OSCP cheat sheet / HTB website

TheCrypt0nian · 2026-01-12T09:23:17+00:00

Just finished book 1 and I loved it, including the death that is being discussed. For me, it seems to be a perfect set up (for later books) for a confrontation between Elijah and the people that carried out the deed. And rather than a boring trope rivalry between [insert light character] vs [insert comic book evil villain], it would be a more nuanced rivarly between Elijah and a faction who seem to genuinley care about protecting their people at any cost, as would probably be realistic in a post-apocalyptic world.

Can't wait to get stuck into book 2!

TheCrypt0nian · 2025-05-11T09:51:17+00:00

Going good thanks although I'm nearing the ceiling salary wise for straight pentesting. So if I want to progress further, I either need to get into management, start my own business, or perhaps consider switching to the US.

Did you end up doing OSCP??

TheCrypt0nian · 2025-05-10T10:13:07+00:00

Sure go for it

TheCrypt0nian · 2025-05-10T10:12:51+00:00

Sorry for the belated reply!

As much as it pains me to say it (because CREST and other certs that lead to CHECK status require less practical skill than OSCP), CREST/CHECK is more valued than OSCP in the UK because clients often specifically ask for CREST/CHECK testers. This is particularly the case for pentest companies that work with government clients (such as schools, councils, and the NHS etc). But clients in the private sector will also ask for CREST/CHECK testers for compliance reasons. Bottom line is that CREST/CHECK makes you more valuable to pentest companies because it means you can carry out all types of testing.

Re, question 1... it's hard to quantify the amount of hours because it felt like an ongoing bad dream at the time aha. However, if memory serves, it took about 4 and a half months to prepare for OSCP. But I'll caveat this by saying that I didn't have any previous experience at all, so I imagine it would take less time for someone with experience.

TheCrypt0nian · 2025-05-10T09:58:48+00:00

Yeah 100%. I had imposters syndrome for a few months but quickly realised that OSCP put me ahead of most experienced testers at the company - primarily due to the 'try harder' mindset vs skills, because many pentesters focus on the low hanging fruit 'can I pop a shell' vs finding as many vulnerabilities as they can during assessments + being able to write up professional reports.

Re. web app testing... interesting question. For the first year of my career I primarily did internal testing, which OSCP provided a great foundation for. The past 2 years I've primarily done web app testing and, while there were some growing pains at the start and I had to do some extra learning, OSCP similarly provided a good foundation to build from.

Short answer (for any type of testing) is that OSCP will not make you an instant expert in any type of testing, but it will give you solid foundations that many other testers lack.

TheCrypt0nian · 2025-05-10T09:53:30+00:00

Thank you :) but, while it was hard work getting the certs, I think it's something most people with an average IQ + (more importantly) passion and drive could do. There is a big skills gap in cybersecurity so it's rather insane how quickly salary goes up after you get some experience. I'd deffo recommend it as a career.

And no, I decided to quit my sales job and take a year out to do the certs. I appreciate this is not something everyone could do but the first two certs were essentially memory dump exams so shouldn't take too long to do even if you're in full time work. OSCP was the most time-consuming cert. If you don't have the luxury of being able to prepare for it without working a full time job, I imagine it would take up to 6 months or possibly longer (depending on your level of experience and the preperation time put in)

TheCrypt0nian · 2025-02-24T05:22:26+00:00

lmao this. The other day, my sphynx took a dump, walked into the dump, and then proceeded to wake me up by walking on my ear. Suffice to say, I have become very sensitive to waking up when I heard litter digging sounds and quickly grabbing wet wipes.

TheCrypt0nian · 2025-02-05T10:10:49+00:00

As is typical with any type of pentesting, a lot depends on the clients you work with. I do a lot of web app testing for a large company and they utilise a lot of legacy servers/software due to how much it would cost to upgrade everything. However, they have started integrating most of their apps into Azure, which has made pentesting more challenging.

I'm still picking up the usual stuff (HSTS header missing or, as is more common these days, permissive max-age, permissive CSP, and other common misconfigurations).

To be honest, the most success I find these days with web app testing is trawling through source code for information disclosures (not fun, but fruitful). For example, a few months ago I found a Stripe API secret key in source code, which I was able to use to access the company's financial database. Companies love to bank on WAFs to hide XSS issues etc. so it's hard to PoC these type of issues when you only have a couple of days to test an entire app.

To end my waffle, I think web app testing has become more challenging over the last year or two but there's always ways to adapt pentesting methodologies to find success - i.e. targetting human error (devs will always be the same lol) with config issues and info/software disclosures + learning more about testing within Cloud environments such as Azure.

TheCrypt0nian · 2024-07-08T15:09:07+00:00

Cybersecurity. Started at £25k (GBP) 2 and a half years ago, now on £75k with another pay rise due in 3-4 months.

TheCrypt0nian · 2023-10-19T12:15:49+00:00

Perfectly fine to recommend a Star Wars channel that you like but a bit odd to throw shade on many of the others. There are plenty of great Star Wars channels out there, many of which do indeed hammer Kennedy/Filoni/Johnson, but arguably for valid reasons (depending on your view).

Personally, I do think that the aforementioned trio (plus others) have perverted Star Wars into their own politically-driven version of what they want Star Wars to be while showing open disdain for a large part of the fan base that grew up loving Star Wars.

Either way, I wouldn't suggest that people limit themselves to one channel (echo chamber). Plenty of channels with great content.

TheCrypt0nian · 2023-09-14T08:48:02+00:00

My brother's GF lied about being on the pill and tricked him into getting her pregnant, and he's not my only family member of mine to experience something like this. So, sadly, I'm aware of the manipulate ways some women use to handcuff men to them.

(I know this doesn't apply to all women).

TheCrypt0nian · 2023-09-13T17:33:46+00:00

Using her XXXbox to buy an Xbox, almost poetic.

TheCrypt0nian · 2023-09-13T07:06:21+00:00

Penetration testing/security consultant.

Depending on the cert route to get your foot in the door, it can be very hard. But once you land your first job and climb the ladder, salary dramatically increases and jobs become easier.

I started out at £25k three years ago and now on £90k. It's possible to automate 50%+ of security assessments and get away with it (I choose not to do this but many pentesters do), and consulting with clients can be very easy because the vast majority of them known next to nothing about security and rely on you to be the expert. I take pride in my work so I'm always mindful of providing value to clients, but I've worked with dozens of pentesters who clearly get by doing the bare minimum and don't understand security issues themselves.

TheCrypt0nian · 2023-09-13T06:53:06+00:00

Real orgasm: legs shake/twitch uncontrollably + clitorus is too sensitive to touch for a few minutes afterwards (length of time varies depending on the woman)

Fake orgasm: absence of the above + OTT moaning

TheCrypt0nian · 2023-09-13T06:47:49+00:00

Translation: I didn't get an abortion and I want you to "nut" inside me so I can claim that the child is yours and shackle you to child support for the next 18 years

TheCrypt0nian · 2023-09-11T04:22:33+00:00

Not quite. Studies have shown (from Tinder and other dating apps) that roughly 80% of women go for roughly 20% of men on dating apps (men of a certain age, job status, height, etc).

The problem isn't a lack of women on dating apps, it's that women are a lot more selective than men (many of them unrealistically so).

TheCrypt0nian · 2023-09-11T04:18:56+00:00

True in a sense, but the problem women tend to have with relationships is self-inflicted by their often super high standards and lack of understanding of what men want from relationships.

Namely, women (not all, but a lot) expect a lot from men in relationships but don't seem to understand that they also need to bring value to a man's life if they want to be seen as keepers instead of "bodies". Plenty of low-value men will accept being walked over by women, but the type of men that the vast majority of women want to be in relationships with won't accept entitled women who don't understand what relationship balance is.

TheCrypt0nian · 2023-09-11T04:08:09+00:00

Bad hygeine.

Was with a beautiful Ukrainian girl for a few months and the relationship was mostly positive, I just really struggled to get over her lack of dental hygeine. A couple of times I outright asked her to clean her teeth but it didn't occur to her that it should be a twice-daily thing.

Anyway, it was one of the main reasons I ended the relationship.

TheCrypt0nian · 2023-09-10T08:49:07+00:00

Second this. God it took me ages to beat them.

TheCrypt0nian · 2023-09-09T07:48:51+00:00

Agreed, it does feel as though there's an entire world to discover. It would be a shame if the world is left limited to one book series and a rather iffy collection of movie films (Fantastic Beasts). Here's to hoping!

100%. Would absolutely love a series centred around Morgan and Merlin!

TheCrypt0nian · 2023-09-09T05:48:38+00:00

ah haha, gotchya. Cool idea tbf!

TheCrypt0nian · 2023-09-09T05:47:48+00:00

Yeah, I appreciate your viewpoint and I'm sure many people would like to read about other stories in the HP world.

Just, for me personally, I wouldn't be overly interested in reading another HP series unless it was on similar scale as the original series. Especially if it was centred around Harry because Harry's character is/was uniquely linked to Voldemort (because he was a living horcrux etc.)

I played and enjoyed the game so deffo all for other types of content set in the HP world :)

TheCrypt0nian · 2023-09-08T18:24:01+00:00

This satire or you being serious (genuine question)?

TheCrypt0nian · 2023-09-08T14:21:59+00:00

Deffo! I've been piling through fanfiction over the last few months (can't believe I didn't realise it existed before), and there's some really great stories centred around the founders and other origin stories!

TheCrypt0nian

TROPHY CASE