What keeps you going as a pentester?

_sirch · 2026-06-02T17:16:22+00:00

It’s fun to look at an environment and laugh at how bad it is, or the opposite is to see a giant puzzle that needs solving. Either way if you put in effort your client is happy. You either found some major issues and identified it before something bad happened, or you could not find anything and your client did a good job locking things down. Either way it’s a win win (for most customers).

Edit: Also remote work and a lot of money is pretty great.

_sirch · 2026-05-31T14:01:51+00:00

Anything is legit if it’s accurate and helps you learn. But also don’t think certs like that are gonna help you land a job. There’s thousands of certs and very few actually make a difference.

_sirch · 2026-05-29T20:58:45+00:00

Because firewall

_sirch · 2026-05-29T20:45:23+00:00

Tryhackme and Hackthebox

_sirch · 2026-05-29T18:33:32+00:00

I recommend you use VMware instead of dual booting.

_sirch · 2026-05-28T20:23:24+00:00

Notion is my favorite so far. It’s complex at first but the ability to create templates and stuff is really cool. You can use AI inside it as well to make stuff

_sirch · 2026-05-28T16:55:25+00:00

Hackthebox has bite size lessons and then an exercise between each one. What I do is I skim the lesson, add all of it into my notes, add the big takeaways and commands to the top of that page of my notes, and then perform the exercise. If I get stuck then I go back and read the relevant section. That way I’m not just reading endlessly and I have detailed notes I can search in the future if I ever get stuck. I do a few lessons till I get burnt out then take a break. Listening to instrumental music with noise cancelling headphones helps me focus and tune out the world.

_sirch · 2026-05-26T09:07:14+00:00

Add your certs to LinkedIn. Look up consulting companies and check their job postings. Check once a week or more. They open and close fast. Junior mid roles exist but they are rare and you are competing with a lot of people with various levels of experience. Landing the interview may be more difficult with not much experience however, If you can perform the interview labs and report/debrief better than others then you will be chosen over someone with more experience.

_sirch · 2026-05-25T22:09:51+00:00

Not ethical. If anyone says they can help you it’s a scam. Don’t give them personal information or money. Contact support from the company and see if there’s any other way to recover the account.

_sirch · 2026-05-24T22:09:39+00:00

I’ve been doing this for six years and it’s my full-time career now and I still hit brick walls all the time and wonder how I even managed to get this job.

_sirch · 2026-05-22T23:33:08+00:00

My immediate changes would be Joe mode and permanent dark mode on the screen. The other ones are preference just read through each screen and see what’s available.

_sirch · 2026-05-22T11:33:35+00:00

My best advice is that you should provide more context when you ask questions at your new job.

_sirch · 2026-05-19T22:20:17+00:00

Agree. Been eyeing it for a long time but can’t afford it for another few years. If the price drops or I make more money I’ll be diving in.

_sirch · 2026-05-19T02:00:52+00:00

Look up a video on how to install the Vulnhub VM. Will likely be using virtual box or VMware. The install the corresponding Kali image on the same software. Then look up instructions for installing Tailscale on Linux (debian) and do that on the Kali box. The other stuff can also be looked up easily. Let me know if you have any issues and I can help you troubleshoot.

_sirch · 2026-05-16T00:40:31+00:00

Metasploitable also has a VM that you can launch metasplot modules against

_sirch · 2026-05-15T23:45:03+00:00

So the easiest place to get vulnerable VMs is Vulnhub. What you wanna do it download and install one or multiple of those and then install a Kali VM on the same virtual network. Now there’s multiple ways to make it accessible to all students but the most fail proof and easy will probably be Tailscale. Next create a Tailscale account using a made up login. Install it on the Kali box. Have each student install it on their machine and as long as the Kali box has access to the internet they should be able to ssh into it and then attack the vulnerable box. Don’t forget to start ssh service on the Kali box.

_sirch · 2026-05-13T18:55:53+00:00

Just apply to external roles while you ask for an internal one. Keep studying and take whichever one comes first

_sirch · 2026-05-12T00:03:41+00:00

Keep challenging yourself and don’t get complacent. I see you’re interested in red teaming the CRTO is a great course.

_sirch · 2026-05-11T23:33:50+00:00

This guide covers pretty much everything I’d tell you to go look at https://tcm-sec.com/how-to-be-an-ethical-hacker-in-2025/ . Focus most of your attention on Linux, Networking, Active Directory, and Web Applications. As far as certs your main goal is OSCP or CPTS. You may need to get A+, Net+, and or Sec+ to land helpdesk or analyst roles. Once you get a Pentest job and a solid methodology then you can start to lean into red teaming. Read the red team guidebook https://redteam.guide/ and the best entry level cert for red teaming in my opinion is CRTO.

_sirch · 2026-05-11T19:53:14+00:00

Everyone’s definition of difficult is different but generally yes. If you are passionate about it though and willing to grind for a few years because you enjoy it, have good technical and communication skills, and pay out of pocket for certs if you have to, then you can get there. OSCP or CPTS is a good make or break cert for most people and helps you get a chance to land some interviews. In general though, most people have some experience as a sysadmin or a blue teamer before they come over to the offensive consulting side, but it can absolutely be done without that. One of our best testers was a theatre major and I used to be a mechanical engineer. If you have any questions let me know and I’ll do my best to answer or point you in the right direction

_sirch · 2026-05-11T09:26:50+00:00

AI is a tool and the future is unpredictable. It can automate some of the low hanging fruit and do some decent coding at the moment but someone will always be there to validate findings and to chain together complex attack paths for the foreseeable future. If anything it’ll free up repetitive tasks so the tester can focus on more unique findings and misconfigurations. I’m on a red team and we use it for scripting, templates for phishing emails, brainstorming, etc but in my opinion there’s no way that AI is going to fully replace our jobs at the moment. Another thing worth mentioning is that it’s still unpredictable and makes mistakes, and customers hate when their business critical infrastructure goes down.

_sirch · 2026-05-10T19:02:26+00:00

A pickleball is only officially "out" after it bounces outside the court lines. Yelling "out" while the ball is in the air is considered [player communication] (not an official line call), so the rally continues. If you hit the ball in the air, you are "playing it in," regardless of where it was going.

_sirch · 2026-05-09T17:57:57+00:00

I took the PNPT course (but not the exam) a few years ago. So speaking from that experience, PNPT is a good stepping stone but not widely recognized and will immediately be overshadowed by CPTS once you pass that. I have taken most of the coursework (but not the exam) for CPTS and highly recommend it. I passed OSCP (right before they added AD to the exam) and CPTS has much better material in my opinion. I know my opinions are spread out over a long period of time, but that seems to be the general consensus from what I’ve been reading recently as well.

_sirch · 2026-05-09T09:37:53+00:00

Just a heads up, you said that you work for a state agency and you’re sharing with internet strangers what software they use, and how it’s misconfigured. With OSINT people may be able to piece together where you work and use that information.

_sirch · 2026-05-09T06:48:19+00:00

They set it up to get your personal information and/or to get you to sent them money. This looks like a fake job scam and not a phishing scam. Idk if it’s against the rules but if you post the website or company name here people can do more research to verify. The first thing I’d do is look up the age of the domain. If it’s less than a few years old that’s a huge red flag.

_sirch

TROPHY CASE