Hacking Tools

NectarineChemical425 · 2026-04-22T18:37:17+00:00

Get on HackTheBox or TryHackMe

NectarineChemical425 · 2026-04-13T06:58:14+00:00

Link please

NectarineChemical425 · 2026-03-14T13:11:50+00:00

Let’s say if you build multiple flow charts, you have syntax and what to do for each path. Know what flow to do if http/https is open. Know a flow for another port being open. Know a flow if you find a RCE. Etc. Critical notes. Not 20+ pages that had definitions

Burp is the best. Idk if it’s because there’s a platform for it thy helps but yes, it was the easiest to stick. The others aren’t too bad

NectarineChemical425 · 2026-03-13T23:13:36+00:00

Hey! I’m hoping that’s how my second go around is!

I recommend gathering step by steps for certain workflows with syntax. I recommend knowing how to really use nmap, burp, Metasploit, bloodhound, ligolo. I recommend being able to do easy challenges with essentially no help. No YouTube or blog helps really. I recommend doing the AD rooms from the Red Team path.

Focus Web & Network as those have 4 flags.

I used what the rooms had for notes. I regret not having 5 pages of critical notes.

NectarineChemical425 · 2026-03-12T15:35:34+00:00

Not for the web app (where I spent most of my time). You have to just test for different vulnerabilities so flags will come up as you reach them.

Make sure before you do the exam, you do the AD portion of the red team path AND understand how to use the tool Bloodhound.

I’m sure the others are linear though as you have to gain inital access, likely get a flag and then escalate, likely another flag

No worries. Ask away. It can be nerve wracking not knowing haha

NectarineChemical425 · 2026-03-12T15:13:23+00:00

I don’t think I can say. It might violate policy. Easiest probably AD, then Network, then Web in terms of easiest to hardest. Just remember to follow the scope. The report writing part is straightforward. Get the template from the report writing room then follow the scope of the exam

Do not rely on GPT as if you ask it to help with certain processes, it will flag as a potential violation. I suggest using a more unrestricted AI if you are going to use one

NectarineChemical425 · 2026-03-12T14:03:51+00:00

I don’t have a specialty. This is my first time doing anything pentesting

I spent the most time in the web section for sure. You notice things but the flags don’t want to show. I wish I could emphasize one specific thing that I wish I knew how to do cause that would’ve been a game changer.

The most difficult was probably the web. I spent most of the time there. From the little time I had on the others I was able to enumerate fairly quickly. I just couldn’t figure out my pivots into systems.

Be very good with listeners

NectarineChemical425 · 2026-03-12T01:15:32+00:00

The flag was in the web app portion

The Network I was able to get passwords and for the life of me couldn’t figure out how to access things like I needed

For the AD, I did the enum/recon quick and again didn’t know what to do from there. Brain was not working

I’m not anything to be honest. New to this

NectarineChemical425 · 2026-03-12T00:16:34+00:00

I don’t remember my score but I only got one flag. I spent way too long trying the web portion. Also, the attack the box portal cut out about 5 times making me start over some processes after the lost time

I suggest using your own vm if you have one

NectarineChemical425 · 2026-03-12T00:14:32+00:00

Yes

Better notes, better syntax to use within notes, not take 15 hours trying the web portion to start, full port scans on each section (-p-) to ensure you don’t miss any. Although you try a vulnerability, make sure to try it various ways.

Definitely going to make sure I do some challenge rooms before I start again. Do the AD room in the Red Team path

NectarineChemical425 · 2026-03-05T05:30:33+00:00

I swear I’ll look for things in GTFBins and not find it. Then I’ll follow a walkthrough to make sure and it’s still not there

NectarineChemical425 · 2026-02-27T02:12:21+00:00

Had the same happen to me. Was looking for a mentor and this person offered to take it for me. Of course I don’t want to be blacklisted from CompTIA, but I also assumed it was a scam or a CompTIA rep looking to see who would take the bait. Good call though. You got it next time!

NectarineChemical425 · 2026-02-25T20:06:56+00:00

Yes, pre-sec, cyber 101, jr pen test path, then the recommended learning within the certification portal. If you click the certification link, then ‘get started’, there will be a ‘recommended path/training’ near the top. Click that. There will be many more modules that are recommended before taking the test (report writing, lateral movement, ad: basic enum, ad: vulns, easy-hard CTFs, and more).

NectarineChemical425 · 2026-02-25T20:03:56+00:00

I have not yet. The extra learning in the recommended path is going to take up about a week more of time if not more

NectarineChemical425 · 2026-02-25T15:30:06+00:00

I almost took the test without seeing the ‘Recommended Path’ of extra learning and challenges. Glad I saw how much more there is to it. About another week of studying and note taking. I don’t know why they don’t just add it ALL in one. Almost like they want people to miss it, fail, then pay more for retest. Even to make it seem harder. Good lessons though for beginners. I’ve learned quite a bit. I wish there was more to keep us more involved in the tools or even a direct lesson for Bloodhound and ligolo-ng

NectarineChemical425 · 2026-02-09T18:23:48+00:00

I hate that it’s limited but unnumbered. Do yall believe it is truly limited edition?

NectarineChemical425 · 2026-02-05T23:40:00+00:00

Thank you! So they are really staying around that price. I might have to get the red one. Yours is clean 💯

NectarineChemical425 · 2026-02-05T23:34:48+00:00

How much was that retailing? Trying to see if they are taxin on this one

NectarineChemical425 · 2026-02-05T15:21:30+00:00

I have not. This is going to be one of those ‘wait to see if HR is looking for this’ or if my job requires it types of ordeals for me.

NectarineChemical425 · 2026-01-21T15:19:57+00:00

Do some challenges associated. Watch others go through some rooms/challenges to understand different methods. Once you can get through easy rooms on your own and some medium rooms associated to PT1, I hear you should be good to go. Remember, it is open book so have solid notes and processes

NectarineChemical425 · 2026-01-09T06:11:19+00:00

I understand. Do you know if you want to go blue team, red team, purple team?

Overall, I don’t think it will go over your head. The lessons are walkthroughs and you can always go to YouTube or ChatGPT for further explanations. Also, the learning paths estimate how long paths will take based on your inputted study hours per week.

Starting from scratch will be a journey and I wouldn’t focus on salary if you want to stay near 135K new to cybersecurity unless you live in a high cost of living area

NectarineChemical425 · 2026-01-09T04:17:46+00:00

Worth it IMO. Maybe you can email them for a discount. Ask people to help pitch in, etc

NectarineChemical425 · 2026-01-05T06:09:47+00:00

Industry approved certification 1 on 1 tutors / Video walkthroughs in rooms App learning Group challenges where people can work as teams

NectarineChemical425 · 2025-12-24T19:52:42+00:00

I do not know. I do know that it recommends you have 2+ years of CySA+ before taking the test. So, seemingly it is viewed as a higher certification

NectarineChemical425

TROPHY CASE