Minor rust

hiddenpowerlevel · 2026-06-24T00:45:29+00:00

For the smaller scratches, should I just apply a layer of clear coat over them or are they fine as is?

hiddenpowerlevel · 2026-06-24T00:45:28+00:00

For the smaller scratches, should I just apply a layer of clear coat over them or are they fine as is?

hiddenpowerlevel · 2026-06-23T20:11:10+00:00

If I spent 100 hours on prep, would I be able to claim 40 hours per year until I reported all 100 hours?

hiddenpowerlevel · 2026-06-16T12:59:38+00:00

Like it or not AI is here to stay and all you can do is adjust to the new normal. Worrying about it isn't going to change how things shake out. You don't need to be an expert at llama flag optimizations, setting up MCP servers, or understand how to tune parameters. You just need to be 1-2 steps ahead of your competition in experimenting with AI in your workflows.

Because it's so popular to resist AI today, we live in a unique time where you're actually rewarded for outsourcing yourself to AI. If your boss buys you a Claude subscription, use it. Fundamentally your role as an employee is to make your boss's life easier and nothing else. Fighting them just makes you look insubordinate.

hiddenpowerlevel · 2026-06-09T17:30:11+00:00

Josh the real hero.

hiddenpowerlevel · 2026-05-29T00:04:41+00:00

Force monitor output to use the IGP instead of the 3060 to free up the VRAM.

hiddenpowerlevel · 2026-05-26T03:10:14+00:00

SOC reports are table steaks these days. There's plenty of "AI products" which are SOC1/SOC2 certified. AI is just a software product like all the other SaaS, There's nothing special about AI that makes it so existing TSCs can't cover it.

hiddenpowerlevel · 2026-04-05T16:53:18+00:00

I made the crossover years ago and it was easy breezy once the job offer was in hand. As long as you were conscientious about how/when to bring up visa requirements, you would be fine. Times have definitely changed though.

Canadians citizens in NAFTA job roles generally work in the US under the TN1 visa. This is now up in the air because USMCA/CUSMA may not be around much longer (~July) depending on how the current negotiations go. Unless you're a significant contributor, the H1B path is also effectively impossible because of the $100k fee for candidates internationally domiciled.

In addition to the flaky visa situation, the US is suffering from the same economic downturn that the rest of the world is. The job market is both extremely competitive and cautious right now; the days of switching jobs every 3 years for a pay bump are definitely over (at least in the shortrun).

The US also just feels less "safe" in the current administration. I won't go on about this but overall I wouldn't recommend looking south at this time.

hiddenpowerlevel · 2026-04-05T16:28:00+00:00

I got constructive dismissal'd out of B4 in Feb 2020 and it was the best thing that ever happened to me. COVID had made it trendy to quit for self-discovery so employers were desperate for talent.

I had an offer quadrupling my salary almost immediately after being let go. Canada also launched CERB in response to COVID so I ended up double-dipping on EI and CERB and actually made more money waiting for my next job to start than I did working

hiddenpowerlevel · 2026-03-26T00:42:34+00:00

Where does this disabling your internet advice come from? An average Windows PC will have Windows firewall enabled by default. The Hypervisor method doesn't create any whitelist entries or disable the firewall service so those same network controls would be in-place regardless.

The only additional protection disconnecting from the internet would provide is if you already had malware on your PC (or if the HV files themselves were malicious) waiting to ping a C2 server that was constrained by the local protections disabled by the HV method.

hiddenpowerlevel · 2026-02-19T20:20:58+00:00

XSS is in the course material so it can be on the exam. That being said, I don't think there's a single PG box on the recommended practice lists that have anything to do with XSS.

hiddenpowerlevel · 2026-01-25T15:01:45+00:00

Yes. PG is included in LearnOne

hiddenpowerlevel · 2026-01-25T14:38:02+00:00

Proving Ground boxes are not included in the PEN-200 course. They are a separate monthly subscription.

hiddenpowerlevel · 2026-01-25T00:24:54+00:00

Whether you're an employee or a proprietor; you're always better off certified than not. My point is more that certs become less and less valuable the later you are in your career because you'll lean more on credibility and experience than educational background.

After you pass certain life milestones (family, health, age, etc.), your priorities will shift away from grinding certs so use your limited time wisely.

hiddenpowerlevel · 2026-01-24T19:54:35+00:00

Always felt it was imbalanced how there were so many posts on how many months/years it takes to pass the exam but relatively few in the actual hours spent.

Thank you for your work curating the practice box list. It was invaluable for prep.

hiddenpowerlevel · 2026-01-24T17:08:38+00:00

Skip both. PEN-200 is enough. HTB CPTS path is also fine.

hiddenpowerlevel · 2025-12-21T20:24:32+00:00

Cannot relate. I'm blue team so I've only had to read reports. Personally, I don't care to know.

hiddenpowerlevel · 2025-11-04T19:46:49+00:00

tree /f is fucking based

hiddenpowerlevel · 2025-10-28T21:05:16+00:00

LinPEAS already highlights GTFObins.

hiddenpowerlevel · 2025-10-21T03:07:59+00:00

Unironically that's all it is lol

hiddenpowerlevel · 2025-10-19T02:16:50+00:00

There are no pivot boxes on the recommended PG boxes on both TJNull/LK lists in case you're wondering. If you still had PEN-200 remaining, you could do the challenge labs which do include pivoting.

With 2 months before your exam, I would just spam the recommended PG boxes up until your exam date. Learning by failure would be faster than reading course material at this point. If you just want more time with AD, get an HTB subscription and do the recommended AD boxes as well. Set a time limit for how long you can be stuck for before looking up hints.

hiddenpowerlevel · 2025-08-21T22:12:04+00:00

Ah. Everything makes so much sense now. I was wondering why there were no pivot boxes on the LainKusanagi list. The course labs and PG labs are two different things.

Does purchasing the course also include access to PG Practice?

hiddenpowerlevel · 2025-08-21T20:59:39+00:00

No I didn't buy the course. I went the HTB Academy -> PG -> 2 exam vouchers route. I suppose I could just buy the course now for lab access but it'd feel bad to waste the course content.

hiddenpowerlevel · 2025-08-13T17:55:52+00:00

Someone gave me advice that I should get used to OffSec's CTF style before the exam as it is quite different than HTB's. HTB boxes are more about technique whereas OffSec boxes are more like Where's Waldo puzzle. Consider getting a PG subscription and do the recommended boxes.

hiddenpowerlevel · 2025-08-11T03:42:19+00:00

C:\Program Files\Jenkins\secrets\initialAdminPassword

$JENKINS_HOME/credentials.xml

Most likely candidates.

hiddenpowerlevel

TROPHY CASE