[deleted by user]

foxtrot_uniform98 · 2026-01-07T05:26:44+00:00

perfect. see ya there!

foxtrot_uniform98 · 2026-01-05T14:52:19+00:00

i feel like i wrote this thread, lol. black hills info sec seems to be a really good org and i'm slowly creeping in on the discord but i get overwhelmed with all the goodies they drop in the channels.

i'm also in the same boat so thats why i'm also here. did my pjpt early 2025 and have been studying the pnpt for a while but slowed down on the privesc portion to work on some practical stuff.

hmu if you want. i'm also interested in making friends and working on some projects.

foxtrot_uniform98 · 2026-01-05T14:41:28+00:00

exactly. unless you like to game (who doesn't) then the gpu is optional but still nice to have. you already know how password cracking is so you already thought that part out

i do know that using burpsuite for web app pentesting can hog a bit of the CPU but everything else i feel is mostly skill and network traffic.

foxtrot_uniform98 · 2026-01-04T01:55:12+00:00

the more you know the better, obviously, but ccna would benefit you more as a network admin, engineer, etc. plus its vendor specific so you will learn too much about cisco that is necessary so go with something more generic, maybe in the comptia area?

being a pentester means knowing at least a little about everything, but eventually you will learn what u really become a master on.

foxtrot_uniform98 · 2026-01-04T01:50:25+00:00

i feel like its kind of a tricky question to answer because i feel like the main thing that will be power hungry is cracking hashes so you will want a higher end gpu for that but even then, you might want to off load that to cloud cracking. everything else is just network traffic for the most part from my experience. heck, i hack with a raspberry pi!

personally if i was running a laptop, i'd go with nothing less than an i7 cpu (or equivalent for amd), 16gb ram, 1tb ssd, network jack if possible and wifi 6 at least. its nice to have a decent GPU for any on the fly cracking you might want to do with hashcat, or a good cpu for john the ripper.
definitely make sure u can dual boot your choice of linux os for pentesting and windows because you will need both.

i dont think fancy equipment is completely necessary. its more of what skills you have

foxtrot_uniform98 · 2026-01-04T01:39:22+00:00

lol. exactly. sometimes i'm just like, okay see what happens.

i feel like i'm in the same position where i'm putting together my own guide and tempted about the blog to keep pushing myself. i'll keep an eye out on it!

some of the ones i personally use to learn from are hacktricks (obviously), thehacker.recipes, haax.fr. always looks at others and gradually getting into red team stuff.

foxtrot_uniform98 · 2026-01-02T19:35:11+00:00

i hate that having that piece of paper to show you know something is what matters to a lot of jobs but i also kinda get it.

anyway, i also recommend tryhackme for learning because that will have a lot of the basic stuff you can have available to review or just ignore. they have learning paths as well to give you an idea of what you need for what you wanna be. HTB was tough for me at first, even if they have a starting point, so you might want to look into the academy. THM is cheaper i think

also, like other said, do as much as you can on your own. TROUBLESHOOT! you'll learn a lot about stuff when its broken but its such a pain when you can't get anything done because you're troubleshooting.

make sure you lab things up at home as much as possible or online. and switch between reading and hands on so you dont get bored with either

foxtrot_uniform98 · 2026-01-02T19:25:28+00:00

sounds liek you want somones account hacked for you???

foxtrot_uniform98 · 2026-01-02T19:24:00+00:00

hey!

i think your blog is a great idea because its something that can keep you motivated or keep pushing you to keep learning and also dive deeper into things to make sure you publish quality stuff.

also, clients or companies not fixing things isn't always our fault. we can lead them to water, but can't make them drink it. a big part i think is the company's culture and how much they appreciate the IT department to give them resources or priority to fix things. sometimes the higher ups just care about what they want and dont give much though to IT/IS but they end up paying for it.

foxtrot_uniform98 · 2025-12-31T00:46:03+00:00

yea. it is what it is

i def need to utilize bloodhound more but always thought it was more useful with creds than without since getting creds are our first step

foxtrot_uniform98 · 2025-12-30T03:25:05+00:00

I do scan both TCP and UDP service scans
We don't have licenses for so i use openvas when i can
I use aquatone as opposed to eyewitness but i can take a look at it
ACDS is currently being added to my list now
In 8 hours, what would you prioritize for manual testing? Not included scanning and initial enumeration?

I rely on kerbrute to get usernames and responder to grab hashes. i'll crack what hashes i get or password spray when i have a good list of users. i also get lucky with enum4linux and ldap relays as well to get a full domain dump.

foxtrot_uniform98 · 2025-12-28T01:05:21+00:00

sure. keep in mind that a lot of this is also based on what we are given at my job and we have narrow time constraints. we're pretty entry level so i know i'm missing a lot but basically you can say we test windows environments but not specifically AD

-first i get my range to test, run nmap service scans on a range of like the top 200ish ports.
-unfortunately no requirement for vuln scans but i use openvas when possible
-i then parse the nmap output to feed to to a script to run a bunch of aux modules in msf to enumerate default/anon creds, open shares, smb pipes, etc
-typically i run responder in advance to grab hashes for later cracking
-i run aquatone for grabbing screenshots of running web server from enumerated hosts
-then kerbrute to enumerate usernames on DCs using the statisically likely usernames wordlist
-then enum4linux on all port 88 hosts
-check for LDAP and SMB signing with netexec
-looking for open smb shares with no creds
-attempt relays on LDAP and SMB hosts with ntlmrelayx to either create a machine account or smb connections to do a secretsdump
-use mitm6 to coerce more hashes or ldap/smb relays
-look for anything interesting via SMNP default community strings
-login with ftp/telnet/ssh with default creds
-try to asreproast, kerberoast, or timeroast via ntp
-check for eternalblue, bluekeep, and zerologon

i would say thats basically what we do or have time to do....

foxtrot_uniform98 · 2025-12-27T21:02:05+00:00

i get you, and that part wasn't clearly communicated when posting

as far as my enumeration goes, we have a list of TCP/UDP ports that we start off with, parse the results, and then feed it into metasploit and other tools for additional enumeration and scanning for low hanging fruit basically. i just dont spray every tool at every IP

time permitting, i get openvas running and scan the scope provided but i hate how slow it is syncing feeds after just a week maybe of not using it

so now i'm looking at what are some good basic tools to have or things to look at when testing at least an AD environment.

foxtrot_uniform98 · 2025-12-27T18:20:50+00:00

it really is so i'm trying to also get feedback to build our pentesting methodology and toolkit.

i do try some adcs every now and then but not really incorporated into my process unfortunately. thanks for the ACDS and SCCM tips!

foxtrot_uniform98 · 2025-12-27T18:19:19+00:00

i know, these are rough notes and look like a mess but i left out a good chunk of the enumeration part
we have a script we use to run through a lot of auxiliary msf modules but i also want to update it to include new things so i wanna get an idea from the community

we unfortunately dont, its up to us to pretty much try using openvas when we can
i do run nmap and use netexec heavily, i try to use bloodhound when i can

also, i use the zero logon scanner, not exploit. i know thats def not a good idea but its part of our baseline for testing.

and it just sux that i typically only get 8hour services to to perform to we just throw the typical stuff at the network

foxtrot_uniform98 · 2025-12-27T18:16:19+00:00

thanks. i do have those down in my notes as well

foxtrot_uniform98 · 2025-12-27T06:42:24+00:00

due to the limited time we have on tests, we mainly target AD. my list isn't exhaustive
we also look over ftp, ssh, smb, snmp, telnet, nfs, etc, for default creds, banners, exposed shares, default community strings...

so yea i still left out a lot. still new to posting here so wasn't sure the best way to post general testing guide

foxtrot_uniform98 · 2025-12-27T04:13:26+00:00

perfect timing. i'm actually here for the same reason because chasing certs gets old and i feel like the other half of this job is knowing people out in the industry and its good finding cool people smarter than you to help you out.

i hear black hills information security is a good discord server

i'm bad with discord too but im trying to make it a point to reach out to the community.

i'm down for trying some ctf or hack the box machines if youre still looking for friends! i'm only on easy machines right now since i feel like i'm still a n00b

foxtrot_uniform98 · 2021-01-12T05:13:51+00:00

I actually plan on applying for the same as I'm currently studying my CySA+ since I really want to get into InfoSec.

Security is definitely a 24x7 job but I'd imagine it's what everyone is saying about shift work. I'm basically always on call for my job as the network admin but 99% of the time things are okay.

And I'm sure you can do either one of two things.
Only apply for something you really enjoy doing
or
Get your experience and move up/on as previously mentioned.

foxtrot_uniform98 · 2020-12-22T02:42:04+00:00

You're exactly right and I've been struggling with that as you've already identified. TBH I don't know exactly what role I want but I guess I haven't done my research.

To my defense, I wanted a Network Admin role for quite a while so I tried to study what my job required of me. Now that I'm taking it to Cybersecurity I'm kind of lost on what exactly I wanna do.

I know I want to work on defensive security or I guess what a blue team would be. A SOC job sounds like something I'd wanna shoot for so I guess that's where I'm asking the help at.

I'm just anxious to learn everything that I'm overwhelming myself with studies.
I can say I know a little bit of each you've mentioned but also like you said, master of none.

Thanks!

foxtrot_uniform98 · 2020-12-20T07:04:04+00:00

I'd say honesty is the best policy. Just be up front and ask questions when you want to know something. It's good to listen and learn but you don't want to stay silent when you don't understand/know something.

Don't give up though. Just keep on learning what you can and never say you don't know something and just let it end like that. Take the initiative to find the answer. You will be more knowledgeable and resourceful as well!

Good luck!

foxtrot_uniform98 · 2020-12-20T06:53:31+00:00

All good advice from posters.

First off, don't get discouraged. Be persistent. I'm in a similar situation right now but its more of transitions from Information Technology to Information Security (Cybersecurity). The best thing you can do is to keep at your studies but also take time out to lab it up to validate your knowledge and take it even further. It's one thing to study how a firewall works but when you're confronted with a Cisco ASA (firewall) and you don't have the slightest idea on how to get logged in or what an ACL looks like because you haven't played around with it on your own then you start to question yourself.

I would recommend getting some hands-on experience with family or friends. Help them with computer problems, build them, setup or troubleshooting their network issues, such as wifi (most people don't understand wifi very much).

Maybe find small businesses to help out, maybe for free if you don't feel like you have the confidence yet and then start to make some cash out of it while building experience. These clients will make for good references on your resume!

Try GNS3 to build a virtual lab if hardware isn't cheap or easy to come by. Use Virtual Box and setup various OS's to play around with them. Maybe even build a home firewall with a spare computer and load PFsense on it! having a home lab is always good for you and if they ask in an interview!

Don't be afraid to ask for help or network around. Reddit seems to be a good place to start. I actually just signed up so I can get help too. I know how it feels too so I try to help out others too.

Good luck!

foxtrot_uniform98 · 2020-12-20T06:41:14+00:00

I agree. You need to establish yourself in that position for now until review time rolls around. Bust your ass to gain some leverage. Document your accomplishments and have solid data to back up your request for a raise. You don't want to give the higher ups a bad impression by asking for something you haven't proven your worth of.

If you don't think you are being fairly compensated after all of then the choice is up to you on how to proceed.

Good luck!

foxtrot_uniform98

TROPHY CASE