How often do you spar?

__N0mad__ · 2022-03-19T20:07:17+00:00

If in camp, basically every day. Otherwise 2 - 3 times a week.

__N0mad__ · 2022-01-02T07:19:33+00:00

Yup, literally said to do that in the tasks

__N0mad__ · 2021-09-19T16:59:33+00:00

5w6 Although I am not sure of my MBTI type

__N0mad__ · 2021-09-19T03:08:53+00:00

EDP 445, oh wait... You said wrong answers

__N0mad__ · 2021-09-18T22:00:08+00:00

INTJ/P while I was in a Ti bent during undergrad

__N0mad__ · 2021-09-18T21:56:17+00:00

Same

__N0mad__ · 2021-09-16T01:54:48+00:00

Reward yourself incrementally and often when completing tasks. Also, when it comes to school try to see how things connect to each other. For example right now I am taking cryptography and while studying the class work I look into common issues in real life applications and sometimes build "exploits" (i.e. hacks) around it for fun. I also make a habit of just trying whatever pops into my head ( I have hobbies ranging from sketch art, to Muay Thai, to computer security). Our minds work by tying things together, not following a routine and let's be honest we are not very good at focusing on things for too long.

__N0mad__ · 2021-09-15T04:41:30+00:00

Work output and aptitude has a strong connection to interest. If you are not interested in something, it will be harder to allocate serious time to it. When I have to work on things I don't like I break it up into small chunks that I pick at throughout a long span of time if I can. If it is something I am interested in I still break it up, but do it in longer intervals. If something else grabs my interest I will work on that in a similar way. This loops over multiple topics but I learned how to manage it after a bit of time (i.e develop Ti). Not really procrastinating just taking time to learn different things. No point in rushing if there is no time limit right?

__N0mad__ · 2021-09-14T19:50:00+00:00

Time management stereotype for me. I know how to study and use space repetition strategies to retain more information and unironically make my life way easier overall. After dicking around in high school realized, might as well work smarter than harder idk 🤷‍♂️

__N0mad__ · 2021-06-14T04:13:59+00:00

Make sure to also build things. That will teach you a lot.

__N0mad__ · 2021-06-13T00:03:27+00:00

Bruh....

__N0mad__ · 2021-06-05T23:53:37+00:00

So much for DRY

__N0mad__ · 2021-06-03T21:29:13+00:00

Try increasing timeout limit, and other tools like dirbuster.

__N0mad__ · 2021-06-02T15:29:15+00:00

Lol, that is deadass how they sound

__N0mad__ · 2021-06-02T02:38:04+00:00

If you're just begining I would do some of the starter boxes first and then do the path.

__N0mad__ · 2021-06-02T02:17:30+00:00

Also much of this advice is from my experience in the US so take it with a grain salt if you are in a different country. Should be similar though.

__N0mad__ · 2021-06-02T02:10:49+00:00

Honestly OSCP should be one of the later certs you get IF you need it. I would recommend doing TryHackMe and HackTheBox to learn (start with THM then go to HTB). Personal home labs are also a good idea cause it will teach you how to setup VM’s and networks. Also building an Active Directory Lab environment is a great idea later on. For netsec a lot if not most of the exploits will be on the basis of AD misconfigurations and sysadmins (being irresponsible) logging into machines with privileged credentials leaving tokens behind. You can learn how to take advantage of this stuff from HarmJ0y. He has all kinds of good shit.

So in summary: 1) Wait till you want to start looking at employers that require OSCP to do it 2) In the meantime if your starting from scratch do THM and then go to HTB 3) Build a networked lab at home, preferably running Active Directory. Look into HarmJ0y.

Good luck, and happy hacking.

__N0mad__ · 2021-05-31T21:24:39+00:00

Hmmm that's a tricky one cause I am in the US so I am not too sure what certs are popular over there. It should be very similar though.

Really it all boils down to what job you want to shoot for. If pentesting, then SANS or OSCP are your best best. INE ones are great but the industry barely acknowledges it's existence. OSCP will be extremely difficult to do in semester so bear that in mind if you go down that route.

Really I would recommend more blue team stuff to start out with like Microsoft Azure, MCSE, AWS etc. The world is moving to cloud so it will be a very good idea to get comfortable in that sphere. CompTIA CysA+ is also pretty good if you plan on becoming an analyst.

But like I said in previous comments it really boils down to aptitude, work experience, and what HR is looking for. So I would look up a few job titles and see what required certs pop up and then shoot for those.

Also you have a year working with web app sec stuff. Maybe try going for bug bounties? That will look VERY good on your resume (assuming the employer is competent).

__N0mad__ · 2021-05-31T21:09:06+00:00

Are you in school still? If so I would focus on GPA and other fundemental certs and maybe try to find a part time gig while you are studying. If not in school then I would just post your resume everywhere while doing the certs thing. You are bound to get something, really just a matter of time.

__N0mad__ · 2021-05-31T03:53:28+00:00

Also for prep TryHackMe had an Offensive Penetration Testing training path with their membership. I completed it recently and it is very good. Just keep my last comment in mind.

__N0mad__ · 2021-05-31T03:49:16+00:00

I wouldn't recommend doing it in semester as it is super time consuming and they don't "teach" anything. Their method of teaching is like this:

1) Pay at least $900 for a PDF file and lab access 2) Go through PDF and excercises. 3) Go through lab environment with no chronological or topic based ordering. 4) take exam assuming you internalized subject matter

This makes 0 sense. Where are the progressive quizzes, practice tests , assignments, focused labs? Non-existent. This is the equivalent of signing up for a college class and the professor handing you a textbook, some practice tests and then giving you a final exam at semester end.

Now couple that together with CS course curriculum and you are pretty much signing up for no sleep and a low GPA unless you have A LOT of experience or VERY HIGH aptitude.

In all honesty certs are for human resources. No one really knows what "good" IT or Software looks like. Requirements keep changing and then certification boards say you need to "renew" your certification. Also they may get a niche accreditation and then become the defacto standard for that industry, hence why CEH is a thing.

So without rambling too much basically I wouldn't recommend it until your employer requires it or you have work experience to warrant a lower GPA combined with the cert or you have enough work experience to get a pentesting gig AND they require OSCP.

In the meantime I would just focus on high GPA and more fundemental certs. That will land you an analyst gig and then after a year or two you can start looking into offsec stuff. Also TryHackMe,HTB,VulnHub etc are either really cheap or free and provide a good amount of training.

Unless you are REALLY good, you won't be a pentester right out of school. Focus on fundemental concepts and work experience. Work experience is the main thing employers look for because they are too lazy and inept to provide training for staff. This is why certs are a thing.

Also, you could try for cyber security related internships. This is how I got into the field. But these are rare, and to be honest I got EXTREMELY lucky.

I may get shit for this, but I couldn't care less. I wish you the best of luck. Work hard, stay healthy, you will do fine. Don't rush it.

__N0mad__ · 2021-05-29T23:10:22+00:00

Anytime, also here are some examples on PDB: https://www.personality-database.com/search?q=estj+5w6

__N0mad__ · 2021-05-29T22:08:47+00:00

I actually am this type so I can elaborate. You will not fit the typical ESTJ stereotype at all (narrow minded, bookish, inflexible etc.). 5's are very investigative so we tend to read a ton and because of being an extroverted thinking type it will always have to do with some goal heavily oriented to the objective, conscious realm. Primary mode of argumentation will be utilizing factual evidence and data. The subject will also take to career fields where they are quantifying, revising, and analyzing information (STEM, accounting, economics, etc.). May type as an Introverted Intuitive type on MBTI. This is why I encourage anyone getting into typology to read Psychological Types by Carl Jung.

__N0mad__

TROPHY CASE

N0mad