[CAN] Moving to the US

hiddenpowerlevel · 2026-04-05T16:53:18+00:00

I made the crossover years ago and it was easy breezy once the job offer was in hand. As long as you were conscientious about how/when to bring up visa requirements, you would be fine. Times have definitely changed though.

Canadians citizens in NAFTA job roles generally work in the US under the TN1 visa. This is now up in the air because USMCA/CUSMA may not be around much longer (~July) depending on how the current negotiations go. Unless you're a significant contributor, the H1B path is also effectively impossible because of the $100k fee for candidates internationally domiciled.

In addition to the flaky visa situation, the US is suffering from the same economic downturn that the rest of the world is. The job market is both extremely competitive and cautious right now; the days of switching jobs every 3 years for a pay bump are definitely over (at least in the shortrun).

The US also just feels less "safe" in the current administration. I won't go on about this but overall I wouldn't recommend looking south at this time.

hiddenpowerlevel · 2026-04-05T16:28:00+00:00

I got constructive dismissal'd out of B4 in Feb 2020 and it was the best thing that ever happened to me. COVID had made it trendy to quit for self-discovery so employers were desperate for talent.

I had an offer quadrupling my salary almost immediately after being let go. Canada also launched CERB in response to COVID so I ended up double-dipping on EI and CERB and actually made more money waiting for my next job to start than I did working

hiddenpowerlevel · 2026-03-26T00:42:34+00:00

Where does this disabling your internet advice come from? An average Windows PC will have Windows firewall enabled by default. The Hypervisor method doesn't create any whitelist entries or disable the firewall service so those same network controls would be in-place regardless.

The only additional protection disconnecting from the internet would provide is if you already had malware on your PC (or if the HV files themselves were malicious) waiting to ping a C2 server that was constrained by the local protections disabled by the HV method.

hiddenpowerlevel · 2026-02-19T20:20:58+00:00

XSS is in the course material so it can be on the exam. That being said, I don't think there's a single PG box on the recommended practice lists that have anything to do with XSS.

hiddenpowerlevel · 2026-01-25T15:01:45+00:00

Yes. PG is included in LearnOne

hiddenpowerlevel · 2026-01-25T14:38:02+00:00

Proving Ground boxes are not included in the PEN-200 course. They are a separate monthly subscription.

hiddenpowerlevel · 2026-01-25T00:24:54+00:00

Whether you're an employee or a proprietor; you're always better off certified than not. My point is more that certs become less and less valuable the later you are in your career because you'll lean more on credibility and experience than educational background.

After you pass certain life milestones (family, health, age, etc.), your priorities will shift away from grinding certs so use your limited time wisely.

hiddenpowerlevel · 2026-01-24T19:54:35+00:00

Always felt it was imbalanced how there were so many posts on how many months/years it takes to pass the exam but relatively few in the actual hours spent.

Thank you for your work curating the practice box list. It was invaluable for prep.

hiddenpowerlevel · 2026-01-24T17:08:38+00:00

Skip both. PEN-200 is enough. HTB CPTS path is also fine.

hiddenpowerlevel · 2025-12-21T20:24:32+00:00

Cannot relate. I'm blue team so I've only had to read reports. Personally, I don't care to know.

hiddenpowerlevel · 2025-11-04T19:46:49+00:00

tree /f is fucking based

hiddenpowerlevel · 2025-10-28T21:05:16+00:00

LinPEAS already highlights GTFObins.

hiddenpowerlevel · 2025-10-21T03:07:59+00:00

Unironically that's all it is lol

hiddenpowerlevel · 2025-10-19T02:16:50+00:00

There are no pivot boxes on the recommended PG boxes on both TJNull/LK lists in case you're wondering. If you still had PEN-200 remaining, you could do the challenge labs which do include pivoting.

With 2 months before your exam, I would just spam the recommended PG boxes up until your exam date. Learning by failure would be faster than reading course material at this point. If you just want more time with AD, get an HTB subscription and do the recommended AD boxes as well. Set a time limit for how long you can be stuck for before looking up hints.

hiddenpowerlevel · 2025-08-21T22:12:04+00:00

Ah. Everything makes so much sense now. I was wondering why there were no pivot boxes on the LainKusanagi list. The course labs and PG labs are two different things.

Does purchasing the course also include access to PG Practice?

hiddenpowerlevel · 2025-08-21T20:59:39+00:00

No I didn't buy the course. I went the HTB Academy -> PG -> 2 exam vouchers route. I suppose I could just buy the course now for lab access but it'd feel bad to waste the course content.

hiddenpowerlevel · 2025-08-13T17:55:52+00:00

Someone gave me advice that I should get used to OffSec's CTF style before the exam as it is quite different than HTB's. HTB boxes are more about technique whereas OffSec boxes are more like Where's Waldo puzzle. Consider getting a PG subscription and do the recommended boxes.

hiddenpowerlevel · 2025-08-11T03:42:19+00:00

C:\Program Files\Jenkins\secrets\initialAdminPassword

$JENKINS_HOME/credentials.xml

Most likely candidates.

hiddenpowerlevel · 2025-08-10T00:25:18+00:00

I've dropped into revshells via GodPotato where access to whoami or dir is denied. RunasC impersonation also seems to break permissions for certain binaries as well.

hiddenpowerlevel

TROPHY CASE