finance my shitcoins. Nice dubs though.

>>14302957
sent! helpdesk is a good spot to be. You have something on your resume, so now you just need the right cert, and you made it. You got this anon.

Hey, OP, in what order would you say someone should start learning? Like, Linux, then Python, then start from the reading material, and begin OSCP after all that? Or are you suggesting doing all of this concurrently?

>>14303273
It is mostly placed in the order of operations. Learn linux. Learn python. Now it varies a little after that based on exp. If you have none, then I suggest doing vulnhub VMs, maybe some hackthebox, and then OSCP. Really though, learning linux, then python, then moving on to practicing pentesting; those are the most important steps, in that order.

>>14303319
Any chance you could send me the info as well? wingdiver@mail.com . I can’t thank you enough I’m stuck as Analyst unrelated to my degree and I hate both of them.

>>14303653
Sent!

If you are already working as an analyst, then this should be a great transition for you. Keep me updated on your progress, anon. And feel free to ask questions or ask for resources, each week here in /RPG/ or via email. I will help with info all I can!

>>14303319
If I already know linux and basic networking, any specific guides or PDFs you recommend before the pay by month oscp course/virtual labs?

>>14304219
Practice against vulnhub.com VMs. Download them and test against them. Join hackthebox.eu and try to break into all the easy to intermediate rated machines. Check the books listed in the PDF files I included as images at the top of this thread. Keep in touch and let me know when you start OSCP. I can send my bookmarks from when I took the course, and maybe provide some helpful insights.

>>14304316

Any good sites I can use to brush up on python / practice? I've only done c/c++ for a bit and want some practice with the syntax / structuring

>>14303319
You mentioned using PHP as well didn't you? Is that worth studying then?

>>14302855
Could I get an email as well? just a NEET that taught myself how to program in JavaScript years ago, mostly webdev.

>>14305133
>>14302855

whoops forgot email

treadcred@protonmail.com

>>14305142
>treadcred@protonmail.com
Forwarded for you.

>>14302855
Why ETC? Didn't they get 51% attacked and stop development last year?

Should I bother with CCNA or net+/sec+ certs before tackling the ocsp?

Thx to OSCPanon. Your guide is gonna be a big help, v information-dense.

I'm starting with the Zaid python hacking course. Figured my Dev experience will translate over and if I can build exploits I'll understand them better.

Then metasploit unleashed I think.

BUMP
Can I land a completely remote job living in a poor yurop country? I checked and the pay here seems to be around 15-30k

>>14304714
Learning basic PHP is sufficient, it will help you understand the basics of web hacking. However I wouldn't go deep on PHP, it's slowly dying and you can pick the knowledge up while doing vuln VMs and challenges
so yes, little bit PHP

I'd also suggest buying VIP access on hackthebox and doing the retired machines, they have pdf writeups and detailed walkthrough videos made by ippsec, example:
https://youtu.be/YRsfX6DW10E

VIP is like 35 GBP for a year so not very expensive and it's a great place to learn and advance your skills fast

rarddv@protonmail.com

If anyone can forward me the info.

>>14291877

I need another way into Python for God sake.. :(

I love this thread but I know most but not Python!
Please anyone have a good intro to it..been writing following guides but it never settles why is that now Im pissed when I see Python codes...

fren please help me out...I only have this last thing to learn and Im like 3 evictions sick of life into this not understanding shit python ... is it me????@KEK

All out of ideas....... :O

>>14305875
Everything has been posted in the thread

>>14305934
just learn python it's piss easy
these days it's literally the 1st shit they feed nocoders to get them into coding
forget everything you know about coding and simply start reading from the very start as if you never coded before.

I can't really comprehend what you're writing, if you never actually coded before, try coding in something else that'll appeal better to you, it's all transferable anyway.

Can ya'll forward me the emails?

Would be much appreciated :))
Thanks anon

bizbizbiz12@protonmail.com

>>14291887
>Get a premium account

>>14305545
>I'd also suggest buying VIP access on
>VIP is like 35 GBP for a year so not very expensive

So, why does biz being raided by hackthebox shills? Do you really need that bonus salary pajeets?

>>14306223

"it's all transferable anyway."

yeah I will try to start on something specific.

Thanks.

I imagine that OP is sleepity sleeping, but I just wanted to thank him for the thread.
Am probably not gonna follow this professionally to get the cert, but I will be learning it as a hobby. I have always had a fascination with hacking and even had linux for years despite never needing it.
I will follow the tutorial to learn how to hack into shit for fun.
Good threads, op.

>>14304316
Are you sure there are a lot of jobs out there? Most of the job search sites have 5 to 20 results for "remote penetration tester" etc with average pay and less than 100 for in-corp ones, asking for CS degrees and stuff. I don't see the demand, there are more positions for regular IT

Page 10 bump.

>>14302855
Could I also get an email?
rorardev@protonmail.com

>>14307036
Good question.
Bump.

>>14307036
I lol'd.

First, yes I am sure there are that many jobs. As I have said before, if you put OSCP on your Linkedin page, you will get more job offers sent your way than you can handle all the interviews for. Keep in mind that this is considered a specialized job, and recruiters and hiring managers don't want to deal with every wannabe hacker with no certs or competence. Most these jobs go un-posted and are filled by headhunters.

To that note, of course there are more "regular IT" jobs. Penetration testing is a specialization of IT, so that just makes sense. But "regular IT jobs" are lame and pay shit. Up to you, but the salary difference is 3x-4x higher for a specialization like this. If you don't care for hacking, go into literally anything cloud. Get VCP and amazon aws cert.

>>14306691
np anon.

>>14307975
At this point, everything has been posted here. If you want to get the main stuff, grab the 5/5 images at beginning of thread. I will add you to any future mailing lists though, in case you miss the next general thread.

Same goes for any other email requests. If you really want, I will send, but its all here. I'll add to email distro though.

>>14305934
I felt this way with python, dunno why, it never stuck. What did it for me was Zaid's python for ethical hacking course on udemy. Try that

>>14305278
wouldn't hurt. you could get a decent job and continue your quest.

>>14305324
good plan

>>14305390
If I lived in a poor country, I would absolutely go for something like pentesting or cloud. Seems your best bet.

>>14305487
agreed. This anon has good info. You only need basic PHP.

>>14305164
ETC is getting updates in September. I don't plan to Hold. I'll probably swing that one into other top 10s soon. It did just hit $1B market cap though and it's still not a bad buy. But yeah, I expect some other top 10s to perform better in the future.

>>14291877
you, sir, are a gentleman and a scholar.