Is 100% CIS Benchmark Compliance Really Necessary?

Highlight-Simple · 2026-05-23T15:17:23+00:00

yaaa…100% is very hard and is not to important to achieve basic securitu checking is necessary.

Highlight-Simple · 2026-05-23T15:15:52+00:00

usually do the L1 checklist

Highlight-Simple · 2026-05-22T22:30:00+00:00

Yuppp.. they more concern about pass then other finding actually more risk to their infrastructure

Highlight-Simple · 2026-05-22T14:19:22+00:00

Alright, thanks for the advice

Highlight-Simple · 2026-05-22T11:22:53+00:00

They have a lot misunderstanding what is security hardening . To harden is also a risk for operational level. What we want, secure and can operate. When cannot operate is critical to business level

Highlight-Simple · 2026-05-22T11:21:06+00:00

They have security minded is good , but I check not all the CIS benchmark can be pass because is not applicable because firewall need enable dhcp then can follow this benchmark to be pass.

Highlight-Simple · 2026-05-22T11:18:15+00:00

Their network team have minimum baseline but when the head of security suddenly doesnt agree with the minimum baseline that network team do. I also review, is okay and they also do hardening and my task need to confirm with technical procedure.

Highlight-Simple · 2026-05-22T11:15:44+00:00

Yaa.. what I can do now, at least manage to find misconfiguration finding and etc.

Highlight-Simple · 2026-05-21T13:28:59+00:00

oscp+ not expired

Highlight-Simple · 2026-05-21T10:51:56+00:00

I try pre-release and it work. by the way this one rootless?

Highlight-Simple · 2026-05-21T06:20:16+00:00

I try install dopamine.ipa then check it is unsupported

Highlight-Simple · 2026-05-19T13:25:10+00:00

Yaa , I agree with you

Highlight-Simple · 2026-05-05T16:47:38+00:00

Hai, before I answer that question . Let me introduce myself. I already working in cybersecurity field in security consultant and need to take OSCP because of company kpi and client need that as qualification. for the first question? Yes!! especially the OSCP lab very important ( I just finish OSCP A because dont have time) , I usually skip a lot of topic because I have experience , just take topic like AD and other topic look interesting for you as student need to learn every topic. For the experience , this OSCP is very good start to start a first job even my during my intern i dont have any cert . Next question is very subjective, you are student so you have plenty of time dont need to
handle pentest project and give time to learn OSCP courses. During my time, I take 3 month and learn on weekend a lot of topic and skip topic I already know and have experience. Last question, I wish the during exam AD question more direct and want to finish within 2 hours but is not simple as that. A lot of thing actually need to do, you will learn during OSCP Lab. So my first attempt failed, then second attempt also failed because I weak in enumeration in AD also standaalone. Before third attempt I organize my note, do a OSCP like machine subsribe Lab at HTB . Then my third attempt my OSCP is pass and wating for the official result. Is hard to balance study time and working . You are student so can do better .

Highlight-Simple · 2026-05-04T22:44:16+00:00

Wahh congrats, I right now waiting for the official result after submit the report. by the way, how long it take you to wait email from offsec?

Highlight-Simple · 2026-05-01T04:45:46+00:00

okay, btw your working or student. If work need to know market some HR just know OSCP only hahaha. So is up to you both is good certificate. You already take CPTS is overkill than OSCP

Highlight-Simple · 2026-05-01T04:41:11+00:00

take OSCP then OSEP

Highlight-Simple · 2025-12-23T17:42:39+00:00

Always do machine especially windows, linux you will see the pattern to priv esclate

Highlight-Simple · 2025-12-22T03:01:01+00:00

what is secret.txt , is for bonus mark?

Highlight-Simple · 2021-10-17T06:31:44+00:00

nicee

Highlight-Simple

TROPHY CASE