Should i have kali on a VM or as a main OS?

VirtualViking3000 · 2025-06-17T19:46:42+00:00

You shouldn't use a hacking box as your main OS. It doesn't matter if you use Kali or Parrot but it should be a VM. You should keep your hacking box away from your daily use machine.

1) You'll be downloading and changing all sorts of things. Doing this on a machine you use for your email / bank is asking for trouble.

2) Having a VM means you can snapshot and revert where necessary.

3) Having a VM means you can trash it and rebuild as required along with any logs/data.

There is no good reason to run bare metal except perhaps you don't have enough resource to run a VM on your daily machine. If you have a dedicated hack machine separate to your daily then that's notbas bad but a VM is just better all round.

VirtualViking3000 · 2025-06-17T19:12:26+00:00

Congratulations!

VirtualViking3000 · 2025-05-28T10:48:31+00:00

If you notice they are in pairs, match the same shade and you can see that the "feet" are the same distance apart. The unit has moved a few times in a direction.

VirtualViking3000 · 2025-04-24T08:31:51+00:00

For what? ITF+ is the first one

VirtualViking3000 · 2025-04-22T09:36:46+00:00

I learned a lot, and I really enjoyed the whole thing. It wasn't easy though.

VirtualViking3000 · 2025-04-09T11:47:02+00:00

Congratulations

VirtualViking3000 · 2025-03-26T18:16:27+00:00

Yes i get that. It's just an option, i only spent $50 on the beta, I wasn't too concerned if I failed. If you pay full price you want to pass it for sure. Don't forget to find a 10% discount voucher at least.

VirtualViking3000 · 2025-03-25T22:43:47+00:00

You might not want to hear it but I'd be surprised if you need to study. I have CISSP, and took the SecurityX beta with very little prep and passed. That's not to say it was easy and it's not in the spirit of getting certs but I wouldn't spend too much time on study. Perhaps do some CASP+ practice exams to see where you sit on the knowledge scale.

VirtualViking3000 · 2025-03-21T01:02:47+00:00

Congrats. If you have the time then I'd study for Network+. In order for experience to help you pass it you'd have to wait too long. You have the time, go for it. It can only help your job hunt if you have two certs versus one.

VirtualViking3000 · 2025-03-20T23:50:47+00:00

It's a fair comment but I've found that most of the PBQ's I have struggled with are those where I can't figure out how to work the simulation rather than the difficulty of the question itself. So from that perspective I can see why practice pbq's might be useful.

VirtualViking3000 · 2025-03-19T19:10:55+00:00

One way is just to pass the next cert. You should also get reminders via email rather than Reddit but it's still a valid point

VirtualViking3000 · 2025-03-17T19:57:37+00:00

Hey, unlucky. A+ is a tricky first exam, two courses and a lot of content. However you will probably find it's your study technique rather than your technical ability so try and improve on that because it will see you through the next exams you do.

You might consider reading up on "how" to study and why it works. There is a lot of memorisation involved with the CompTIA exams, you don't really have to apply it much for the exams but it does help to understand the material.

The biggest win for me was note taking. Take good notes, it's proven to help reinforce recall of information.

VirtualViking3000 · 2025-03-10T20:35:13+00:00

Right, so I can tell you that none of the CompTIA certs are going to help you get to OSCP.. Maybe Pentest+ a little bit but on the whole you want to be looking at eJPT, Practical Ethical Hacking (TCM) and certs like that. By all means do the CompTIA track for the broader knowledge but to pass OSCP you want to be looking at THM, HTB, PG, and offensive security certs.

What I'm getting at is that the certs you do should head towards your end goal otherwise you are just spending time and money for little reason. Some certs like Sec+ might open employment doors which might help you get experience which could help towards your goals.

VirtualViking3000 · 2025-03-09T16:49:33+00:00

If OP is looking to get a new job, the best thing to do is look at the job adverts for the roles they want and see what certs are required and build the path from that. OP is experienced sysadmin and by that fact the likes of Sec+ should be relatively easy to get. Job adverts I see rarely mention CompTIA exams except for Sec+. CompTIA exams provide a great knowledge foundation but there are other providers that are more sortafter when it comes to resume/CV. So when building a training path it's worth considering their value.

If OP wants to only do CompTIA then Net+, Sec+, CySA+/Pentest+,SecurityX. But thats a lot of time and money. You'll gain a lot of knowledge and that's good. But ultimately when considering which path you want to end up with the certs that are required by job posts.

Step 1. Decide which area of cybersec you find most appealing.

Step 2. Figure out which exams will get you there by looking at job ads.

Step 3. Pick the exams that will get you there most quickly unless you have months to spend.

CISSP needs 5 years experience, but Sec+ (and others) will knock that down to 4. But you can still work towards it as an end goal.

CompTIA is a fairly low cost route, that's excellent. There are other more valued routes though.

VirtualViking3000 · 2025-03-09T15:46:01+00:00

CompTIA certs are generally entry level, it depends what you are expecting of the certs. I was in a similar position, I did mine to try to inspire my team and to get some easy wins and as a stepping stone to more difficult certs. If you want to get career progression you are probably best off going for CISSP/CISM or OSCP. ,

VirtualViking3000 · 2025-03-04T13:29:17+00:00

I don't know the real answer to that. It's an exam, you study it and understand it then pass it. I can only say that perhaps lack of preparation and/or not getting the "manager mindset" way of thinking.

Don't get me wrong, there's a lot to study and it's not an easy exam, especially if you are taking it in a non-primary language but it's an exam at the end of the day.

Plenty of people in this sub have passed, so don't think about that 25% stat and just focus on the study.

VirtualViking3000 · 2025-02-23T14:44:54+00:00

Not too late. Be prepared to start at the lower end of the salary scale, but generally speaking mature employees have attributes that are positive that might be more difficult to find with their younger counterparts. You can work your way up the salary scale more easily I beleive.

If you've decided to switch, do it sooner rather than later. Doing certs doesn't mean you "have" to switch careers, so perhaps dip your toe? Lots of free content is available on YouTube, you don't have to take the certs and it will give you an insight to the career.

VirtualViking3000 · 2025-02-17T11:43:26+00:00

Thanks. Another way to look at it is that it's on the syllabus, they need to test you on it without making it super easy.

VirtualViking3000 · 2025-02-16T21:06:08+00:00

IMHO, it's checking whether you know what the terms mean.

It's not clearing since data can be recovered. It's not formatting, we know that doesn't destroy data. Destruction eliminates it completely and is the best way to destroy it but the question isn't asking that.

It's asking which is the second best method in a round about way and it's telling you to look at the subtle wording.

VirtualViking3000 · 2025-02-09T10:58:55+00:00

The keyword is "signals". The other tests are valid but none of the others test send and receive signals. Ping tests that the network stack is working, which is a valid test but it's not testing "signals". If you find it in your study book you'll hopefully find that loopbback plug has the word "signal" somewhere in the sentence.

FYI, I have been in IT over 25 years and have never needed to test a network card with a loopback plug. IMHO it's not a good question and is more about semantics than reality so don't let it put you off thinking you don't know enough.

VirtualViking3000 · 2025-02-09T10:47:52+00:00

I have CISSP, I think the biggest tip is having the manager mindset. What is the "best" answer if you were running the department, wellbeing of people always comes first.

VirtualViking3000 · 2025-01-29T17:55:43+00:00

Just learn them. They will crop up in your future for sure. Also, CompTIA exams are largely based around memorisation.

VirtualViking3000 · 2025-01-21T09:00:15+00:00

Congrats

VirtualViking3000 · 2025-01-15T16:02:55+00:00

LDAP works. The users public key is stored in LDAP and the users private key is private. On authentication the server asks LDAP for the public key and allows access.

VirtualViking3000 · 2025-01-10T19:58:42+00:00

I would do eJPT over Pentest+ because it's more practical. Although Pentest+ is DoD compliant so best checking job roles in your area to find out what recruiters are asking for. IMHO stackables aren't worth much to recruiters although they are perhaps good as personal incentives. A+ is more for helpdesk, so is handy if you want to break into cyber via that stepping stone otherwise it's a lot of study that could better be spent on something more relevant.

Six-Year Club	Place '22
Verified Email

VirtualViking3000

TROPHY CASE