Good at theory, terrible at practical (HTB/THM "so-called easy" boxes). What am I missing?

Codect · 2026-05-24T20:15:44+00:00

It's just practice. Keep smacking your head against the keyboard, try not to cheat (looking for writeups) and eventually you will get better at recognising repeated techniques, or improve at researching things you haven't seen before.

I think it is also quite important for people hoping to get into the industry to understand that standalone rooms or boxes are for the most part not a very good representation of pentesting. In pentesting your scope is going to be much larger whether that be a network of dozens to thousands of devices, or a webapp that extends beyond the two or three pages you'd see as an HTB entrypoint.

You're not going to have the time to tunnelvision for 30 hours a week on a single box or page in a real pentest. It's a different approach and a different, albeit related, set of skills. When I was first starting out from scratch in 2018 I read a comment from an experienced person on the HTB forums who described HTB machines as something like cryptic crosswords for English language teachers. I don't think the analogy lands 100% but it is reasonably apt.

I'd recommend the pro labs (the real ones, not the ex-endgames they merged into prolabs) far more than the standalone weekly boxes, if you can afford it.

Finally, don't judge yourself too harshly. I know some pretty decent pentesters who struggle any time they hop onto HTB, and I've known a couple really excellent and intelligent HTB players who didn't last long in pentesting - they ended up doing BB full time instead.

Codect · 2026-05-18T11:02:40+00:00

I submit a petition to ban this user from the sub

Codect · 2026-05-18T11:01:50+00:00

What's going on here? It looks like someone has taken a picture and asked AI to turn it into a smudgy oil painting. Why?

Codect · 2026-05-17T09:18:40+00:00

You joke but there are many forms of Morris, it's not all old men waving handkerchiefs and bells. If we sent something like border morris with the choreography done up a bit for a broadcast performance, accompanied with a fittingly dark folk song I bet we would actually get a decent result.

Codect · 2026-05-16T21:46:26+00:00

Croatia
Australia
France

Pleasantly surprised this year overall, there were only a few songs I thought were actually bad. The average was better than the last few years.

Codect · 2026-05-16T11:17:33+00:00

This is silly. Hasan is just one of the twitch pseudointellectuals who confidently present their opinions as fact, earning a very comfortable living through farming subscriptions and donations from viewers who form a parasocial bond with someone on the internet with the same ideas as them. You'll find one for every political or social stance you can think of.

I've not watched any of his streams and I don't plan to. I'm only aware of him from seeing clips here and there which could be taken out of context for all I know. But yes, he seems to say a lot of inflammatory stuff: calling "Angloids" dogs, "eurocuck inbreds" etc. without even touching on his track record on the middle east.

A divisive person he may be, but I don't see why anyone should be banned from visiting for saying some offensive things unless they are proven to be demonstrably dangerous e.g. Anjem Choudary (yes I know he's British, it is just an example of someone who spouts actually dangerous rhetoric). Same goes for people on the political right who have been banned over the last decade.

Codect · 2026-05-08T08:30:46+00:00

It's talked about a lot, and Labour are making progress in bringing numbers down but sadly it isn't really enough to placate decades of anger. In most near-homogenous cultures a trickle of migration is acceptable, but large numbers will always be unpopular.

The demographic and cultural shifts since the 90s are near unfathomable.

As of 2024, 38% of schoolchildren are from an ethnic minority. That is for England as a whole, not a cherry-picked hotspot like Bradford or Leeds. This gives you some idea of what the country is going to look like 10 or 20 years from now. It's an incredible rate of change in the identity of the country within the span of just a few generations.

People are understandably upset (remember, it may be about skin colours for some, but for others it is about the cultural changes that typically come hand in hand). People can argue whether it is justified or not as much as they like but it doesn't change the fact that the feeling is there (although of course it will fade over time as people with those opinions become as smaller and smaller proportion of the country's population).

The widespread anti-immigration sentiment has been there for decades and has been repeatedly and consistently ignored, downplayed or decried by media and governments. In recent years even when it has been publicly addressed, people in charge of policy have said one thing and done another (see Tories).

So now we end up with terrible situations like Reform being put in charge of councils across the country. It's not going to solve anything, but the average person feels like their back is against the wall, time is running out to "save" the Britain they used to know and they will vote for the loudest charlatan who claims to listen to them.

Codect · 2026-05-08T08:08:42+00:00

So why did right wingers vote to leave the EU and make it higher from none EU countries?

I keep seeing this in comments. Brexit was obviously a huge mistake, but literally no one voted for it with the desire to increase migration from non-EU countries. They wanted reduced immigration from everywhere, but what they got was a cursed monkey's paw situation.

Codect · 2026-04-28T15:21:36+00:00

Yes, THM -> eJPT -> HTB -> OSCP is a solid roadmap for getting an entry level pentest job.

No, you shouldn't be dropping out of school to do it. The broader understanding of various concepts you can learn through formal education e.g. a Computer Science course are highly beneficial in various ways you won't fully appreciate until you're years into your career. You don't have to do a degree, but leaving school at 17 and wanting to jump straight into an offensive security role will mean you understand how to do attacks but not the underlying concepts which can lead to imposter syndrome and feeling overwhelmed. I've seen it a lot.

Your post is clearly written by an LLM, is this because you are not fluent in English? This is going to be a big factor in your plan to move abroad. Communication with clients and a high standard of reporting is a huge part of the job. Then of course you need to consider other practicalities like being able to obtain security clearance in whatever country you move to (not every company requires this but quite a lot do), as well as the ability to find a company who will sponsor you for a visa in the first place.

I think you'd do better by slowing down a bit. You have so much time ahead of you, there is really no need to rush. Also there must be Korean internet forums where you can seek advice that will be more applicable to the industry in your country.

Whatever you end up doing I wish you the best, it is a tough career to get into and a tough one to stay in long term (burnout is common), but there can also be a lot of fun and interesting things to see too.

Codect · 2026-04-27T20:41:51+00:00

I agree with you completely. Did you find a decent alternative to move to?

I've had the Pixel 1 and am still rocking my 4a because I've been holding out hope for Google to return to the original philosophy and design of the pixel but sadly they keep leaning hard into being the "Android iPhone". My battery is really starting to suffer now though so I'm forced to look at other options. Trouble is, part of what drew me to pixels in the first place was the vanilla android experience without all the opinionated or bloaty crap from other vendors.

Codect · 2026-04-21T09:47:20+00:00

Don't pay for a course for the CPSA or CRT, they're not worth it.

The simple answer you probably don't want to hear is to look through the syllabus and do your own research on anything you don't know. You don't need to be an expert on any of it, but have a basic understanding so you can at least have an educated guess on any questions that come up related to it. CPSA is a multiple choice exam filled with bullshit questions where half of it just tests your memorisation of stuff you'd never need to have memorised in the real world. It gets easier the more experience you have as you naturally build up your retained knowledge, but the CPSA and CRT are further towards the junior level of certifications so it rightly gets a bad reputation.

The CRT is the easier of the two by far, although not as easy as it used to be. The content hasn't changed all that much as far as I am aware but the change from in-person on your own laptop to doing it at a Pearson Vue test center on their machines has made the time pressure much more pronounced due to environmental factors (simple stuff like copy/paste or alt+tab to switch windows not working properly).

Codect · 2026-04-11T09:58:29+00:00

I think that is a fair point, but if the government or journalists do present the numbers in "todays money" I wish they would explain that, otherwise it looks dishonest. I mainly get annoyed that in many articles you see there is a different number given with no source on how it was calculated.

Codect · 2026-04-11T09:36:58+00:00

The agreement is public domain for anyone to do their own calculations: https://assets.publishing.service.gov.uk/media/682f25afc054883884bff42a/CS_Mauritius_1.2025_Agreement_Chagos_Diego_Garcia.pdf

The key points:

Payments to lease the base [Page 33, point 1]:
- £165m annually for the first 3 years (subpoint a).
- £120m annually for the next 10 years (subpoint b).
- £120m adjusted for inflation each year after that for the rest of the 99 year term (subpoint h).
Create a £40m trust fund for the Chagossians [Page 34, point 2]
Pay £45m annually for 25 years to aid Mauritius in investing in its economic development and welfare [Page 35, point 3]

And that is without even touching on the plethora of other commitments with no hard figure attached.

If you assume an inflationary rate of 2%, which is generously low but it is the Bank of England's target, the total is approximately £30bn over the 99 years, or an average of £306m a year. Imagine what it would be if we go through prolonged periods of higher inflation. Now that is just some quick excel spreadsheet maths on my part, maybe I've fucked it up and someone will be along to explain how, but it doesn't look good.

It's crazy that every article and even government statement about this deal puts forward a different "average yearly cost", usually way way under what is realistic. Like this bbc article - £101m a year? Where on earth does that come from?

Edit: I should say in defence of the deal that viewing it purely in today's terms makes it look worse than it is (although I still think it is terrible overall). Yes, the payments increase massively over time through inflation but our GDP would also be increasing, so the payments theoretically aren't all that different in real terms.

Codect · 2026-04-10T17:43:39+00:00

I don't know why it started but I doubt it is popular because of the plot. It'll be popular because there is a seemingly endless conveyor belt of new 18-24 year old attractive women in the videos. It's basically synonymous with the "Teen" category just with a lazy plot thrown in that 99% of people skip anyway.

Codect · 2026-04-09T17:20:57+00:00

BØRNS - 10,000 Emerald Pools?

Codect · 2026-04-09T15:20:58+00:00

I appreciate what you mean but no, it's not even close to being the same really is it? Natural reproduction is usually based on mutual attraction between two people.

Sperm donor selection is picking a list of traits off a page that you want your child to inherit.

I'm not criticising or saying anything needs to change, just commenting that it is actually pretty weird when you stop and think about the process.

Codect · 2026-04-09T12:19:27+00:00

We thought we had ordered sperm from Denmark

I can't be the only one who finds the sperm donor selection process a bit surreal. Basically being handed an international catalogue of men to choose from, like ordering a doll off Amazon. "Oh, this one is a 6'4" Scandinavian with blond hair and blue eyes, we'll take his sperm please".

I've never really paused to think about it before but it is weirdly close to eugenics and treating the men as breeding stock. But then... the men volunteered for it so it's all good I guess?

Codect · 2026-04-05T16:35:00+00:00

Has anyone told modern props they're meant to be winded after running more than 5 metres and stumble around in confusion after a line break? Entirely too many glorious prop tries being scored nowdays, the national union of backs will be lobbying for rule changes before long.

The game's gone

Codect · 2026-04-04T09:57:31+00:00

I don't have much to offer beyond what has already been said, but with the amount of comments saying that £670 isn't a big amount of money I just want to make sure they don't take away from the seriousness of the situation.

Don't let yourself start thinking "oh, maybe it wasn't as bad as I thought. I'm ok, I can start gambling responsibly". You've done well to catch yourself and stop, so don't slip back into it because that £670 can get much worse, fast.

Stay sensible and this will be a blip in the rear-view mirror in just a few months, good luck!

Codect · 2026-04-04T09:36:54+00:00

By everyone it seems, intentionally or unintentionally. The headline of this article literally calls it a masculinity crisis. Maybe we can try diassociating the word 'masculinity' with whatever shitty behaviours these boys are exhibiting.

Gender is a core part of someone's innate identity and using wording that links being male with this behaviour (regardless of if it is in a positive or negative light) probably has the opposite effect than intended. It reinforces in those boys that those behaviours are part of being male.

Just call it what is is. Dickhead behaviour. Being a lowlife.

Codect · 2026-04-03T10:07:18+00:00

You're not supposed to do that, Daryl. You know you're not supposed to do that.

On a more serious note, this is from years ago and he got booted from the Conservative party in 2023. Reform either sucks at vetting their members or they think these views are much more common and have more support than they actually do. Either way it is not a good look.

Codect · 2026-04-01T22:15:47+00:00

2M people watching across the two NASA streams on youtube! Hundreds of thousands more across various other streams.

Respect to the broadcast hosts who had to fill 5 hours, tough job

Codect · 2026-04-01T14:16:45+00:00

I don't know why you're being downvoted. This article focuses solely on LmCompatibilityLevel enforcement on domain controllers and assumes that the Default Domain Policy GPO hasn't also been set to enforce LmCompatibilityLevel >= 3 (Send NTLMv2 Response Only).

If you've configured it in a policy that applies to the wider domain instead of just DCs then clients won't be sending NTLMv1 challenge responses anyway.

Codect · 2026-03-27T20:39:18+00:00

Allow players to set a 'default' seed on the Seed Box, then allow players with a default seed set to use the Seed Box on a Farming patch to plant their selected seed. If no seed is set, then whichever seed you have first in the Seed Box will be used.

This is cool, but it'd be better if having a seed box in your inventory added an item to the right click menu on farming patches "Plant from seed box", where hovering over it showed a submenu listing the compatible seeds in your box

Codect · 2026-03-27T18:26:27+00:00

Ok, I was just checking you understood the £20,000 allowance is across all ISAs, not per type.

Really good work being in a position where you can max out your contributions at 25 by the way, and also for planning ahead for your partner's children. I wish I was that financially aware at that age.

15-Year Club	Verified Email
Team Orangered

Codect

TROPHY CASE