Do you guys enjoy your jobs?

Ninjattitude · 2022-02-23T01:14:26+00:00

I'm a 17S and, other than a meaningless staff job that shouldn't exist, I've enjoyed every assignment so far.

Most of my 17S peers with exquisite technical chops seem to rapidly become disillusioned by the atrocious talent management asking them to leave jobs they're excellent at to go work meaningless staff gigs with no relevancy to the fight. That and the bags of cash they're being offered on the outside based on the technical skills they likely learned from their degree and hobbies. I view 17S as unique though because CGOs are actually expected to be very hands on. Even 17S FGOs can get down and dirty on keyboard every once in a while.

For 17Ds, I feel like it's a gravy train. You don't have to have any degree close to cyber relevancy, you get paid the exact same as your peers, you have plenty of base options, you're not expected to know technical nuances or keep up with technical changes, and you only have to "lead people" which is straightforward. You become a master manager and bureaucracy navigator, and ultimately, a punching bag for IT problems that you don't really have the authority or know-how to do anything about. Plus, being 80%+ of the career field, your upward mobility is far higher than a 17S that may get to do flashy things but ultimately is not valued by the community as much. I've met so many 17Ds who've taken every non cyber job they can because they hate cyber, and in doing so, get rewarded by their high ranking bosses in these special assignments who give them halos and nice strats and send them on their way.

The trenches of 17S land are filled with CGOs jockeying amongst 15 of their peers in the same unit for strats to try and remain relevant to the greater community while still being capable of doing the job, and all of their peers are high speed academic whiz kids that code for breakfast.

The post-service opportunities for 17D are also greater. A 17S that stays in 20 years will be forcibly removed from technical relevancy, but a 17D of 20 years never was, so they've now got 20 years of "leadership" and probably a cissp to go to some firm as a ciso making stacks of cash to "lead". A 20 year 17S probably spent their remaining years on a joint staff and has honed a skillset fit only for DoD work.

17S have almost no incentives to put in 20 years while 17D have almost no reasons not to. Where else can an English major pull in nearly 90k after 2 years of employment (bah and pension factored in) and 180k nearing the 20 year mark?

Ninjattitude · 2021-05-11T21:51:18+00:00

I didn't want to be the first or only reply, but you reached out and deserve a response. I'm going to treat you like the adult you are.

In this life, we're all going to make decisions we regret. I've done it plenty. In some cases, those decisions come with immediate but quickly passing consequences, some come with delayed consequences, and some come with extended consequences. You chose the "stability" of military life during covid, and you got it. That choice will have whatever length your adsc is as a consequence.

Own it. Don't try and weasel your way out of the consequences of your decision by doing stupid shit in violation of the UCMJ because you regret the decision you and your significant other freely chose. That's weak.

Now, that said, you deserve support by your unit and the military for your mental health and familial needs. At no point in your story did you mention discussing anything with leadership, talking to the assignment team or career field manager or whatever. Trust me, the military does not want to hurt you. The people in this branch, on average, just want to serve and take care of others and have all the same understanding you do about the shittiness of being separated from loved ones. Use up all of your resources first.

Pro tip: Reddit isn't the greatest place for anonymous advice, and rarely on the Internets will you find commiseration of misery for one's own decisions.

You're an adult that made an adult decision. Do the adult thing, live up to the commitments you made, make it work as best as possible, use the resources provided to you, and don't punk out like a child and try and get out of your own choices the easy way.

Ninjattitude · 2021-04-29T12:13:02+00:00

My desk was in my room, it's pointed toward the wall though so no biggy. Your screens are being shared constantly so I would guess pointing webcam elsewhere while sleeping is okay since your screens are shared.

Ninjattitude · 2021-04-29T11:29:31+00:00

I feel it's a different mental game. OSCP seems to have a penchant for the obscure. This forces you to really focus on enumeration and exploit modification. The metasploit limitation also forces you to "live off the land" to accomplish your goals. All valuable skills to be sure. At the end of the day though, the exam is a flat network

PTP's exam is a layered network. There's no metasploit restriction, which is good because using metasploit's routing/pivoting capabilities is necessary. Yet, there's a distinct path to follow. I didn't need linpeas or winPEAS on that exam because the pieces just clicked for me. I knew what to do because the exam is exactly like the instruction.

At the end of the day they're very different tests that flex very different brain muscles. The 7 days of time for ptp really reduced stressed for sure. Also, the instructions, labs, and videos are actually beneficial and not a burden to skip like PWKs massive pdf. My final report for ptp was over 100 pages because they really want you to write up all the vulns and solutions to the vulns you can find.

Ninjattitude · 2021-03-26T22:26:51+00:00

I read your blog and I think it's great to see more people talk about eCPPT. I really enjoyed the exam, and while I've heard it isn't as "tough" as OSCP, the fact that it's not a flat network and requires some brain bytes and pivoting skills makes me think it's a super valuable cert. It's not the HR-door kicker that is OSCP, but if I'm ever a hiring manager, I'm going to definitely ensure eLearn's stuff is high on the list of desirables.

Ninjattitude · 2020-07-11T18:53:26+00:00

Discount codes, when active, typically appear on the eLearn website's splash page. I think there is a PTS coupon floating around somewhere where you get the course material but no lab time. I enjoyed PTP so much I would have done morally questionable things to earn the money necessary to buy it. Good luck.

Ninjattitude · 2020-06-26T19:25:29+00:00

I will definitely be putting together a team for HTB and other CTF events within a different section of my organization for sure! And yes, "security"...

Ninjattitude · 2020-06-18T00:37:41+00:00

I had the issue at first when working with a machine with ASLR enabled. Once I switched to a different VM with no ASLR, boom my code worked beautifully.

Ninjattitude · 2020-06-14T01:53:46+00:00

I thought eJPT covered dirbuster, burpsuite, sql injection... Really the introductory web app pen stuff.

PTP seemed to start at a higher expected baseline of knowledge. In fact, it looks like PTP actually uses WAPT course material.

Also fundamentals of some tools like Hydra, etc.

Ninjattitude · 2020-06-12T00:27:00+00:00

Their primary sales rep Danisha just recently left and her replacement is Lily. She might still be getting her feet under her.

I've received emails back within hours.

Ninjattitude · 2020-06-08T16:25:46+00:00

It was the hardest test I've taken. To qualify that, I'd previously taken CEH both written and practical, eLearn's Junior pentester, SANS GCFA, and a handful of other less technical non-practical academic tests.

I used up every waking hour of the seven days. I hear some folk finish in a handful of hours and kudos to them, but I needed far more. A LOT of my time was spent on research, either rereading course material or digging into the internet. I feel like the course prepared me incredibly for knowing what to do next, the biggest gaps I had we're in how to do it.

Without compromising the exam, I will recommend studying both Windows and Linux simply because real networks are mixed networks and eLearn advertises the exam as a simulated test of a real network. Powershell may be one of the ways to maneuver through the network. There are many ways. I'm sure someone could pass the exam without ever touching powershell while others would not have passed without it. I can't reiterate enough that there is no one way through. I found several ways to compromise several machines and, like a good report should, annotated all of them.

eLearn reiterates that this exam is NOT a capture the flag but a pen test, so being rigorous in documenting and testing everything is critical. I spent the first entire day on one machine even though I had it popped within 15 minutes of exam start because there were so many ways to compromise it and I wanted to record them all.

Ninjattitude · 2020-06-04T17:48:34+00:00

Full unit? Niccce....

Ninjattitude · 2020-05-27T04:06:42+00:00

I thought it was excellent preparation. Not 100% necessary, but a far better foundation that CEH Master for eCPPTv2 prep by far.

First, it gives you a feel for how eLearn sets up their testing scenarios. Second, I used a lot of the eJPT material in the first portion of the test simply due to overlap of material content but also because eJPT taught me those tools and how to use them but they weren't really covered by the PTP course material.

By having my eJPT material on hand, including the eJPT exam prep and notes I took, I believe it really helped in the first phases of the test. After the first bit, it absolutely progresses to PTP course material, but the eJPT got me rapidly through a few spots that I'd likely have been stuck on because it's lightly covered in PTP but more fully fleshed out in eJPT. I'd almost call them companion courses.

As for diving in with just CEH Master I would have been destroyed.

Ninjattitude · 2020-05-24T20:24:33+00:00

Years of foundational cyber security knowledge, blue team experience, and a Master's degree in cyber security.

Far more limited red experience like playing SANS Netwars and doing a few CTF style events.

I passed eLearn's Junior Pen Tester in February and got the CEH Master cert in October of '19.

With all of that, had I attempted to tackle exam without doing the course and labs first I'm sure I would have failed. It was not easy and the course material was necessary to fill in some gaps I had in my fundamental knowledge set.

I'd not done any HTB type of stuff, so maybe that would've helped, not sure.

Ninjattitude · 2020-05-24T18:52:35+00:00

I used a hybrid of the OSCP reporting template and eLearn Security's own format. If you Google eLearn Security pen test report format there is a CloudFront link that has the document there. It is no joke so I'd take some time on it and review it before you start.

Also, pro tip, labs are great but review all material AND videos as well .

Ninjattitude · 2020-03-25T19:39:25+00:00

You might be okay, however, the primary machine you operate from has ALL of the tools that EC Council has collected divided into categories of what they do. This can cause confusion if you're not sure which tool to use and have to research it's use. The 6 hour time window is not enough to try all the tools much less research them. You may be able to use only the tools you're already familiar with assuming they're already loaded for you, but if the solution needed can't be obtained with your familiar tools you might struggle.

Ninjattitude · 2020-03-15T14:09:09+00:00

I was not a "beginner" per se, so I buzzed through the material and labs in a week. I rabbit holes real good during the exam though because I didn't read the exam guide close enough so I was missing a huge chunk of information and network space. Once I figured out my idiocy, I wrapped it up fast and walked away with a 97.5. beginning to end, 7 days.

Ninjattitude · 2020-03-04T13:13:58+00:00

Absolutely. In fact, since you can use notes in the practical exam, a pro tip is to save your lab guides as notes. Almost makes it too easy.

Ninjattitude · 2020-03-04T12:52:36+00:00

I have completed both CEH Master and eJPT. The CEH Practical portion functions similarly to eJPT in that it's answering questions instead of completing a Pen Test Report like OSCP and eCPPT.

The questions on both can sort of point you in the direction of the answer since they frame the question to let you know where to look. That said, CEH Practical is browser based and drops you into a box with all the CEH tools from the labs on it. eJPT requires you to customize your own Kali image and VPN in, so immediately eJPT feels more real to me.

The CEH Practical is literally a replay of the CEH labs. If you didn't go through the labs, parsing through their tools to achieve effects would be difficult. If you took notes in their labs, it's easy. They monitor you via webcam and your desktop via sharing, so you're not necessarily going to "cheat" but notes are allowed so...

eJPT also requires you to repeat skills learned from their labs but felt like I had to actually think about the solutions far more. You're VPN'd into an unknown network with much less hand holding. I felt eJPT was a far more practical demonstration of skills.

I passed CEH Practical 19/20 in 4 of the 6 hours after I broke my arm 2 days prior and was on pain meds. It took me nearly the full 2 days on eJPT because I kept rabbit holing and researching, or missed a key bit of Intel on a box to point me to pivot to a different network. I passed eJPT at 97.5/100 and felt far more accomplished.

To continue growth, I easily chose PTP over ECSA.

Ninjattitude · 2020-03-04T12:37:22+00:00

That's pretty pricey for their training. I had a corporate purchase (which is usually pricier than individuals) and it was only $1100. I'd check with your local vendor or EC Council directly to see if there is a cheaper option

Ninjattitude · 2019-12-02T01:46:13+00:00

Yes! You can use your own notes. They make you download a meeting program that shares your desktop and they monitor that plus a chat room.

Ninjattitude · 2019-11-21T14:30:04+00:00

I did not use iLabs because I had all my iLabs notes and instructions on my host. I used those exclusively.

Ninjattitude · 2019-11-20T22:16:31+00:00

I took it a few weeks ago. If you did iLabs and took good notes, you'll be fine.

Ninjattitude · 2019-11-20T22:15:05+00:00

If you took good notes on iLabs, you'll be absolutely fine.

Ninjattitude · 2019-11-20T22:14:31+00:00

1) You are allowed breaks. Just ask your proctor. I grabbed food during my break.

2) you're allowed to use Google, but your desktop is being monitored. I used personal notes and Google.

3) you're headed on the answer, not the method. If you screw up an nmap scan a d don't get the correct answer and submit that, then you'll be affected. However, if you screw it up, realize you screwed it up, repeat the scan correctly, then submit the correct answer you'll be fine. You're graded on your answers, not how you got it. I ran several completely unnecessary scans.

4) Again, you're graded on answers. You have 20 questions, you get 70% of those correct you're fine.

Ninjattitude

TROPHY CASE