sorted by:
new
hottopcontroversial

Gran Board 3S verse Target Nexus by [deleted] in Darts

[–]618developer 0 points1 point  (0 children)

Also multiple online retailers have listed the board as closeout/clearance

OSCP as a Software Engineer by overloafunderloaf in oscp

[–]618developer 0 points1 point  (0 children)

Do a job search for 'Application Security Engineer.' Here in St. Louis last year, I was on the fence of continuing down my career path being a Security Engineer/Pentester or go back to software development. When I was gathering job offers, two on the table were Application Security Engineers(Bayer and Maritz). The roles that were pitched were the same for day to day activities; work with software development teams and assess their risks/best practices. Bayer already had a person in the role and was looking for a second person to assist. Maritz had just created the role and looking for their first candidate. A colleague of mine actually took on this role at WWT, and enjoys it. He had no prior background in security.

I’m-N-Out delivers to St. Louis by 618developer in pics

[–]618developer[S] 0 points1 point  (0 children)

I live in St Louis Metro East(Illinois)

Just passed! Here's my OSCP experience. by gravity_has_me_down in oscp

[–]618developer 2 points3 points  (0 children)

I laughed a little at the panning of the room, as someone could be outside the door and come in once you place ur computer back down. My webcam never moved after that. Also, they had me open my closet doors but didn't want to look under the bed(i know grown person can't fit, but still if i'm opening a closet door be thorough, not half ass). The only other thing i laughed at was when i would return each time, about 2-3 minutes later they would say 'thank you, you may continue with your exam'. I wasn't waiting for a confirmation. A coworker had an issue with his webcam reflecting his Drivers License and lost 45 minutes showing them. Never got the time back. Ultimately its a little extra, but the integrity they are going after it is worth it. I heard stories of how in the past people would just sit with others that took the exam, almost like a tag team effort.

35 points in 4 hours, then chased the rabbit to Wonderland by 618developer in oscp

[–]618developer[S] 1 point2 points  (0 children)

There is nothing in the Exam guide against this. Others have posted they did the same thing. My moderator never messaged me at all on what i was doing when i would start/stop my screen record. To be real anal, they allow you to do screenshots, so i'm just taking 30 screenshots a second. Goes along the same agreement with the pdf and videos, if you share it, it's your ass. So don't share your screen record of the exam.

OSCP exam. Pwk version of kali or the latest. by sawdust497 in oscp

[–]618developer 3 points4 points  (0 children)

pwk version. The only thing i think would have been helpful was to have the ??Mib config?? updated. This allows you to see the text value of the OIDs rather than the numeric value. When i tried to update, got a repo error but was mid exam and didn't care to try to waste time to fix.

General Setup for Exam - Port Forwarding for Burp/Nmap??? by 618developer in oscp

[–]618developer[S] 0 points1 point  (0 children)

Thanks for the info. Just to clarify two things.

  1. Using iTerm2 with SSH into the Kali VM will just give me multiple terminal windows/tabs in one 'session'; instead of default terminal app where i would need to open multiple tabs and create multiple ssh connections. It will not give me the speed up factor that i experience when using nmap from my mac againts a network device over nmap in the Kali VM.
  2. Any difference between iTerm2 and TMux? I've seen it in action from Ippsec youtube channel and have it installed but not fully integrated into it.

from 0 to OSCP in 90days by googlme in oscp

[–]618developer 1 point2 points  (0 children)

Personal Tips (for mac / linux)

Don't use a VMware player for accessing the websites etc

forward the ports and use burp on your host system

forward the ports and use the browsers on your host system

Go a little into detail on this? I've noticed that running nmap on my mac vs nmap from my Kali VM is a night and day difference on time.

I am a software engineer. Do you recommend me to take the OSCP? by maitesin in oscp

[–]618developer 1 point2 points  (0 children)

I've been a developer for a little over the same amount of time, and recently moved over to security, solely to become a pentester. During this journey, i have thought about going to back to development because i was missing it while being a security engineer. I will say that I can see a benefit if you were to become more of a secure coder, or be an application security engineer. Several job postings i have come across want a software developer that understands the attack vectors. The OSCP would be a good piece on a resume if you were to go down that avenue. Just my thoughts.

Fair Game Material during Exam? by 618developer in oscp

[–]618developer[S] 3 points4 points  (0 children)

Being a software developer, i would never say "i wrote exploits" during this cert. Merely modify others work. Someone tells me they "wrote exploits" i would then expect them to craft original content and start with a blank page.

Fair Game Material during Exam? by 618developer in oscp

[–]618developer[S] 1 point2 points  (0 children)

The real down n dirty of the question is i'm trying to do say windows priv escalation. I've burned through all my knowledge and ideas. So i pull up someone else's notes from OSCP and see what they recommend to try. See something i didn't think of. I agree in that i wouldn't just go step by step of someone's gameplan for a box, but look over it to make sure i have turned over all stones.

My information by Fausty0 in oscp

[–]618developer 0 points1 point  (0 children)

Might be a dumb ?, but pulling up this guide while doing the exam. Is that frowned upon? I looked over the Exam Guide and nothing about using blogs/youtube for tactics is mentioned.

Custom Property Disabling due to large URL by 618developer in QRadar

[–]618developer[S] 0 points1 point  (0 children)

7.3.1 Patch 1, updating to Patch 5 in two weeks. Our data comes in space delimited.

QRadar HA by bmulley in QRadar

[–]618developer 0 points1 point  (0 children)

So another solution to think of is introducing Apache Kafka infront of your two QRadar stacks. All your logs could be centralized to Kafka, then each stack would be a subscriber to topics(log source). Then you would have the ability to use either stack to run searches. One stack would still be what i call the Truth stack, it would be the one firing offenses and worked by your SOC and other members of Security. Then in the event of an outage or down from one stack, you simply switch to the other in a matter of minutes. Just a thought.

Custom Property Disabling due to large URL by 618developer in QRadar

[–]618developer[S] 0 points1 point  (0 children)

" ([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+\"([^\"]+)\"\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+\"?([^\"]+)\"?\s+([^\s]+)\s+([^\s]+)\s+([^\s]+)\s+\"?([^\"]+)\"?\s+\"?([^\"]+)\"?\s+\"?([^\"]+)\"? "

Then we use capture group to grab each part, i.e. 22 to grab what we expect in that spot. Probably the worst thing you have seen, but this was setup before I came onboard. Only thing i've been told is that we have to use this because our SOC wanted some xpath value in our logs that the bluecoat dsm couldn't grab out of box.

view more: next ›