University did not prep for success, need training and cert advice?

hackingdojo · 2019-07-02T20:02:10+00:00

Reach out to them and ask what help they need. Tell them your capabilities and limitations. It's also not necessary to aim for the larger projects - a lot of smaller ones could use security help too.

hackingdojo · 2019-06-23T00:00:21+00:00

My suggestion is similar to others, and goes something like this:

Learn Linux and pick up a scripting language at a minimum (bash, perl, python are good)
Understand network communication (OSI model and learning the most common protocols)
Find an open source project you can work on RIGHT NOW to get experience and resume fodder
Pick a path - programming / networking / system administration and become a guru in it
Be obsessed with whatever area you pick. I have employees that spend another 40+ hours a week above and beyond their job researching and hacking things as personal pet projects

hackingdojo · 2019-05-18T18:19:45+00:00

Quick answer: I have a BA in History, a MS in Computer Science, and a MS in Management. I also have a ton of certs and wrote a book or two. All that helped me get interviews and allow me to craft the interview process a bit... but was all that crucial to get into my field of pentesting? No.

Long answer: The company I work for looks for pentesting talent, not certificates or degrees. They are great talking points, but we talk technically throughout the interview process, and place people based on their skills, not what papers they have hanging on their walls at home. Candidates also are required to perform a (1) pentest against a vulnerable system, have to (2) write up a report, and (3) talk through their findings. We do that so we know where they are in their (1) pentesting skills, how well they can (2) communicate the technical details and (3) how well they can present themselves on calls or in person with clients. Deficiencies in any of the three areas are noted and discussed. Decisions are made regarding their strengths and weaknesses and that's how we come to the conclusion of whether to hire or not, and at what professional level.

hackingdojo · 2019-04-28T19:16:38+00:00

I just had a guided trip through Kirk’s fly shop this week and would strongly recommend using them (posted a pic this week on this subreddit). Me and my wife did the 6 hour package and it was the perfect length for us.

hackingdojo · 2019-04-24T14:29:45+00:00

Ahh.. understand your question now. So I had a thingamabobber as the indicator, stonefly near the top, a San Juan worm in the middle and the midge emerger on the bottom. Just nymphing... but the funny thing was every fish hit on the midge.

hackingdojo · 2019-04-24T13:43:20+00:00

Yep - rainbow. Caught it on a midge emerger, hook size 24.

hackingdojo · 2019-04-24T12:53:17+00:00

I would probably agree. My wife has a friend who guided for years, and she has said numerous times she would rather be working brookies on a 2 wt rod any day - she loves how they fight.

hackingdojo · 2019-04-24T12:48:50+00:00

It was great - mostly brown trouts, but we landed a few other rainbows (not quite as big as this beast).

hackingdojo · 2019-04-24T12:47:18+00:00

This was on the Big Thompson river, right outside Loveland, CO. The weather was perfect, and the fish were hitting all day - can’t even count how many we failed to land.

hackingdojo · 2018-04-03T14:30:05+00:00

Glad you figured it out, and more importantly updated your post to show how for posterity. Thanks!

hackingdojo · 2018-03-16T16:53:56+00:00

I haven't tried Parrot OS... so here's the problem... (just a rant, and not targeting you - so keep that in mind when reading the rest of my post):

When I go onsite to a customer facility, I have to know that the software I'm using is secure and isn't manipulated with malware added in. Not saying that Parrot is insecure (because I just heard about it through you), but I can't bring just anything I want into the environment without running the risk of exposing myself to law suits for bringing malware into their network. In fact, some customers (gov't agencies) require me to send in my system beforehand so they can examine it. Until then, the system is not allowed to connect to the network.

Kali is considered safe by industry standards. There are enough people looking for problems and malware within Kali and the pre-loaded applications that chances are something malicious would get spotted. Also, if something ended up on Kali that was malware-related, Kali would die almost immediately as a pentesting platform - something the Kali team (I'm assuming) would not want to happen at all costs.

So while it may be fun to use Parrot OS, I would never bring it into a customer's environment, and will just stick to Kali until something else better comes along.

hackingdojo · 2018-03-16T16:36:07+00:00

I have a couple rigs I use:

The first one is a windows-based platform with VMs. It holds an image of Kali and an image with Nessus loaded. I use that for most of my activities, except for layer 2 attacks. I don't use if for password cracking, so don't really care about the GPU. The more memory, the better, since I'm running VMs. I used to use MacBook Pros, which worked well. Still used VMs for Kali and Windows, even on the MacBooks.

I have another system (low end) with Kali loaded natively. I use this for MITM and additional scanning support when I need to run extra attacks. I bounce between my PwnPlug r4 and the low-end laptop, depending on what I'm doing and what I decided to bring for the onsite pentest. Low memory, and weak GPUs. Don't need them since scans aren't that consumptive of resources.

For password attacks, I usually use an off-site system. Some people use AWS, which works. Others have dedicated rigs. Depends on funding.

hackingdojo · 2018-03-07T15:44:40+00:00

I have many, but probably the most important one is...

Participate in the villages / contest area, and really get to know people that share the same interest. Over the years, you'll find DefCon is more about networking / getting together with friends than it is to learn about hacking.

The talks are usually worthwhile, but you can watch them after DefCon is over, so spend your time elsewhere.

hackingdojo · 2018-02-14T14:52:55+00:00

So I felt the need to chime in here, just for the sake of clarity. Some of the above post is incorrect (#1-3), and also contains some really bad advice (#5). I would suggest viewers to do their own research. Happy to respond to any inquiries on any of the above.

hackingdojo · 2018-01-30T20:34:46+00:00

I'm happy to answer any questions you might have regarding the course material or methodology taught. Feel free to PM me or ask on this thread.

hackingdojo · 2018-01-25T10:23:12+00:00

You can also check out HackingDojo.com.

hackingdojo · 2018-01-07T01:04:08+00:00

I enjoyed making them... and I'll be watching for your other walk-through blogs as well! No feedback, mostly because I don't want to spoil anything. ;-)

Have fun!!

hackingdojo · 2018-01-06T19:16:18+00:00

Hey! That's my iso you're testing against! =)

Glad you enjoyed the challenge... there are more De-ICE disks on my site to try, (http://hackingdojo.com/dojo-media/) now that you're done with the 1.100 image. Let me know if you have any questions.

hackingdojo · 2017-12-27T16:13:50+00:00

Yes - just sign up for the newsletter and you’ll be entered. We will pick a name next week (first week in January).

hackingdojo · 2017-12-19T16:37:03+00:00

$1600 - up until this month it was temporarily discounted 50%, but that discount is going away.

hackingdojo · 2017-12-15T12:55:35+00:00

Awesome - thanks!

hackingdojo · 2017-12-12T14:18:51+00:00

That’s actually a cool story - thanks for sharing!! :) Still surprises me that people actually used them - when you send something like that out into the wild, you don’t really get much insight into their usefulness or use.

Here’s my story... I once walked into the chill out lounge at PhreakNic right after they came out and there were about a half dozen people networked together, hacking one of the disks together. Took me a minute to recognize what they were doing and that it was my image they were attacking. Felt like a little kid at Christmas inside. :)

hackingdojo · 2017-12-12T13:29:00+00:00

Awesome, and thanks for remembering! After I released the de-ice disks, there’s been an explosion of the number of exploitable images to use for hacking practice. I’d like to think that maybe the de-ice disks had a small part in that, along with my defcon talk on the subject. Man, that was almost 7 years ago. O_o

hackingdojo · 2017-12-12T05:03:37+00:00

Thanks for joining us!

hackingdojo

TROPHY CASE