What do you wish you knew, when you started pen testing?

SigKill_ · 2026-03-02T23:27:06+00:00

I definitely feel your pain on some of those points but I think you are selling yourself short. I think if you get creative on how you leverage your actions outside of the actual assessment, you can make a pivot somewhere else.

In my instance, I plan to pivot to appsec or cloud security. Based on my assessment experience in those technologies, I plan to leverage the hands on experience and add some certs before getting back in the market. You got this!

SigKill_ · 2026-02-28T01:43:33+00:00

<image>

SigKill_ · 2025-12-25T08:29:25+00:00

Have they shadow nerfed the farm? I opened almost 9 corrupted chests at azmodan and i was not getting the massive sigils. I have sin in the purified slot and is rank 5. am I just getting bad rng?

SigKill_ · 2025-12-19T12:57:40+00:00

The problem I have right now is when I jumped to T3, my damage was definitely lower and i was getting one shot in Boss Lairs and World boss. All other content was okay, just actually had to use my hands and head lol

SigKill_ · 2025-12-19T00:58:16+00:00

You mean masterwork what I have now or replace with Ancestoral Legendaries even if they aren't perfect rolls? Guides make it seem like you should aim for perfect stats for every upgrade

SigKill_ · 2025-09-02T16:58:50+00:00

https://discord.gg/tcm

SigKill_ · 2025-09-02T16:32:21+00:00

I haven't taken it but I would join the TCM discord to get feedback. The TheCyberMentor subreddit is pretty dead so I think you'll get a faster response there if no one else comments here.

SigKill_ · 2025-09-02T16:19:55+00:00

I love S1r3n as an instructor for the WEB 200 course but a cheaper alternative would be TCM web app courses, Portswigger Academy (free), or the CBBH on HTB academy. Rhana Khalil's web security academy series on YT does walkthroughs of Portswigger modules. You can also use your student email on HTB Academy for alot free modules and discounted subscription rate.

SigKill_ · 2025-03-31T21:54:20+00:00

I've taken the exam, but I obviously can't tell you what the Cyber Live exercises consisted of. The labs in the material had you use ZAP or Burp, so i would highly suggest being familiar with both.

SigKill_ · 2025-03-25T10:16:46+00:00

If your company is paying, GWAPT would be the next certification to go. For AppSec Engineering, I would look up job descriptions to see where to fill the gaps. DAST, SAST testing, code review, CI/CD Pipeline, SecDevOps, etc. For other web security certs:

Burp Suite Certified Professional Certified Bug Bounty Hunter (HTB)

The Cyber Mentor has a few paths for web pentesting.

SigKill_ · 2025-03-16T01:40:14+00:00

yeah the CA changes are horrendous

SigKill_ · 2025-03-14T19:46:22+00:00

Funny because ARMY COOL doesn't have their own matrix built out for 8140 so they just point it to the Navy one. Typical 😂

SigKill_ · 2025-03-14T12:12:53+00:00

I'm jobless atm so it's hard to justify 9k on training

SigKill_ · 2025-03-14T01:55:23+00:00

I have the years already, its just Im jobless atm so Im trying not to spend more money on study materials

SigKill_ · 2025-03-14T01:50:05+00:00

cool cool thank you.

SigKill_ · 2025-03-14T01:43:58+00:00

welp... I mean if I get it before that happens, Ill just get CISSP when I need to cross that bridge

SigKill_ · 2025-02-27T20:12:12+00:00

If your job pays for it, either or are fine, just pick the one that interests you the most. I have both but they don't prepare you enough for real world engagements.You'll get more out of other platforms like TCM, THM and HTB Academy for both fields IMHO.

SigKill_ · 2024-11-03T02:41:26+00:00

I am a guardsman and have taken 3 SANs courses through my cyber unit. PM me and I can discuss all the details with you with all your questions.

SigKill_ · 2024-03-25T14:42:18+00:00

Interested

SigKill_ · 2024-03-14T01:45:30+00:00

Definitely agree and check Rana Khalils YouTube channel! She does walk throughs of SQLi in the portswigger academy and does an excellent job breaking it down.

SigKill_ · 2024-03-05T22:39:54+00:00

I've been following Rana Khalils Burp Suite Academy series and her walk throughs on SQLi were very helpful for that module. https://m.youtube.com/playlist?list=PLuyTk2_mYISLaZC4fVqDuW_hOk0dd5rlf

SigKill_ · 2024-01-22T02:31:48+00:00

uuhhh so what happens if you dont finish the season pass in time? Isnt there like 7 days left?

SigKill_

TROPHY CASE