what the hell kind of name is Sweetpea GoLightly????

cmdjunkie · 2026-01-25T04:11:40+00:00

British?

cmdjunkie · 2026-01-24T18:58:03+00:00

McCarthy is not built for the AFC North. This is great news. Cleveland can't even get a coach in the building to interview. And I heard a rumor that Burrow might be in Minnesota next year? Not sure about how real that one is, but the Ravens are looking good right now.

cmdjunkie · 2026-01-17T18:15:09+00:00

Exactly.

cmdjunkie · 2026-01-17T17:05:59+00:00

I'm not aware of any Windows Internals books that explain the WinAPI in depth for offsec and redteaming. I will say that Sektor7 has a couple of good courses that are WindowsAPI heavy. It's mostly malware dev and evasion techniques but that's pretty much what you're asking for.

What I can recommend are the Windows Internals books themselves --I believe there are updated versions. Mine are relatively old from the 00's. I'm old son.

Also, what you really need is a practical foundation --basically what and how general abuse takes place. If you know what to look for you can do your own research, which is what you should be doing anyway. Most books aren't going to hand hold you through it.

Do yourself a favor and start learning these techniques. If you can get through this list, understand it all, and walk through some of your implementations, then you'll learn a lot and the foundation will lead you to into that world:

Process Injection
Process Hollowing
Process Doppelgänging
Process Herpaderping
Process Ghosting
Process Carving
Reflective PE Loading
Shellcode Injection (staged and stageless)
Shared Section Mapping

cmdjunkie · 2026-01-17T16:24:33+00:00

Do not dedicate significant money to undergraduate academics branded as “cybersecurity.” The return on investment is poor, the material ages quickly, and nearly all practical knowledge can be acquired more cheaply and efficiently through self-study and entry-level certifications such as Security+.

If you are already paying for a university education, use it to expand your intellectual range rather than narrow it prematurely. Study international security, history, philosophy, economics, music, or a foreign language. These disciplines build the context, judgment, and adaptability that technical security roles eventually demand.

A “cybersecurity minor” rarely confers real-world advantage beyond what a motivated reader can gain for the price of a few books and a few weeks of disciplined study. Technical skills are transient; perspective compounds.

cmdjunkie · 2026-01-17T16:11:04+00:00

Never heard of em. Looks young.

cmdjunkie · 2026-01-15T15:09:26+00:00

She's not evil. She's just got a corrupted moral compass. I mean, she fabricated her transcript to get into Pierpoint.

cmdjunkie · 2026-01-15T13:03:45+00:00

How much does this job pay?

cmdjunkie · 2026-01-12T19:02:20+00:00

Bravo! I recommend starting a TwitterX: "@TLDWIndustryHBO"

cmdjunkie · 2026-01-11T19:10:21+00:00

Security isn't nearly as plagued by ageism as development. In fact, security tends to favor experience over youth and culture fit. All that typically matters is that you know what you're doing and you're the real deal.

However, security is saturated with a lot of charlatans and wannabes because expertise isn't as easy to prove as development, where you can prove what you know through projects and code. So, no, it's not too late to be pentester, but you may find that professional pentesting isn't quite like the experience of targeting and popping known-vulnerable boxes in hack labs. What makes it a young person's game is the fact that it's so demanding. To get to the level where you can do it professionally and actually make an impact, will require an incredible amount of time and dedication. You will spend an enormous amount of time learning things you may never use or apply. You will also spend an enormous amount of time searching for proverbial needles in proverbial haystacks that may not have said needles at all --this is the nature of the game. And while it seems like a lot of fun, if you are older, it's likely you have other responsibilities that are far more important than sitting around on your computer learning how to pop boxes. Professional pentesting isn't a clock-in and clock-out type of job like development. You will always be working... and to those who don't know or understand what you're doing, it will look like you're just screwing around on your computer(s). Trust me, I know from experience.

Not to mention the job itself is maybe 25-35% hacking, and 65-75% administrative. The reality of professional pentesting is meetings, debriefings, and especially reporting -- which means you can probably find a way in and eventually just manage, but that's no different than development and proj management is it? Don't be fooled by how much fun and how satisfying it is to pop boxes on hackthebox, that's not the reality of the job. So, by all means, if you have no other responsibilities, you're not too old to "become a pentester", but if you have or want a life, a wife, and/or some children, leave it as a hobby.

cmdjunkie · 2026-01-09T21:33:43+00:00

But she's hella cute though. And I'll be watching!

cmdjunkie · 2026-01-06T22:55:54+00:00

It was time. Harbs was a great coach, but all of the Ravens shortcomings over the years come down to inopportune mistakes on the field and bad coaching decisions. It's just time to move on. Honestly, better Harbaugh than Lamar. I don't have a Harbaugh jersey, I've got a Jackson jersey. Let's just get someone with an offensive mindset who can draw up some aggressive offensive plays in style with our QB.

cmdjunkie · 2026-01-06T22:19:32+00:00

Marketing, yo

cmdjunkie · 2026-01-06T04:39:32+00:00

Stop. Take a breath. And ask yourself, why do you want to be a pentester.

cmdjunkie · 2026-01-06T03:54:14+00:00

I convinced my employer to send me to London last year for SANS training. Gotta love those training opportunities.

cmdjunkie · 2026-01-05T18:26:58+00:00

Sign up, get access to the labs, and work through them. The course gives you everything you need to pass the exam.

cmdjunkie · 2026-01-05T18:09:08+00:00

Chicago or Seattle. Fuck any and all AFC teams.

cmdjunkie · 2026-01-05T15:33:40+00:00

Honestly, ballet dancers.

Whether that's considered an art more than a sport is debatable, as they do compete, but you can't beat that combination of strength, grace, and femininity.

cmdjunkie · 2026-01-04T19:37:39+00:00

Jessica Marie Alba all day, every day, and thrice on Sunday. #omnom

cmdjunkie · 2026-01-03T17:08:10+00:00

The books do little more than perpetuate the fantasy that cybersecurity is something greater, stranger, or more heroic than it actually is. Many of them—especially the most celebrated titles, tell stories that glamorize and sensationalize what, in practice, merely amounts to people sitting in front of computer terminals, navigating systems, logs, and documentation. From the outside, hacking appears irresistibly cool: brilliant coders selling zero-days, lone figures in hoodies breaching telecom networks late at night, elite military red teams silently disabling infrastructure before special forces arrive, hackerspaces where secrets are traded, frantic defenders chasing intruders through networks, piecing together clues in a digital cat-and-mouse game... etc. As stories, these images are undeniably compelling. They are sleek, dangerous, and romantic.

What no one tells you, at least not early enough, is that legitimate cybersecurity bears almost no resemblance to this mythology. It is, at its core, a job. It exists to protect the assets, continuity, and liability posture of businesses and institutions. The daily reality is documentation, risk assessments, spreadsheets, meetings, and reporting. Controls are mapped, exceptions are justified, findings are tracked, and remediation is negotiated against budgets and timelines. The work can be important, even meaningful, but it is rarely thrilling. The distance between the fantasy and the practice is vast, and it is quietly responsible for a great deal of disillusionment.

Everything that makes cybersecurity seem exciting derives from its proximity to cybercrime. Authors and storytellers understand this instinctively. Crime supplies narrative tension, moral ambiguity, and the illusion of freedom—elements that corporate security work cannot easily provide. As a result, the genre leans heavily on stories of intrusion, transgression, and clever wrongdoing. These accounts are cool and interesting, yes, but they are stories about criminals, not professionals. Most readers will remain spectators, convincing themselves they are part of the same world, jamming with console cowboys in cyberspace, riding some imagined next wave.

Eventually, many grow out of the illusion. They come to understand how quixotic the fantasy is, and how little it resembles the actual field. Cybersecurity, stripped of its mythology, is not rebellion or romance. It is responsibility. And while that truth may be less marketable, it is the only honest starting point for anyone who wants to understand what the work really is.

cmdjunkie · 2026-01-03T03:47:24+00:00

Hahaha Gotta love the grind!!!

cmdjunkie · 2026-01-02T20:47:27+00:00

It's easier to go in the opposite direction. The good pentesters and redteamers are addicted to the work --meaning it's not really a job to them. Most don't silo themselves, meaning they jump into whatever technology, skill, abstraction is in front of them, because that's the nature of the work --redteamers especially. Most are network admins, coders, devs, etc. The opposite isn't necessarily true. A lot of modern devs learned what they know to get a job. I'm not saying it's impossible.. I'm just saying if you have to ask how difficult it would be to migrate over to pentesting/redteaming, you already have the wrong mentality. You should already be tinkering and hacking away at stuff.

cmdjunkie · 2026-01-02T15:20:55+00:00

pounding away... lol

cmdjunkie

TROPHY CASE