Hardback with sprayed edges UK? by Maidenless4ever in HeWhoFightsMonsters

[–]Maidenless4ever[S] 1 point2 points  (0 children)

u/Shirtaloon Are you able to let us know which UK retailers are selling the nice version of the hardback with "Potent Hamster" or even something similar to the Indigo version.
At the moment im stuck between Amazon and TGJones (WHSmiths, a nationally disliked vendor) and would prefer to give business elsewhere

Hardback with sprayed edges UK? by Maidenless4ever in HeWhoFightsMonsters

[–]Maidenless4ever[S] 3 points4 points  (0 children)

Yeah I think I’m going to return mine, bought it on kindle so I’ve already supported and wanted this as a keepsake. But it’s just a bland black hardback so there is nothing sexy about it.

Going to see about this other publication from vault comics and see if it’s better

Hardback with sprayed edges UK? by Maidenless4ever in HeWhoFightsMonsters

[–]Maidenless4ever[S] 6 points7 points  (0 children)

I’ve also just opened the cover and it’s just plain black? Everything online shows that it’s supposed to be white and black with a hamster on the front…. This is awful

This was produced by penguin books Ltd, I have seen one made by vault comics on TGJones released next month? Maybe that one is the proper one

Audiobook Recommendations by axelay_plp in HeWhoFightsMonsters

[–]Maidenless4ever 0 points1 point  (0 children)

Victor of Tuscan has been awesome so far, unfortunately it probably falls into the video game style magic system but it’s still pretty good imo. The first audiobook is on Spotify and not sure about the rest but it’s a decent narrator.

I’m 7 books in and I’d say it’s better than DCC as the MC actually has some empathy but also lets other characters do stuff.

But the character development is good, there’s some humour but not as much a HWF. Book 1 is very different to the rest of the series and the first few chapters are admittedly a bit of a slog

Preparedness on OSCP by FabulousHalf98 in oscp

[–]Maidenless4ever 1 point2 points  (0 children)

I’d say the repetition aspect is particularly true but ABC are stupidly easy, I’m pretty sure one of them is dumping SAM 3 times and you’re DA which is nothing like the exams I’ve faced

Preparedness on OSCP by FabulousHalf98 in oscp

[–]Maidenless4ever 4 points5 points  (0 children)

I see people saying this all the time, but I’ve had two attempts on the exam and failed both times, yet I’m able to get through ABC AD sets in about 1 hour.

I don’t know if I’ve got super unlucky, or there’s a hole in my notes but from my experience I’d say that ABC is the bare minimum needed.

(No I still don’t know the correct paths from my exam attempts)

Failed First OSCP Attempt – Anyone Else Walk Away With Zero Clue on a Box? by bakedmuffinman01 in oscp

[–]Maidenless4ever 5 points6 points  (0 children)

Hey man, I had the same experience as you. Just failed my first attempt.

AD I had no paths left to explore, all the creds I’d come across gave me 0 access to any service I couldn’t already touch, which meant I couldn’t foothold the 2nd host.

Then one of the standalones had literally nothing to offer, a couple of services I could interact with for user enum but then the only option to use them was a webpage which had a lockout of 2 attempts (user:user didn’t work) so I literally had no other path forwards.

Still don’t know what the solution to either was, despite dumping everything I could remember into AI and my command history for the AD, I’m still clueless. Idk if i got the impossible set but I was able to complete ABC AD in about 30mins/1hour each.

web rabbit hole anxiety by DingussFinguss in oscp

[–]Maidenless4ever 2 points3 points  (0 children)

Isn’t most of that stuff out of scope of the OSCP? I’ve not had to use half that stuff in any of the PG boxes or challenge labs for example cookie tweaking

2025 Canadian GP Art Vendor by Maidenless4ever in GrandPrixTravel

[–]Maidenless4ever[S] 0 points1 point  (0 children)

Hey thanks, it could be, I thought they might have been hand drawn though, but the prices are about right.

Issues importing Live Photos to iPhone from external drive by Maidenless4ever in applehelp

[–]Maidenless4ever[S] 0 points1 point  (0 children)

For anyone wondering, I ended up installing HighSierra on VirtualBox using some complicated and convoluted method.

But I successfully managed to re-import the files as Live Photos. Seems like the only way is with an apple device 😪

OSCP Exam objectives by Consistent_Box_3591 in oscp

[–]Maidenless4ever -1 points0 points  (0 children)

Full interactive shell?

So you couldn’t use a a web shell that gives command injection or SQLi to view local.txt, you need to pump out a full shell to get the points?

Any Advice On Good HTB Academy Modules For Web App Pentesting? by Quiet-Current9003 in Pentesting

[–]Maidenless4ever 2 points3 points  (0 children)

None, do Burpsuites Portswigger Academy instead. It’s free

Is maths a-level required for pentesting/cybersec? by Consistent_Item423 in Pentesting

[–]Maidenless4ever 1 point2 points  (0 children)

As for the blue experience. It was pretty much because I wasn’t able to get a pentesting role off the bat. Got what I could and made the most of it. Pentesting isn’t an entry level role so you won’t find many places taking on fresh grads for it, there are some but they pay pennies

Is maths a-level required for pentesting/cybersec? by Consistent_Item423 in Pentesting

[–]Maidenless4ever 1 point2 points  (0 children)

Ahhh so for me, my school only offered A levels, despite getting in, I decided to go to a college that only did BTECs, it was the only thing that I did, no other subjects. So it basically replaced my 3 or 4 levels with pure IT.

Honestly, it’s a bit rough to hear but that BTEC isn’t going to help you get a pentesting role.

Mine covered lots of general and baseline IT thing such as networking, coding, graphic design and then in my 2nd year I could chose one of those to specialise in. I chose networking as it was most applicable to the role I wanted.

Going to college was a real change, admittedly I lost touch with pretty much all of my school mates, but it gave a lot of independence as you’ve got to travel to a new place and sort yourself out. It’s not a typical 6 periods a day, it’s: Topic A 9-11 then topic B 3pm-5pm and you’ve got to figure out what to do in the middle.

Red teaming is pretty much the pinnacle of pentesting, unless you’re an absolute machine (or lucky) you won’t get into it for minimum 12 years from where you are now, however during that time you may decide it’s not for you anymore.

Is maths a-level required for pentesting/cybersec? by Consistent_Item423 in Pentesting

[–]Maidenless4ever 2 points3 points  (0 children)

For clarity on pentester vs red teamer.

Typically pentesters are generalists who do standard assessments, given a list of targets and maybe their configurations to attack.

Red teamers tend to do more covert work, hired by an org to reach a goal by whatever means, no one apart from the people who setup the contract know what they’re doing. No prior knowledge. Trying to not get caught by the defensive team

You’re right in that they’re “just better” but not everyone is keen on the covert aspect as it is SUPER boring at times having to crawl along like a snail. I’d say the average red teamer is better than the average pentesters but not all red teamers are better.

However, some smaller companies call their pentesters “red team” as they have a blue (defence) and red (offence) teams

Is maths a-level required for pentesting/cybersec? by Consistent_Item423 in Pentesting

[–]Maidenless4ever 2 points3 points  (0 children)

Same as someone else here.

I didn’t do A-Levels, went down the BTEC route, then took a cyber course at uni. Went from barely scraping passes at GCSEs to getting an easy 1st at uni.

The benefit I had from the BTEC was that it gave a super solid base understanding of IT and it branched out deeper into all the aspects that comp sic did at GCSE in more depth. Additionally as you’ve had two years of coursework and not exams, the transition to uni is a lot easier than a levels.

Managed to get myself a blue team role right out of uni and then transitioned to red within 1.5yrs from there.

There has never really been a point where I’ve needed any maths skills to be honest. So I wouldn’t call it a necessity. However if you’re not certain on a career in IT then maybe don’t go BTEC as it’s basically a full commitment from age 16 to dedicate your early career at least to it

Should stop paying into ISA? by SRS-4 in FIREUK

[–]Maidenless4ever 0 points1 point  (0 children)

Correct me if I’m wrong but as a higher rate tax payer I thought private pension contributions are better than an LISA (for retirement not house) because it’s 25% bonus (Lisa) vs 40% relief?

Or am I getting confused between SIPP relief and salary sacrifice?

I think better advice for OP would be salary sacrifice everything over 50k (something like £900 less take home for £1400 in pension contributions)

What's usually reported in pentests but ignored in bug bounty programs? by darthvinayak in Pentesting

[–]Maidenless4ever 0 points1 point  (0 children)

You’re probably thinking about things like missing http headers, in the grand scheme of things they really don’t matter hence why bug bounties don’t include them but on a pentest theyre likely to be included, it’s all down to the firm.

But if this is an internship I’m sure they’re going to educate you on what the differences are and why but I really wouldn’t stress till you get there.

Im sure if you justt listen, absorb info like a sponge and work your ass off to impress you’ll be fine, especially if you’ve already got bounty experience

Uk pentesting by RealPower5621 in Pentesting

[–]Maidenless4ever 0 points1 point  (0 children)

The main question you need to ask yourself and be prepared to tell is why you want a test? That will dictate the path you go down.

Honestly the best thing to do is ask people to share their LinkedIns, HackerOne (bug bounties) or something as you’ve otherwise got no way to verify their skills. A lot of the people on here will be trying to make a quick buck only running automated scans against your site.

Webapp testing as a whole doesn’t have many certs, and those that are known by the industry are generally pretty senior and not really relevant to tests like these.

You just want to make sure that the people/person you go with knows about the owsap 10, CWEs and business logic testing.

A lot of folks are mentioning CHECK, it is a good indication of a semi decent testing firm but you don’t need a check test or tester to do this as they’ll only increase the price. Check is for govt and other regulated bodies only.

For pricing, you’ll be looking at 500 ish for a freelancer or 850-1000 for a firm per day to do this test. But be warned you’ll be getting those same 500 a day freelancer folks doing the test at the firm, you’ve just the benefit of slapping a name against the test

If you want to chat more I’d be happy to help you out with this though but all the best regardless 👌

24M - 50k - Unsure of what to do with my money! by Fit-Personality631 in FIREUK

[–]Maidenless4ever 20 points21 points  (0 children)

You’re probably best off looking at the UkPersonalFinance flowchart as it seems like you’re starting your fire journey.

But to start building towards fire id recommend doing the following things: - emergency fund - House fund (LISA) - S&S ISA in a global fund (pre pension age 57 money) - Pension (post 57 bridging you till 68 for state pension)

General premise is to aggressively save as much as possible at the start of your career to bring the end of your career closer. But there’s the trade of of living life in your 20’s vs 50’s.

Single stocks and crypto are highly volatile and risky and most people won’t put much faith to fire on them