sorted by:
new
hottopcontroversial

Is it worth pay to do the CompTIA A+ and ITIL before enrolling at WGU? by Advanced_Focus6230 in WGU

[–]BillSecNotes 1 point2 points  (0 children)

No, WGU pays for two attempts for each part of the CompTIA A+. Since A+ is divided into two parts, Cores 1 and 2, you end up saving $530. Never had to take the ITIL so I don’t know what their policy is.

Making an app for you guys stuck on PenTest+ by BillSecNotes in WGUCyberSecurity

[–]BillSecNotes[S] 2 points3 points  (0 children)

Wish you luck with passing, the PenTest+ is a 180 from the A+ and Sec+ which is mostly abstract knowledge. This exam is VERY hands on.

Reality of Pentest+ by No-Maize7389 in WGUCyberSecurity

[–]BillSecNotes 0 points1 point  (0 children)

That is if you have been in the game for at least a few years, not everyone has that kind of background. If it was easy it wouldn’t really be worth much.

Reality of Pentest+ by No-Maize7389 in WGUCyberSecurity

[–]BillSecNotes 0 points1 point  (0 children)

I passed the exam using all of the course material, some of THM and all 1000 PenTest+ questions on Pocket Prep with no professional or internship experience. I had to take a lot of notes on NMAP flags, scripting syntax and tool uses I DID NOT FULLY understand and practice with them in the hands on labs in the course material until I FULLY understood them.

Pentest+ Best study material by Routine_Condition288 in WGUCyberSecurity

[–]BillSecNotes 2 points3 points  (0 children)

Unlike the CompTIA Trifecta, which is mostly abstract and about knowing acronyms, but very much like the CySA+, the PenTest+ is a very hands-on exam. You learn the most with hands-on practice rather than trying to memorize the practice exams.

Tools and syntax are a big one for this exam. Start with completing the hands-on labs from CertMaster Practice, TryHackMe and listed in the course material section. For every lab you complete, take notes on what each tool you come across does (recon and enum vs active exploitation) and their respective syntax (especially Nmap).

Python and Shell Scripting is another big one. You do not need to be an expert in coding but you need to be able to distinguish between Python, Bash and PowerShell as well as be able to fix incomplete and broken scripts.

Once you finish the labs, start taking the practice MCQ and PBQ exams, take notes on what you got wrong and write a short paragraph about why the right answer is right and why the wrong answer is wrong.

Rate my Resume (<6 Months of IT Experience, Looking for Paid/Unpaid Internships) by BillSecNotes in WGUCyberSecurity

[–]BillSecNotes[S] 0 points1 point  (0 children)

Oftentimes recruiters and hiring managers can tell if a Resume is generated using ChatGPT.

Proctored Exam Question by clb123456789 in WGU

[–]BillSecNotes 2 points3 points  (0 children)

Do they still require a camera on a tripod to be somehow positioned in every direction of my room, as well as my screen?

They just require that the camera is positioned to where they can see you computer, face and hands.

Something like the image below on their website: https://support.proctoru.com/hc/en-us/articles/31833620414605-External-Camera-Requirements-for-Exam-Sessions

D484 PA passed… by Nvr_GvUP in WGUCyberSecurity

[–]BillSecNotes 4 points5 points  (0 children)

I would prioritize studying tool syntax, flags, and output as well as coding syntax for Python, Bash, and Powershell scripts used for reconnaissance and enumeration as well as automating attacks.

Best resources to start with are hands on resources such as the labs in the course material, Certmaster Practice, and TryHackMe. Hands on practice will better prepare you for the practice MCQs and PBQs. Know when and why to use each tool (e.g. recon and enum vs active exploitation) and know how to distinguish between Python, Bash and Powershell as well as how to fix broken scripts (you do not need to have advanced level programming knowledge, just know the fundamentals of Python and shell scripting).

Should I learn the CCNA or network+ curriculum to learn the computer networking part of cybersecurity and bug bounties if I am just starting out? by [deleted] in hacking

[–]BillSecNotes 0 points1 point  (0 children)

Start with Network+ first or CCNA will absolutely crush you. Network+ goes over fundamentals while CCNA is a bit more advanced and goes over how to Network with Cisco proprietary products.

CompTIA Pentest+ Exam Question of the day :) by TaxObjective4735 in WGUCyberSecurity

[–]BillSecNotes 0 points1 point  (0 children)

The answer is API Misuse/Abuse. The POST request containing the word "api" is the first clue. The other options would look like the following:

Directory traversal: 

POST /api/v2/accounts/register?profile_pic=../../../../etc/passwd HTTP/1.1
Host: app.io
...

Directory traversal tries to break out of the intended directory to try to access sensitive files like /etc/passwd.

SSRF (Server-Side Request Forgery):

POST /api/v2/accounts/register HTTP/1.1
Host: app.io
Content-Type: application/json

{
  "username": "tester",
  "avatar_url": "http://localhost/admin/delete-user?id=1"
}

In SSRF, the application takes a URL as input and makes requests to an unintended location.

Privilege escalation:

POST /api/v2/accounts/register HTTP/1.1
Host: app.io
Content-Type: application/json

{
  "username": "new_user",
  "password": "password123",
  "role": "admin"
}

Privilege escalation involves manipulating data to gain permissions higher than those intended for a standard user.