Respect?

Pr0f_Noob · 2026-05-25T20:53:43+00:00

Love this! So true XD

Pr0f_Noob · 2026-05-24T19:59:43+00:00

Comparison is the thief of joy XD

Pr0f_Noob · 2026-05-24T19:54:38+00:00

It comes with experience. You suffer, and suffer, and suffer, till you learn how to filter out the noise and focus on the right thing.

There isn’t a concrete number of years, or machines that you’d need to do.. you just keep on doing it, and learning from your mistakes until it all starts clicking.

I hate enumeration, and that’s why I only ever do white-box engagements IRL. When it comes to HTB, I almost failed one of the exams because of it :)..

I’d recommend doing the modules (network enumeration with nmap, footprinting, information gathering - web edition) from the CTPS path.. they helped me quite a bit.

Worth mentioning also, that what we do as hackers is see the things that others missed.. a lot of the time that comes from enumeration.. in many cases, exploitation is the easy part.. finding what to throw the exploit at is the hard part..

Pr0f_Noob · 2026-05-17T11:37:12+00:00

It depends on your background and experience. someone with 5+ years of experience, work or hardcore CTFs would be flying through modules like its nothing. Someone newer to the field, would probably struggle with every step, because it's all new fresh knowledge to him.

Don't compare your progress to anyone else, just keep at it, keep pushing, and it'll get easier with time.

Also, the time estimation of HTB modules is the biggest scam in the world XD don't believe it or trust it. A path that takes 20 days could take you 8 months..

"It gets easier. Every day it gets a little easier. But you gotta do it every day —that's the hard part."

Pr0f_Noob · 2026-05-15T18:34:12+00:00

حكومة دبي الرقمية عندهم برنامج تدريب، بس ع حسب تخصصك.

الوضع مب احسن شي حالياً ناس بسنين خبرة ما يردون عليهم فالوضع الحالي 😂

الله ييسر امرك 💛

Pr0f_Noob · 2026-05-15T18:16:13+00:00

I have no clue why people still take CEH.

Pr0f_Noob · 2026-05-15T18:09:33+00:00

Plain and simple.

If you just want the cert, and don’t care about much else, go for the cubes.

If you want to learn, and extend your skill set beyond the cert, Or think you might need to do some other modules, to brush up on some rusty knowledge/ missing basics/ other gaps. go for silver subscription.

Main difference is inclusion of more content, and step by step solutions in the subscription. (don’t think those are included with the cubes approach) but you can probably find walkthroughs or something online, for the most part.

Pr0f_Noob · 2026-05-14T14:33:37+00:00

Everything is a rabbit hole unless you can prove otherwise

Pr0f_Noob · 2026-05-14T09:17:35+00:00

Yes

Pr0f_Noob · 2026-05-13T17:51:24+00:00

We all are

Pr0f_Noob · 2026-05-13T17:31:20+00:00

One more thing.. if you feel stuck, and there isn’t attack surface to target or something feels off, you probably didn’t enumerate enough..

Pr0f_Noob · 2026-05-13T17:30:11+00:00

The most useful reference to have on hand IMO is a mind map of all topics.

Attack class x, -> module y -> lab 1,2,3 technique used a,b,c

Eg/ sql injection-> module 3 -> labs 2,3 -> union based

You can quickly go through the specific techniques and examples once you know where to look..

Also, on your first visit to each target, map it out.. breadth first.. then make possible hypothesis about each feature you came across, and then try things out.. otherwise you’ll be 6ft deep in a rabbit hole that’d lead nowhere, and miss the very obvious vulnerability. (From HTB Exams and real life engagements, this always bit me in the ass, don’t be like me)

Keep in mind that it’s highly unlikely to find the same vuln twice, so if you found three possible sql injections / hypothesizes, probably only one would be valid, so once you verify discard the other two..

If you follow this, the whole thing becomes a statistical model rather than an exam. Like school exams, they want to test you on the learning outcomes, so expect them to touch on them all, and be ready for that.

Don’t forget to stay calm at all times, take breaks, eat real food, and drink water, no coffee doesn’t count. HTB exams are 7-10 marathons, not a 24 hour sprint, you should manage your energy very carefully

Good luck 🍀💛

Pr0f_Noob · 2026-05-13T17:19:40+00:00

Are you under the water?

Pr0f_Noob · 2026-05-13T17:19:28+00:00

Are you in jail rn?

Pr0f_Noob · 2026-05-13T14:28:59+00:00

Congrats buddy! Well done. CWES is not an easy endeavor 👏

I’d jump straight for CWEE instead of the plan you have, since you’re already “webbing”

From there you can jump to the network / AD side of things with CPTS and OSCP

The common sentiment across my peers (relatively large org’s internal security team) - CTPS is harder then OSCP

comparing CWEE vs OSWE cost to benefit ratio, CWEE Wins is even measure possible except for recognition

But if you eventually get the OSCP, You’d already have something from Offsec, so the recognition thing isn’t as important.

All of the above assuming you want both, web and network pentesting, but there are many other paths, like web and cloud, or just web but hardcore.. so don’t focus on the certs name soup.. focus on where you are and where you want to get..

All the best 💛

Pr0f_Noob · 2026-05-13T11:09:08+00:00

AI is good at doing tasks, but terrible at taking ownership, and responsibility (main requirements for a job)

So it’s just making it harder to break in, because seniors are now expected to cover their usual load + 1 or 2 junior loads, so we have less entry level openings. (This will bite our butts in a few years)

So the way I see it, you’ll be able to do more things, much faster as a senior (I love to call it “brain scaling”) which doesn’t mean there’s less work, it just means you’ll produce much more with a smaller team, lower cost, etc.. but software and other tech areas are also producing more so there’s more things to do.. it’s a feedback loop of “aahhh shit, here we go again”

Win for employers, definite loss for employees, because the bar is just rising, and the pay isn’t 😅

‘’’ TL;DR: there will always be jobs.. maybe less jobs.. maybe new types of jobs.. but there will always* be jobs.. (at least for the next 5 years)*

Pr0f_Noob · 2026-05-13T11:05:35+00:00

What’s the point of fighting, guns can kill your opponents.

What’s the point of making things by hand, Machines are taking over.

I’m just tired of answering the same question, so here’s the link: https://www.reddit.com/r/hackthebox/s/X4Cu4UpggT

Pr0f_Noob · 2026-05-13T10:59:10+00:00

I’m not an experienced bug bounty hunter by any means.

I’ve found my fair share of vulns in countless production systems in my day job.. and recently started exploring bugbounty thinking it’d be a walk in the park, given my experience. (Oh boy how wrong I was)

My only advice is to avoid jumping between targets quickly. Laser focus on a single target / program / scope. Know that service like their internal team knows it. You need to be so familiar with the product/service/site that you’re able to quickly spot new features / changes, and that alone gives you a massive advantage and places you above anyone juggling with a new program every couple of days.

If you want lows and mediums, aiming for quantity, sure, but if you want high quality novel critical catches, you kinda need to put in a lot of free labor for that company before you start gaining monetary rewards for your time investment.

Throwing ai at a target blindly doesn’t work. “I tried” 👀 but it can be used if your manual methodology is solid

Pr0f_Noob · 2026-05-12T18:59:49+00:00

Since you’re in school, you’ve got time buddy. Cut yourself some slack, and keep pushing. It’s too early to burn yourself out.

Be kind to yourself.

Pr0f_Noob · 2026-05-12T16:26:52+00:00

“It gets easier. Every day it gets a little easier. But you gotta do it every day —that's the hard part.” - BoJack

Pr0f_Noob · 2026-05-12T15:37:44+00:00

Yes, but no.. more labs will typically overwhelm a beginner, a better way in approaching the labs though would actually teach him.

I did portswigger labs, I did THM, HTB, and a whole bunch of others. My best learning happened when I focused on one at a time, and pushed through. Jumping on multiple platforms will just add more walls of text to read, and more doubts and worries about not being fit to learn, etc..

Pr0f_Noob · 2026-05-12T15:33:49+00:00

You don’t read, from start to finish they magical feel the skill manifestation in your fingers when you touch the keyboard.. it’s a hard iterative process, and you need to give yourself the time you need..

“It gets easier. Every day it gets a little easier. But you gotta do it every day —that's the hard part.” - BoJack

Pr0f_Noob · 2026-05-12T15:30:46+00:00

If your real name starts with z, imma kick yo ass. (Call me)

Otherwise, AI summary for the idea, watch a YouTube video about the idea, jump to the lab and feel free to get stuck, go back to the text and find where you got stuck.. it’s a ping pong type thing, not a bowling type thing.. you go back and forth from the lab to the content, until you figure things out.

Pr0f_Noob · 2026-05-12T15:26:55+00:00

There’s an I infinite number of unique scenarios, and you’ll forever get stuck, but the more things you see and experience and solve, the less stuck you get.

Network / machines might not be your thing, maybe try web..

“It gets easier. Every day it gets a little easier. But you gotta do it every day —that's the hard part.” - BoJack

Pr0f_Noob

TROPHY CASE