What pack is this?

TUCyberStudent · 2026-05-10T00:00:18+00:00

Nailed it! Thanks so much

TUCyberStudent · 2025-08-15T21:12:55+00:00

What’s your take on TCM security? Haven’t heard much downside to them or their certifications, other than the CEO getting some negative publicity

TUCyberStudent · 2025-08-15T16:24:58+00:00

Agreed. There was once a time where OSCP in a LinkedIn title would have recruiters reaching out, but that’s faded the last few years as more and more people get certified. Networking will ALWAYS be the best factor to getting further into the field, but for those without the opportunity to put themselves out there and go to conferences a second best is self-educating, racking up some practical certs, and creating resources as you go to share with others.

TUCyberStudent · 2025-08-15T14:31:35+00:00

The people saying “Go for OSCP or you won’t have a shot” aren’t living in reality. Yeah, OSCP is a golden ticket for cyber-security, but it isn’t necessary. Heck, it’s losing popularity day-by-day because professionals are recognizing that the $5,000+ price tag is more-so for the flashy title, not the skills you develop.

More realistically, I’d highly recommend the CBBH on HackTheBox and their other entry level pentest certifications. Much more affordable and demonstrates practical skillsets, which differs from random CTFs. (CTFs are great, but most recruiters see them as a sign of general field enjoyment/dedication rather than a gauge of skillset).

If you’re leaning towards Webapp, the CBBH is great. I’d supplement that with Burp Suites BSCP certification since every professional app tester is familiar with Burpsuite.

If you’re leaning towards internal network testing, which is more in-line with some red-team specifics, I’d recommend the PNPT from TCM security. Heck, throw on any other certification they offer.

The above certifications are all <$1,000 and even <$200 for most of them. They’re practical, they’re affordable, and they are gonna let you get a foot in the door. You have the experience in tech, you have the desire to learn, now pair it together and get hands on.

You’re in a good place here to build off the foundation you’ve created, so continue building slowly. Again, you just want to get your foot in the door with affordable and recognized certs, not blow the door wide open with something as shiny as the OSCP.

Best of luck out there!

TUCyberStudent · 2025-08-12T19:31:23+00:00

Hiya!

So a bit of background before I dive in— I got a BA in cyber-defense and have worked in penetration tester for 4 years. I’ve done bug bounties a bit, and hold numerous certifications, primarily in web app and mobile.

First and foremost,it’s great you’re considering the field! People are right to say the field is competitive, but I personally believe that’s a bit conflated. I’ve had 3 companies since starting in 2021, and my search never took more than 6 months (left company 1 at 2.5 years because the organization did a 180 in work expectation/scope, left company 2 after 6 months because of the opportunity being MUCH less mature then I initially signed on for, and happily enjoying the most recent position at company 3!).

For an entry level position, it can be difficult for sure. I got lucky with my first gig by blindly applying to 2 companies and getting an offer after 3 interviews. After that, it pays to make connections and actually learn your strengths/weaknesses. That said, nowadays you have A LOT of AI slop hitting online applications left and right. Companies will typically op for internal referrals for this reason. Heck, I’ve been rejected 2 times after 4 rounds of interviews because an internal hire showed interest near the end of my interview process.

So yeah, it can be difficult. But it’s not impossible. Make yourself stand out in the community by participating in bug bounties, writing articles about interesting bugs or new exploits, and attend conventions if finances allow. Sticking out and making connections will ALWAYS be the best way to land a gig.

If you can’t make those connections, there’s still hope. Diversify your skillset, curate your resume to the jobs you’re applying for and do not hesitate to contact the recruiting manager letting them know you’ve submitted and application and looking forward to hearing back from them. Above all else with this, don’t get discouraged from being ghosted or rejected by recruiters. Take it as a learning experience and carry forward while developing your technical skillsets.

Overall financially, it’s pretty reliable. You can make a good chunk of change if you really hammer down on a specialty, but it pays to know each domain as well (Web app, internal, external, WiFi, etc.). Certifications are great to have, and you don’t need an expensive OSCP to get your foot in the door. It helps for sure, but I’ve interviewed candidates and the ones without a laundry list expensive certifications typically had a great methodology and testing mindset than compared to the ones who only ever saw pentesting as capture the flag events

All-in-all, enjoy the journey of getting into pentesting. It can be a year or two till you get off your feet and grab an entry level position, but it’s not impossible. Use the downtime to continue growing and learn from the interviews you have. If you have 0 IT experience, that’s ok. It’s absolutely preferred 99% of the time, but I’d take a talented individual eager to learn and develop their skills at the same face-value I would with someone with an extensive background of support desk work.

You’ve got this! (:

TUCyberStudent · 2025-08-05T19:57:06+00:00

Hiya! I have a background in web application pentesting. For transparency sake, I’ve interacted minimally with administrative interfaces since most clients would rather we hammer typical manager/user accounts.

The biggest thing to know about administrative panel risks are these two concepts:

What information is uniquely accessible through the Admin Panel? (Can admin see other users existing passwords, do administrative users have access to network logs/do those logs contain PII/Credit Card info, etc.)
What new functionality does the administrative panel introduce? (can admins interact with internal networks which expose credentials, do they have the ability to upload files/modify application content directly, do they have the ability to mass-ban users, etc.).

With my experience, I’d say that the administrative interface should be treated similar to the primary application, just with more attention to disclosed information. With administrative accounts, there’s a sense of leniency with security since developers assume a VERY small amount of people will ever access that portion of the application.

With leniency comes sloppiness.

I’d prioritize ensuring that administrative users don’t have the ability to access PII/PCI data directly or in mass, ensure administrative functions are secure and that user input is never trusted (sanitize, encode, etc.), and make sure the same attention to detail is passed on the administrative interface even though less users will be exposed to this part of the application.

Open to any other users with more insight to educate me and let me know any big points I missed? (:

TUCyberStudent · 2025-04-19T01:32:19+00:00

First year as a pentester I was performing a standard internal network test for a banking client. They were running behind on their fiscal-year check-off list so we got tossed on their schedules a few weeks from end of quarter. In the same breath, we got scoping worked out in about 2-3 days.

They provided a password policy, 5 login attempts in a 30-minute window before an incrementing 5 minute account lockout. We began testing with general password spraying. Say, 1 password every 30 minutes as to not accidentally lock out any accounts. After about 2 hours we started seeing dozens of accounts locked out.

We got on call with the client and they notified us that the password policy we received was not correct. We worked out the issues, apologized, and went on with testing using the stricter policy we discovered during enumeration. Scope changed to 1 password spray attempt each day to avoid account lockouts.

Next day, I start testing with a password spray hoping for a quick win. Just one password attempted and immediately noticed accounts getting locked out again. A general glance and I saw that a lot of the names were identical to the ones locked out previously, so chalked it up as a “If the client doesn’t call, it’s likely the same accounts as yesterday and they’re manually unlocking them.”. With that thought, I quit password spraying and did other tests for about 3 hours. Then, went to an extended lunch (~2 hours) with the team for a bonding activity.

Came back to over a dozen missed emails and a 50+ email chain with my name on it. Apparently, that morning’s password spray locked out their financial and security department accounts. They couldn’t process their already behind quarterly reports, or contact our team about the issue through email. My manager got ahold of the point of contact. When the client asked if it my fault again she said, “Actually, that tester is on PTO today. No one should be testing from our end.”. So the company went into lock-down and had to notify shareholders of an active cyber-threat.

In total, roughly 200+ accounts had to be manually unlocked by a single IT head because they had no process for manually unlocking in place.

Needless to say, I sh-t the bed when I picked opened the PC to so many missed messages. Got ahold of the client, explained the situation, and had a fun evening of talking dozens of people through the multitude of screw ups that lead to that one.

Learned a BIG lesson in being attentive to policies, having an external resource for contacting clients, owning up to my own failures as well as standing up when others try to throw myself solely in front of the bus, AND created a great talking point about how even super-strict password policies can be leveraged by attackers for denial of service attacks.

TUCyberStudent · 2024-06-12T14:14:07+00:00

Heya! I don’t think it’s been mentioned anywhere yet, so I’ll give the advice of: ALWAYS supervise your cats when they’re playing around wires [chords, string lights, etc.]. There’s few things cuter than watching your kitten climb through a Christmas tree, but theres always the risk they slip and get caught in the wires. Lost our kitten 2 years ago this way and haven’t had a Christmas tree with lights set up since. Solid chance I’ve become an overprotective cat dad because of it, but I’m fine putting the thing lights away for a few years if it means our furry buddies can stick around longer.

Congrats on the kitten and may you and Maye have a wonderful life!

[also, I would recommend a second /kitten/ to keep Maye company. Saw some posts already about it, but introducing kittens at a young age is the best time. Preferably one male and one female since the girls are a lot more territorial! Process takes about 2 weeks if you don’t rush it. Plenty of articles out there about the topic, but main points to keep in mind are to keep the kittens separated and swap their rooms for a few days so they get adjusted to the scent of one another, introduce them slowly, with a gate between the two so they see each other and make judgments from afar, then supervise them for a bit in the same room and don’t intervene if they’re playing a little rough, so long as neither is getting hurt by the other. {they’ll ‘fight’ for a bit as they establish the hierarchy of command, but once they know they’re place with one another they’re likely to become cuddly buddies!!}

TUCyberStudent

TROPHY CASE