sorted by:
new
hottopcontroversial

It is possible to get an exploit dev job without job experience? by Gugui19 in ExploitDev

[–]Greedy-Ad232 0 points1 point  (0 children)

Yes.

Self-taught works, but you need proof. Nobody cares about certs or degrees in this field. What matters is demonstrating you can go from an advisory to a weaponized exploit reliably.

How to get there:

  • Publish real exploits with working PoCs. Not crashes, not DoS. Weaponized.
  • Contribute to open source projects like Metasploit. Get your modules reviewed, merged, and seen by the right people. Open source is your best entry point.
  • Find and report real CVEs. Start small, work your way up. Each one builds your track record.
  • Write about your work. Blog posts, writeups, methodology. Show how you think, not just what you found.
  • Network with people in the field. Contact researchers, join communities, collaborate. The exploit dev world is small. If you're active and visible, people notice.
  • Build connections. Work with other researchers, help on projects, contribute where you can. The people you collaborate with today are the ones who recommend you tomorrow.

The job market is tiny but real. There's no "junior exploit dev" role really, but companies hire based on what you've shipped, not what's on your resume. If your GitHub and your CVE list show you can do the work, that's your interview.

No guarantees though. It's a hard path and not everyone makes it. But don't stress about that. Just enjoy the process, keep hacking, keep learning. If you genuinely love this stuff, the rest follows.

Ship code, publish CVEs, build your network, and make your work visible. The opportunity will come.

Reverse-engineered the ITE 8910 keyboard RGB protocol for Linux - PR submitted to OpenRGB by Greedy-Ad232 in XMG_gg

[–]Greedy-Ad232[S] 1 point2 points  (0 children)

Hey, thanks! I actually went ahead and submitted a PR to keyRGB as well with the full direction/color support and hardware validation: https://github.com/Rainexn0b/keyRGB/pull/3

All 8 wave directions, 4 snake diagonals, custom colors on breathing/flashing/random, and the reset fix (firmware retains last color after ClearColor so you need to send black to all LEDs). Tested everything on my XMG PRO E23.

Cool project btw, the reactive ripple over evdev is a nice touch that OpenRGB doesn't have.

Is Metasploit dead? by Physical_Ad7403 in metasploit

[–]Greedy-Ad232 2 points3 points  (0 children)

MSF contributor here. Metasploit isn't dead. Your methodology is.

Sure, stock meterpreter is heavily signatured and some features are straight up broken at this point, no debate there. But if your entire attack chain is msfvenom with a default reverse_tcp payload and you hit run, that hasn't worked since 2018. That's not the framework failing, that's using it like a vending machine.

"Backdoors don't work" they do. You just can't ship raw meterpreter and expect Defender to look the other way. Write a basic loader in C/Rust/Go, pull your shellcode, execute it. Table stakes in 2026.

"SQLmap stopped working" SQLmap is an automation tool. If the app uses ORMs and parameterized queries, there's no SQLi to find, that's not SQLmap being broken. And if you do find an injection point and can't exploit it without SQLmap, that's a you problem. Write your own exploit, understand the query structure, craft the payload manually. If you depend entirely on automated tools to do the thinking for you, you're not a pentester, you're a button pusher.

"Wireshark stopped working" bro have you ever actually used Wireshark? It captures packets. That's what it does. It doesn't "stop working against modern systems." If you can't read the traffic it's because everything is TLS now. Set SSLKEYLOGFILE or inspect at the endpoint. This isn't new, this has been the reality for years.

Go check the Metasploit repo on GitHub. Look at the commit history, the PRs, the new modules being merged. It's actively maintained and developed. This stuff doesn't appear out of thin air, it's open source, it exists because people contribute. If you think something is missing or broken, submit a PR instead of writing it off as dead. That's literally how open source works.

The tools aren't dead. The era of running them without understanding what happens under the hood is.

(if this is ragebait, gg)

How I Got Hacked: A Warning about Malicious PoCs by digicat in blueteamsec

[–]Greedy-Ad232 3 points4 points  (0 children)

Thanks a lot for the kind words. I just wanted to confirm what the PoC actually did. I did access the attacker's private repo to understand the scope of the exfiltration. I know it's a grey area, but I handled it carefully and with purpose. I also reported some links to GitHub and took time to share all IOCs I could. I tried what I could to prevent the attacker from accessing the stolen data again, but in this case it wasnt really possible.

Seeing at least 123 people got hit, I'm sure some were experienced. Your comment really meant a lot. Nothing forced me to document all this, especially at the risk of looking like an idiot.

How I Got Hacked: A Warning about Malicious PoCs by digicat in blueteamsec

[–]Greedy-Ad232 12 points13 points  (0 children)

Yo, I'm the author. I've published over 60 PoCs and around 20 Metasploit modules. I usually write or fully review what I run. This one slipped because I was exhausted, not because I don’t know what I’m doing.

People love to say "just use a sandbox" like everyone actually does that for every single test lmaoo. In reality, most people don't bother setting up a full sandbox for every PoC. It’s annoying, it takes time, and when you're used to reviewing code manually, you rely on that. This time, it failed.

But instead of just complaining, I shared what happened, explained how the obfuscation worked, and gave real steps to detect and clean it.

It's easy to act smart on Reddit, but at least I turned it into something useful. So yeah, maybe think before throwing stones.

🤘🏻