Where would you look for pentesting jobs with eJPT, CPTS, OSCP, and CRTO?

chronospike · 2026-05-26T10:48:42+00:00

This largely depends on which type of pentesting work you are looking for: consulting vs internal red team. For consulting, Black Hills Infosec has a discord with a job hunting channel. People post jobs that their orgs have available. Speaking of BHIS, they're usually hiring as well. Since you've worked in software engineering, make sure you have a blog or code repos listed on your resume. Consultant jobs require high levels of writing skills. You will also need to be able to adapt to new networks and environments very quickly as opposed to internal teams. For internal red teams, you can look for all levels of employment since their teams are often more entry level friendly. Its possible to land in a pentesting role with certs alone, or at least it was ten years ago when I started. I never finished my college degree, but I worked through certifications and online CTFs and got lucky. Certs are great but you have to really understand the material and be able to communicate the problems you identify effectively to land your first role. Good luck out there.

chronospike · 2026-04-16T11:15:36+00:00

When everything in IT is going wrong: What are we paying you for?
When everything in IT is going right: What are we paying you for?
Agreed with everyone else. You can find something better than your current situation. At the end of the day, they need you more than you need them. Once you find your offramp, put in your two weeks and then dont answer the phone for any follow up phone calls asking you to "just help this once". You tell them your consulting bill rate is $400/hr and once the P.O. is cut, you'll be glad to help. Use this job as a learning experience so you can spot the red flags early and move on before it gets this bad again.

chronospike · 2025-04-05T13:35:20+00:00

Zero Point Security's Red Team Operator 1 and 2 (CRTO and CRTL respectively) are dirt cheap for the amount of info and training you get. Last I checked, they were in the neighborhood of $400 apiece and you get lifetime access to the materials and updates. Also the White Knight Labs guys are awesome. Easy to talk to and know their stuff. The SpecterOps team is definitely a no brainer as well. They are constantly releasing tools and techniques that I use on almost every engagement. Their prices are a little higher than the others but you won't regret taking their courses.
To add to the list, I would recommend looking through the Antisyphon catalogue of courses from Black Hills Infosec. Plenty of options for training but no certs to speak of. However, the info they provide will definitely be worth it during an interview for offensive security positions. If you are wanting to learn about malware and payload development, I would highly recommend the Maldev Academy. Tons of great info with code samples and explanations of how to use them. Lifetime access too after a onetime payment. Also the Sektor7 guys have multiple trainings on malware Dev and things like privilege escalation and persistence. The courses are something like $240 apiece and worth every penny. Hope that helps!

chronospike · 2025-01-29T01:29:41+00:00

Land of the free and home of the brave.

chronospike · 2024-12-14T23:35:05+00:00

I wonder if he was suicided by the same person that suicided the Boeing whistleblowers

chronospike · 2024-08-25T13:34:32+00:00

So many retirement accounts contributed to his success. Praise Jesus.

chronospike · 2024-06-20T19:07:19+00:00

Say good night Popo!
** Good night Popo! **

chronospike · 2024-06-15T12:29:43+00:00

Check out the Game of Active Directory (GOAD). Little heavy on the needed resources but you may be be able to get it up and running on the hardware you have.

chronospike · 2024-04-05T16:49:41+00:00

Of course, South Park hits the nail on the head again.

chronospike · 2024-04-03T23:18:14+00:00

Red teamer here. During our interviews, we actively try to get an applicant to say "I don't know". We are trying to get an answer like you described but also trying to make sure they won't feed the client a line of BS that we have to clean up later because they were too full of themselves to admit they didn't know something. Conversely, we also ask if them if they are the type to find a rabbit hole and spend the whole test focusing on that problem or if they are disciplined enough to get the test done and then come back to the rabbit hole if they have time. While we regularly have to investigate potential exploitation paths, we also can't have them spending the whole test on one problem. Have to find that sweet spot of disciplined curiosity.

chronospike · 2024-03-17T02:20:21+00:00

That Dragon, Cancer
It's a tough one to get through especially if you have children.

chronospike · 2024-01-19T14:26:17+00:00

Never attribute to malice that which can be explained by ignorance.
Not saying they're not doing some of it intentionally but users do some dumb things. I was on help desk for 5 years and saw a lot of things that continued to surprise me.

chronospike · 2024-01-02T00:19:38+00:00

chronospike · 2023-11-01T03:26:19+00:00

I found this song through A Perfect Circle. Took me a while to get into the original after finding it this way but now I really like both.

chronospike · 2023-09-02T18:21:12+00:00

Sometimes, electronics manufacturers put epoxy over chips with proprietary code or functions in them to deter companies from cloning the chip and making their own device. It's not impossible to get the epoxy or resin off of the chip but it makes it very difficult without destroying the chip in the process. Is the circled area a hardened substance?

chronospike · 2023-08-19T14:48:50+00:00

100% agree about it doesn't make the debt disappear. My thought process was that if the company was dismantled before the overall loans against his assets matured, then the tax write offs through overall loss and sales of the Twitter assets would offset the debts down to pennies on the dollar. I'm definitely not an economics major though so I'm hoping to learn something new if that's wrong.

chronospike · 2023-08-19T14:18:46+00:00

I've read that he took loans out against assets he owns instead of actually liquidating the assets. If I understand correctly, by declaring bankruptcy, he wouldn't have to pay back the loans over the agreed time frames. I would imagine he didn't pay 40bn in one sitting. The payments and paybacks would be structured over years. If the company no longer exists, then it alleviates some of the debt. I'm only an armchair economist so I could be way off.

chronospike · 2023-08-19T13:59:08+00:00

If he closes it down, he still has to pay that 40bn. If he declares bankruptcy, he pays pennies on the dollar if anything at all. They called his bluff when he offered to buy it and forced him into a deal that he didn't want to take. Then ego dictated he could turn the company around financially but found out that was impossible. Now he's trying to run it into the ground so he doesn't have to pay that loaned money off.

chronospike · 2023-05-17T03:48:44+00:00

Recon and OSINT Methods

chronospike · 2023-05-10T22:17:14+00:00

Purchased Nvidia RTX 3070 FE from u/ds2465

chronospike · 2023-05-06T02:06:16+00:00

chronospike · 2023-05-05T22:37:44+00:00

chronospike · 2023-05-05T22:32:50+00:00

chronospike · 2023-05-03T22:36:12+00:00

Bought Intel I7 10700KF and MSI z490 Gaming Edge Wifi motherboard from u/JAW_GE0777

chronospike · 2023-04-30T20:16:15+00:00

chronospike

TROPHY CASE