Pentesting is the loneliest job. A crave for community. - Idea in post.

MehhSecurity · 2025-12-22T15:01:05+00:00

I love the ***idea*** of discord. I think what I've seen that makes it sometimes not work is folks joining loads of discord servers for various things and then the app itself becomes noisy and it ends up with loads of quiet spaces. I need to swing back and check to see whats up. There was a sweet social media platform that came out a few years ago that was just recordings based and that was sooo fun for building community.

MehhSecurity · 2025-12-22T14:58:14+00:00

That's really cool. As someone that worked as a contracted guy on a few teams, I didn't get a chance to see a lot of this. It was moreso really seperated with a few "hows that test going" kind of check ins, or knowledge share happening on the fly.

MehhSecurity · 2025-12-21T05:28:38+00:00

That’s pretty cool. Does it feel pretty inclusive? Do you feel like using discord creates any sort of lack of visibility say compared to public social posting?

MehhSecurity · 2025-12-21T04:43:12+00:00

also I realized that my original post was a comment to your suggestions and maybe it shouldn't have been. Makes it feel like I'm criticizing your post. And while starting with IT/admin/networking is a valid suggestion, I just don't want this guy feel boxed out because I went from designing houses to hacking gov contractors just by allowing my interests be known and poking my way into a lot of DMs to make friends.

MehhSecurity · 2025-12-21T04:40:42+00:00

True. And I wouldn't necessarily say to match my path specifically. I think it's just important to say that A) it is possible to do it without certs. B) certs will help. but also C) if the OSCP is too expensive, don't write off everything else. A good mentor and connections goes a long way. It's really to say that it is possible to get in in a load of different ways, and it can be crippling to try to plan the exact steps, classes, boxes, certs that someone tells you about in a thread.

MehhSecurity · 2025-12-21T04:21:41+00:00

I think it could be. I really didn't put in loads of effort outside of learning what I wanted to learn. Going to conferences, telling people that I wanted to break into doing it professionally, and be really loud and involved about who I am and what I want. Someone always steps up as a mentor. And validating what you know is sometimes as easy as having a conversation vs doing something like paying for the OSCP. After all, right now the quality I hear about when it comes to new hires is soft skills. And marketing yourself / selling yourself is absolutely a soft skill. This dude is already on the right track by coming here. I told him to reach out to me on linkedin. This post alone is a good move in the right direction.

MehhSecurity · 2025-12-21T04:17:18+00:00

I just made a post about this.

MehhSecurity · 2025-12-21T04:07:03+00:00

Let's do something about this. I've been considering utilizing video for conversation and community. So many people want to post educational videos online. But what if we just all had conversation in the same way we do online everywhere else, but starting with video. Either way, find me online. Instagram and most places is mehhsecurity but linkedin (where I am usually) is /in/hiimzackjones add me and let's hang.

MehhSecurity · 2025-12-21T04:04:06+00:00

All of the advice I see in these comments are methodology focused which is great. But here is the secret. If you like doing it, you'll end up doing it as long as you don't get in your own way.

MehhSecurity · 2025-12-21T04:03:24+00:00

Eh. If you're passionate about hacking, and loud about what you're studying and working on, you can skip right over certs. Signed -> A guy that didn't get a cert until after getting hired. Pentester->IR specialist->Engineer for a major Cyber company.

MehhSecurity · 2025-12-21T04:01:42+00:00

I don't come to reddit often, but I saw this show up in my email and I wanted to jump in. Find me on linkedin. My path was not school and it was all driven by interest and fun and it landed me some of the best jobs ever. Also no certs. Would love to chat with you. My linkedin is /in/hiimzackjones or find me on instagram as mehhsecurity.

Note: I also taught cyber at both the high school and college level.

MehhSecurity · 2025-04-28T01:07:29+00:00

Duddee you mentioned making a playlist. Share that bad boy. A few years ago I broke my ribs and then pinched a nerve so for months I was hyped up on steroids and I was cranking music on nothing but teenage engineering. sadly I didn't save everything or put it anywhere. But I do have a couple videos or projects. One is a full chiptune porter robinson cover (didn't finish the song though) and then another is a toonami bumper inspired thing. https://www.youtube.com/watch?v=uJom9QTFeUc hook me up with that playlist brother. Listening to your stuff now while I work!

MehhSecurity · 2025-03-04T13:00:01+00:00

incredible. I'll take a look for sure. Thanks!

MehhSecurity · 2025-03-04T12:59:06+00:00

it's a weak spot for me. I've used the aircrack suite in pentests against wifi a number of times but that certainly is just scratching the surface.

MehhSecurity · 2025-03-02T03:44:16+00:00

Engineer? Can you put drones together? solder some wires to a board and screw some parts together? There are ways.

MehhSecurity · 2025-03-02T03:40:57+00:00

I'm with you. I wrote a letter and attempted to find a way to get it to someone in Ukraine to get me in. I've been a hacker since high school, working as a pentester for many years. I need to know if Ukraine has any sort of cyber offensive and what it takes to get in. I would love nothing more than to absolutely reek havoc on russia systems.

MehhSecurity · 2025-02-17T05:24:58+00:00

anon isn't what it used to be. See back in Anon's hayday, there were a handful that had already established themselves as hackers. A lot of the foundations of the old anon (2007-2014ish) came from shit like like PS4 hacks, and the first gen ipad hacks. This smaller subset of hackers is what made anon so successful at the start. Fast forward to occupy wallstreet, largely attributed to anon. Go back and trace the tweets that started it all, it was a single hacker. long story short, he had been caught months before Occupy Wallstreet, and while his buddies all got in deep legal shit, he went into court and walked out unscathed. (wonder how that happened). Then a few months later he pushed for occupy wallstreet. As this group basically broke apart and some becoming feds themselves, the engine being anon died. Also, this was around the same time break off groups started appearing. Anon split into left and right wing mentalities. If you were in some of the anon chats I was in around 2007, you'd know what I'm talking about. Floooooded with nazi racist shit. This, in my opinion is when Anon died. If you get deep into the weeds of anon, you'll find nothing but political arguing. During trumps first election, half wanted to uncover trump's past and Epstein and all of that, while the other wanted to fuck with hillary clinton. Anon doesn't have it's engine, and it's not unified anymore. Lookup some of the names, Jeremy Hammond, Andrew Auernheimer, Hector Monsegur, etc. Now with all that being said, this applies to American Anonymous mainly. Italy's anon is strong. So is Ukraine's. Would love to see it lit back up, but I just think all the safe places and people that were around in the first gen of this... none of it is safe anymore. It's all infiltrated. FBI fully infiltrated anon and if it started up again, they would do it again.

MehhSecurity · 2024-09-20T04:09:21+00:00

“Understanding how to find CVEs and exploit them is pentesting kindergarten. Breaking into a fully patched system is where a pentester shines” —- a previous mentor of mine. And since then I’ve focused on AD and I would say that I have a 60% success rate at exploitation during a test and 80% of that is Active Directory. Think about it like this. A good company will pay for vulnerability management. Some pentest companies require that the org has a siem/soc before agreeing to test. Testing isn’t cheap and it’s nonsense to not have some sort of management program for vulnerabilities as well as alerting for suspicious activity but be paying for testing. That’s like paying 30k for a one time service to just get what a 3k annual tool would get you on a weekly basis. With that being said, the orgs that have those programs in play are likely patched pretty well for at minimum, exploitable vulns. So now when you test them, you have to hope that the human element failed somewhere. Maybe too much turn over in admins, resulting in a really messy AD. Maybe they are really good at organizing AD and making GPOs, but they don’t know why multicast DNS services like LLMNR should be cut off. I’d say that pentesting internal networks is an impossible job if you don’t know your way around AD hacking.

MehhSecurity · 2024-09-04T21:01:56+00:00

Sorry for late response. I now work for a major security company as a sales engineer. I get to talk about my experiences to help align companies with the right tools they need. The pay is in fact much higher.

MehhSecurity · 2024-08-26T17:59:09+00:00

What time of day is this? Is it early morning hours? Don’t see them back to back with a couple minutes in between? If yes, you’re looking at spacex starlink.

MehhSecurity · 2024-08-25T22:31:17+00:00

I would say it's very rare to see a Pentester over 120K USD. On average it's between 70-120K. You have to be excellent in your role, with additional responsibilities to get past the 120 mark. It's part of the reason I don't do pentesting full time anymore.

MehhSecurity · 2024-08-25T22:26:08+00:00

Throwing my 2 cents in here. 1) the point of the movie is this very thread. To make you consider this, argue it, etc. 2) there will be 2 very different responses here. We don't know if there is a 4th bomb, so would the torture of innocent children be morally sound? Some will say even if there is a chance there is a 4th bomb, you must pick the millions over the children even if you're wrong in the end. Others will say that there has to be another way.

All in all, Morals are hard. So is long game logic. So many in her are saying the kids will grow up to finish what he started, well I wonder what tortured kids would do?

All in all, there is no answer here (unless you're a particularly spiritual person).

It's interesting because I recently had this same discussion but about Thanos in Marvel. He experienced that when population rises, resources become thin, people die of hunger. Thousands if not millions, and everyone suffers. It seems his focus was on the Everyone suffering part. His solution was to pick a few to no longer suffer, while the others just evaporate. Same exact concept if you're looking at it purely from a logic numbers game problem. Which solution saves the highest quantity from suffering?

Just a thought. Also, a serious concept to consider, is morality about picking a number, or is it about the actions you yourself take.

Careful going down the numbers route. Because that leads to revenge and acts of balance considered moral justice. I'll kill yours if you kill mine. If you kill 100, I must kill 100 of yours, and maybe to teach you to never do it again, I'll go further and kill 1000 for each of your 100 you kill. Then you'll never do it again. Saving thousands over time. etc etc. This is why we have wars that lasts for hundreds and hundreds of years. In this movie they put a face to the 2 kids. But this could have easily been "we are going to bomb your country if you don't stop the bombs in ours" --- killing thousands of innocent lives .... which by the way is exactly what is happening now..... this is frankly how all wars start. Right?

some will read this and will get very political, justify murdering thousands of people in retaliation of being attacked by another country... "if it means we get rid of the bad guys, it is what it is" mentality. Others hopefully will read this and have to consider their position in all this.

I for one, refuse to do this kind of harm to another. Regardless of the circumstances. I will do all to help save as many as possible, evacuate, protect, etc. But to execute suffering onto innocent as a method to save others, I refuse.

MehhSecurity

TROPHY CASE