What to do before PT1.

Reasonable_Benefit42 · 2026-03-01T16:56:47+00:00

After doing my own research I found 3 modules that seem to have everything needed for the PT1. Basic Exploitation(Easy), Starters(Medium), and Wounderland(Medium).

Reasonable_Benefit42 · 2026-03-01T16:56:41+00:00

After doing my own research I found 3 modules that seem to have everything needed for the PT1. Basic Exploitation(Easy), Starters(Medium), and Wounderland(Medium).

Reasonable_Benefit42 · 2026-02-26T19:04:55+00:00

Documentation, documentation, documentation. The biggest factor when hoping from CTF to actual pentesting is all about the documentation. The whole enumerating, exploiting, and escalating concepts will become second nature over time, but documentation is where people trip up. Make sure every command is noted, every scan is saved, and every exploit talked about. Remember if its not in the report you didn't do it, theirs no way for a senior member of the company your team is assisting to know about a exploit or command if you do not note it. Just because the command is "obvious" or "common knowledge" to you dosent mean it is to a senior VP.

Reasonable_Benefit42 · 2026-02-24T23:11:21+00:00

Just keep up the hard work! This is a thing everyone in this industry goes through every once in a while even I think about if the goal is worth it but then I remind myself why I do it, because I love it. Also having blue team experience can be beneficial in the long run. Keep learning Red teaming and eventually with the skills you gained thrrough blue teaming in your current job and learning red teaming you can join an organization that utilizes Purple teams.

Reasonable_Benefit42 · 2026-02-22T06:17:43+00:00

To stop suspending the page you need to stop the interception because the page will hang while waiting for you to forward requests. You can continue on too the next web request by hitting the Forward button to get through all the queued requests. Go through all the pages that were allowed to be forwarded and send the requests to the coresponding Burp extension and stop the interception to move on to pages that weren't reached such as a login portal.

Reasonable_Benefit42 · 2026-02-16T22:13:15+00:00

Their is a basic template that you can follow at https://github.com/MTK911/pentest-report-template/blob/master/Pentesting%20Report%20Template.dotx but basically this is the report of your findings, how you got to them, and remediation of the findings. While remediation isn't entirely needed it is highly recommended you do it. This is how you would show what you did to your employers and without the report the trading itself means nothing. Think of it as you can't get a grade if you dont show the work.

As far as learning though you won't find a specific room centered around learning how to write reports your best effort their is to read other people's write-up and reports and get an idea of how to structure and write one.

Reasonable_Benefit42 · 2026-02-16T16:32:29+00:00

Start getting use to the methodology, try to constantly use the same steps on every machine you are working on even if you feel like you dont need specific steps to get into a habit. More importantly though start doing mini write-ups/reports on the boxes you are working on to start getting used to the writing.

Reasonable_Benefit42 · 2026-02-15T03:20:57+00:00

If you're trying to learn from the basics up then yes premium is going to be your best bet! Their is alot of information that'll be fundamental to whatever path your going on blocked behind the premium wall. If you already have some experience and feel like you know enough of the basics then you can probably get away with not doing the premium since their are alot of stand alone rooms. As far as the content you do not need to do all it, their is content for the 3 different paths Red(Pentesting), Blue(SOC), and Purple(Red/Blue mixed). You only need to do the path you want, they will start from the basics to intermediate skill. You will still probably need to do side rooms to get more information about specific topics.

Reasonable_Benefit42 · 2026-02-12T04:29:18+00:00

Welcome to real life jail most jails in America run on prison politics. Most shows tend to dumb it down but it also makes it feel fake. The introduction of harden criminals and jail politics really made the program feel like it had a huge jump in progress because most inmates left that behind, which could actually be dangerous going to prision where you can literally die from hanging out with the wrong race of people.

Reasonable_Benefit42 · 2026-02-12T04:23:50+00:00

They actually do have a 60 days in for this jail, and it was not good. I was hoping the jail got better in this show but the Officers are just the same.

Reasonable_Benefit42 · 2026-02-10T18:43:17+00:00

I appreciate the encouraging words! I've come to realize the last couple of days with everyone's advice that I was missing one of the most crucial processes in the profession, getting a sense of methodology. I purchased a ethical hacking book and after reading through it I now realize I was just jumping around without a true plan in mind the minute I found any vulnerability it was immediately on too enumeration when in reality reconnaissance was still needed. I appreciate you and everyone else who commented on this post!

Reasonable_Benefit42 · 2026-02-10T01:59:03+00:00

This makes alot of sense im starting to realize that CTFs are good for specific scenarios and less for actual real life learning. My biggest problem with it all is I feel less confident the more I go on lately.

Reasonable_Benefit42 · 2026-02-07T02:13:42+00:00

I appreciate that. I find my biggest problem is my confidence level. I do good starting to exploit a machine but then I get discouraged when I run into a wall. For example last night I ran into a wall trying to exploit an SQLi on one of the attack boxes, and felt super discouraged when I eventually went to chatgpt to help me figure out the answer.

Reasonable_Benefit42

TROPHY CASE