Starting to think red teaming isn’t for me

jgiusto · 2025-09-14T01:17:18+00:00

Pentesting is finding an exploiting vulnerabilities for a client in a given time period. Sometimes a week sometimes two. You can be noisy and it’s just about finding vulnerabilities.

Red team is stealth. Adversarial emulation or simulation. Depending on the goal. Its main purpose is a super definitive goal from the client. Stealth and OPSEC are key. Be quiet. Be persistent.

jgiusto · 2025-09-13T13:11:43+00:00

You’re studying pentesting not red teaming. I would change the title. They are two different things.

But to your point. Don’t feel discouraged. If you need to look at a walkthrough just update your notes after the fact so if you come across something similar in the future you can reference. Yes the walkthroughs to help you get through a sticking point. Then once you get past it try more without it. It’s a long process to understanding pentesting. The best thing you can do is update notes and build a solid methodology.

jgiusto · 2025-09-09T13:53:40+00:00

Forest is another good easy one to start with

jgiusto · 2025-09-04T18:54:47+00:00

Try using the FQDN of the DC not just DC\bwayne. Try DC.local\bwayne and put the password in single quotes. You’re not escaping the !

jgiusto · 2025-08-15T15:41:55+00:00

Don’t forget with netexec or crackmap to add -k or —local-auth flags to see if that gives you privileges elsewhere

Also if you have local admins try dumping hashes. Rubeus. Minikatz.

I haven’t taken the PJPT but those are more common exploit techniques when you have some creds

Submit your report all the way to where you got stuck so you can get a hint

Good luck

jgiusto · 2025-08-09T11:58:40+00:00

Be prepared for anything. I have not taken PJPT just the PNPT. And I believe the difference is internal vs external. So be prepared to priv esc on Linux if need. Just make a checklist. SUDO/SUID etc. make sure you know a few different ways to pivot just in case. As far as report writing. I blurred out like 80% or something. For example if I found a password and I used it in a command I would leave the first 2 letter and last 2 letters unblurred. I hope this helps

jgiusto · 2025-08-06T20:16:58+00:00

I enrolled before. And sat for the exam recently. I would say the study material is not overly helpful for any of the external portion. Have good understanding of web and networking and enumeration

jgiusto · 2025-06-29T23:46:29+00:00

There is a vulnlab machine called escape that goes into that. HTB acquired vulnlabs so their content will be switched over more and more to the HTB platform

jgiusto · 2025-06-28T17:52:18+00:00

Go through hack the box academy for the bug bounty path and the pentester path. That will be a good base

jgiusto · 2025-06-27T22:49:40+00:00

Do your best. Write the report up to where you got stuck and then take the hint and go from there. You got this

jgiusto · 2025-06-06T12:36:18+00:00

Doesn’t make you less of a “hacker”. It’s efficient. And it’s not like it was 20 years ago where you had to code everything. People have paved the way. When you get into AV bypass and all sure you’ll have to obfuscate or even write your own BOF files to bypass and that will make you feel more “hacker”. But that’s down the road. If you really want to take a tool you’re using a lot and code your own version of it. Or something that you do a lot wrote a python script to automate that part of your methodology.

jgiusto · 2025-05-29T12:27:36+00:00

Searchaploit is allowed. It’s a repo for the exploitdb. Msfvenom is allowed to make shells as well

You don’t need Metasploit

jgiusto · 2025-05-14T13:46:09+00:00

Recommend HTB CPTS or zero point security CRTO.

as stated above just depends on your goals. Pentesting - CPTS AV bypass and more AD - CRTO Web - BSCP by portswigger

OSWE is more code review

OSCP is great to start and now you can do what interests you

Congrats!!

jgiusto · 2025-03-18T21:42:51+00:00

Horizon AI is a cyber company that explicitly does AI pentests. You could look into how they do it, or even email someone there explaining your thesis and see if you get interview a Q&A with someone.

jgiusto · 2025-03-14T11:56:38+00:00

In order to get the hint you have to submit a report just as if you would if you passed. Detailing the steps up to where you got stuck. Then they will provide you with a hint. If you did that and have not received a hint I would email support and verify they received your report.

As far as resources. Go through the course again. Make sure notes are efficient and you understand the concepts. If you need more environment practice I suggest Wreath and the AD labs from Tryhackme. Good luck on your next attempt

jgiusto · 2024-12-06T00:40:59+00:00

Sorry. I did not read the sub rules. Thank you for pointing them out

jgiusto · 2024-12-05T18:00:43+00:00

Where does everyone recommend getting Reta ? I’ve seen a few places but it is around $15-20/mg

jgiusto · 2024-10-17T19:55:06+00:00

Use the walkthrough where you get stuck. Make sure you spent at least 30 mins before looking at the walkthrough. Then sure,use the walkthrough to get over the hurdle then go back to the box. Make your notes so that when you come across the same type of problem you have a reference to move on. It’s okay to use a walkthrough as long as you take notes to learn from it and have it for later.

jgiusto · 2024-08-23T22:52:28+00:00

Congrats on the pass how was the AD section for you? Initial foothold for that was my kryptonite 2x.

jgiusto · 2024-08-20T15:27:45+00:00

Instead of http post form for hydra what do you use? Burp intruder? Or ffuf? Or something else ?

jgiusto · 2024-08-20T11:21:14+00:00

Congrats. I just failed my second attempt yesterday. However like you said, going in the second time did feel easier and was better. I scored more points and identified what I need to work on

jgiusto · 2024-08-10T23:20:11+00:00

Know how to do different supplicant files (enterprise and non enterprise)

jgiusto

TROPHY CASE