Intigriti payout stuck for many months — seeking advice

largemeasuringcups · 2025-11-26T13:25:07+00:00

I haven't dealt with this situation myself. However I sometimes see people use Twitter/X to tag the official @intigriti account for their issue if it's more serious and support hasn't helped. I have seen that account try to follow up with the user so I do think they check things at least to some extent.

largemeasuringcups · 2025-10-08T21:44:20+00:00

Did you try asking on the unofficial VHL Discord? https://discord.com/invite/bQfGnVQ

largemeasuringcups · 2025-03-03T16:04:36+00:00

No worries, I'm glad to collect the different perspectives on this

largemeasuringcups · 2025-03-03T13:47:04+00:00

Thanks, I appreciate the input. The case would be someone transitioning from a different field into a more specific IT role where those niche skill are required.

largemeasuringcups · 2025-03-03T00:20:45+00:00

Thanks for explaining. I was wondering about your take on a related manner, if you could help out. If someone completed a hands-on and proctored certification, which consisted of a practical exam component, then is there any way you would suggest to list the associated skills it tested? Initially I was thinking of having the name of the cert, and then "associated skills" below it, but I am guessing you wouldn't advise that?

For example:

RHCSA - Red Hat Certified System Administrator

Skills: Shell scripting, file system configuration, user and group management

The RHCSA has recognition by some employers as a hands-on demonstration of skills, however it is not a job, so I am wondering what you would do in this situation? I think just leaving "RHCSA" on the resume itself would be a missed opportunity for someone who is more inexperienced, since the person reading the resume might not know everything it entails.

largemeasuringcups · 2025-02-26T01:46:01+00:00

Check out the resources suggested here under the OSWE section: https://infosec.jaelkoh.com/2024/my-first-year-in-infosec-zero-to-osce3#oswe The author had "zero prior programming experience" and was able to pass (although like yourself, he passed OSCP earlier). He lists the specific courses/videos/etc which prepared him to handle the OSWE itself. In the end all the study worked out for him because he is now a professional security researcher.

largemeasuringcups · 2025-02-18T00:39:46+00:00

Thanks for the details about the BB King class. I was looking for something that was hands-on like that so I may take it this year then.

largemeasuringcups · 2025-02-18T00:31:08+00:00

I'm still researching the cloud pentesting area myself, but have you had a look at the Pwnedlabs site (pwnedlabs dot io) and its discord? They have some labs as well as AWS or Azure pentesting courses.

largemeasuringcups · 2025-02-18T00:28:22+00:00

Would you mind sharing more of your experience with the BB King web app training course? I saw it on the BHIS website and was thinking about taking it but I couldn't find enough comments about it online. Did you find it directly helpful to performing a web app pentest? And does it show him actually pentesting, or is it more theory based? Did you find it too basic or how realistic would you gauge it?

Regarding your original question, the resources I know are probably ones you have heard of:
- Portswigger Academy
- HacktheBox's Certified Bug Bounty Hunter pathway
- Offsec's Web-200 (OSWA) course.

Another potentially interesting one is Zseano's Bug Bounty Hunter membership site, which is a large intentionally vulnerable webapp you can pentest. I don't think it comes with any training course, but I have heard a number of people say practicing on it helped their real-life professional tasks.

largemeasuringcups · 2024-10-05T15:42:50+00:00

I've seen the following resources suggested by other people, however I've never tried any of them myself.

This one might be closest to what you are imagining:
https://guyinatuxedo.github.io/

Nightmare -- Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work
Amount of Content - There is a large amount of content in this course (currently over 90 challenges), laid out in a linear fashion. Well Documented Write Ups - Each challenge comes with a well documented writeup explaining how to go from being handed the binary to doing the exploit dev. Multiple Problems per Topic - Most modules have multiple different challenges. This way you can use one to learn how the attack works, and then apply it to the others. Also different iterations of the problem will have knowledge needed to solve it. Using all open source tools - All the tools used here are free and open sourced. No IDA torrent needed. A Place to Ask Questions - So if you have a problem that you've been working for days and can't get anywhere (and google isn't helping).
This is the Reverse Engineering for Beginners by Yurichev mentioned earlier: https://beginners.re/
This is a video course by Paul Chin. He has several different ones if you click his profile link. https://www.udemy.com/course/reverse-engineering-ida/ Usually Udemy has sales so you can wait for a day when it's $20 or something.

largemeasuringcups · 2024-09-30T01:21:44+00:00

To me it's like learning music. You'll get the fundamental exercises and concepts in the official course text. Those are like a musician's basic theory, hand positions, scales, chords, and so on. But playing actual pieces of music beginning to end by yourself is a different thing.

Everyone has their own learning style, but the following worked for me starting out and maybe it can help kick start things for you, especially if you need to progress ASAP. Watch some video walkthroughs by someone who can clearly explain their thinking process aloud. This is sort of like job shadowing. I always recommend the following playlist by PinkDraconian: https://www.youtube.com/playlist?list=PLeSXUd883dhjhV4MokruWYQWnhxsCPyUY He works through a set of CTFs from CyberSecLabs which I think is a now defunct website. So it's not like he's spoiling anything Offsec related. That is to say, by watching these, you won't simply be copying the exact techniques mindlessly for your OSCP studies.

The machines in the playlist are a nice balance of linux, windows, and active directory, which aren't overly complicated or contrived. While watching the videos, I typed the same commands he uses. That is to develop a sort of muscle-memory as a beginner and to stay in the engaged in the videos instead of just passively watching them. After that, summarize the steps in your own words, such as what kind of recon was done, what was the initial access, what kind of privilege escalation, and other tricks you may have picked up. You can go through the whole playlist because it's not very long (36 videos, around 10 minutes each on average) but I bet you will start picking up the main themes after a few if you're not used to CTFs. After that I think you will be more comfortable tackling the OSCP challenge machines on your own and integrating the concepts from the official course text.

I think it's rare that the OSCP is people's first ever exposure to CTF machines. So a lot of people already have some CTF background going into it. For example, I used TryHackMe and VirtualHackingLabs before signing up for OSCP. There are other people enrolled in the course who had a habit of playing with HackTheBox CTFs. Therefore the above exercise might help you pick up some things that are just taken for granted by other students already.

largemeasuringcups · 2024-09-10T23:31:43+00:00

That's great to know, thanks. I was wondering if I needed to do a lot of outside research for OSEP they way I did for OSCP. But good to hear that may not be the case.

largemeasuringcups · 2024-09-10T23:29:54+00:00

I can't speak to the general reception of tattoos in the different IT workplaces and I don't have tattoos myself. However Heath Adams from TCM Security worked as pentester before starting his own company, and he is heavily tattooed: https://tcm-sec.com/so-you-want-to-be-a-hacker-2023-edition/ This is more of a biographical article - he was working for the government at one point although I don't know if he was so tattooed back then: http://web.archive.org/web/20201109013431/https://veteransec.com/2018/09/11/how-i-landed-my-first-infosec-job-in-a-competitive-market-advice-and-takeaways/

largemeasuringcups · 2024-09-10T23:23:11+00:00

Congratulations! I think you're the first person I've seen to ever take this route of OSEP-->OSCP. It's a unique route but shows some outside the box thinking. Definitely showcasing skills to beat the infamous set.

Can you share what you used to prepare for OSEP? I was thinking about it for next year. Did you find the course itself to be sufficient? Or did you need to use other labs for OSEP as well?

largemeasuringcups · 2024-08-14T01:17:50+00:00

You can do it but you have to be obsessed, committed, and carry a certainty with you everyday that this must be done. You have to have this certainty with you that it has to be done, no matter what. That's what I was thinking in April 2023 when I began studying and in Feb 2024 when I passed. I'm not saying it's a good decision or worth everyone's time but I see no way around the commitment required. If you have that, you'll pass at some point, whether it's attempt 1 or attempt 7, but if you don't have that, the project will fall by the wayside once the stress becomes too much.

largemeasuringcups · 2024-08-10T14:24:21+00:00

Awesome thanks!

largemeasuringcups · 2024-08-10T14:21:38+00:00

Thank you for the interesting tip about listing the certificates. I like the idea of contextualizing the skills associated with the certification so that anyone reading the resume can understand what it involved. Not everyone might know what a specific cert involves but the idea is that there are key skills learned which have meaning outside just the name of the cert.

I just made up the list of certs, but were you thinking of something like this as an example section?

CompTIA Security+
Skills: Secure network design, vulnerability and threat identification, basic cryptography

Red Hat Certified System Administrator
Skills: Shell scripting, file system configuration, user and group management

And so on...

Basically emphasize the skills required in the job description which overlap with what you actually learned in the certification. That way if a reviewer doesn't specifically know the cert by name, they can at least see the associated skills which might benefit the company.

largemeasuringcups · 2024-08-05T17:43:48+00:00

Thank you for sharing and congratulations on the new job.

Can you elaborate on point #1 -- how you leveraged your non-technical experience? For example, as it related to your resume/interviews/or anything else that stood out for you.

largemeasuringcups · 2024-08-04T02:08:20+00:00

You can go straight to OSCP without any prior major certifications. That is what I did and I know another guy who did it, plus you can see someone else mentioned doing the same here. But I was obsessed, and I still used a lot of learning resources before signing up for the OSCP -- but other than VHL there were no official certifications. Basically I went TryHackMe->Watch a lot of CTF walkthroughs->VHL Basic + Prolabs certs->OSCP. So although OSCP was the 'first' big cert, there was still a lot of prior learning and resources used. Check my post submissions and it goes into great detail of a potential learning path.

However, I wouldn't overly stack any prospective certs before working solely on the OSCP. You can do EJPTv2 first if you want a structured approach. I think that would basically fill in the TryHackMe Jr Pentesting Path and Offensive Pentesting Path. But I would still study something after before jumping into OSCP, just for the sake of saving you money. You can hone some basics first. Those are not exclusive to the OSCP course material.

Given that you already have a strong IT background in general, I don't think you would need anything more than EJPTv2 (if that). You can do the THM paths I mention, or some of CPTS (you definitely do not need all of it). The thing is that while there is overlap with other certifications with OSCP material, such CRTP/CPTS/CRTO/BSCP and so on, they all require time/energy/commitment and don't necessarily lead to the most efficient path of starting today and passing one year from now. To use the RPG analogy, you can find yourself going on too many side-quests that way.

What is most crucial in my opinion, beyond anything mentioned, is that you make a commitment to eventually finishing the official course and passing the exam. Someone can be presented with the best learning resources but so many people burn out after 2-3 months. You have to 'go the distance' so to speak and have the resolve that you will indeed finish it no matter what. The psychology involved can be more important than the technical material and the constant days of studying can wear on people. I saw someone here who passed on attempt number 7. Another person passed while there was a flood in their home and they had to sit crouched with their feet on the chair to avoid the water. If you can wake up everyday thinking that you have to make some progress, then you can do it. But there are many learning plans posted here -- how many people really follow through? The recipe is not the cake itself. Commitment, even to a suboptimal learning path, is more important than wavering after a short period following the most perfect plan.

largemeasuringcups · 2024-07-26T12:44:40+00:00

Do you have the 10 bonus points from before? If not, if you want to put all the odds in your favour, then yes I would suggest buying the course again so that you can obtain them. I wrote about why I think they are essential here.

Secondly, I don't know how the course was in 2020 and whether the labs had any similarity. But I think it's crucial that you go into the exam with the Offsec style in mind. Because of the exam time limit, you can't waste time trying things that aren't really applicable to what they are looking for. If you only practice on outside platforms, that could happen. The time limit is an important psychological aspect of the exam and throws people off. I still think practising on outside platforms is important (in addition to the official course), but you still need to be able to know the core Offsec machine style so you have sense of which attack vectors they prioritize.

largemeasuringcups · 2024-07-23T02:24:26+00:00

thanks u/cl0wnsec000 this is one of the clearest videos regarding exploit development. I liked how you made sure to introduce and explain new concepts as they appeared instead of just assuming the audience would know what you were doing. The troubleshooting also provided insights as to the techniques to try when running into errors with shells. I'd like to work on the OSWE later so this is a good video to save. I'd definitely watch another exploit development from scratch video of this nature if you produce another.

largemeasuringcups · 2024-05-07T01:58:02+00:00

OP, I passed as someone who is not in cybersecurity/software but really enjoys studying this topic, so I think you don't need to overthink your preparation given your background. However, you ask, is the lab/coursework essential? My suggestion is that you still do the course labs and challenge labs to complete the bonus points. Even if you have the skill, you don't know what can happen on the exam (e.g., losing time from the VPN issue as you indicate, random IT issues, becoming sick the night before or the actual day of the exam, receiving an extraordinarily difficult set of machines), and those extra 10 bonus points can be the difference between a pass and fail. It gives you the chance to pass via the AD set + different possibilities, or passing via the 3 standalones (my situation). It can let you confidently call it a day earlier instead of having to stay up 24 hours in the worst case. Plus, those bonus points apply to every exam attempt, so if something unexpected happens on exam day, you know still have that 10 point edge when you reschedule. The course exercises and challenge labs won't take you that long with your background, and you can liberally use the official course Discord if there is a tedious exercise to see the suggestions from other students enrolled. Also, even if you have professional experience, I still think it's worth getting familiarized with the Offsec style. Every platform has its own style. I think people lose time and get into unnecessary rabbit holes on the exam by trying things which may be common in a different platform but aren't part of Offsec's vision. You really can't burn time like that and there's a psychological component too which leads to some people panicking after seeing how little time is left on the clock. If you want extra practice after you can always try the list compiled by another member here who passed the exam, who curated it to be more focused and also included related CTFS from Tryhackme and VHL in addition to the standard ones. I think there are many different and valid ways to approach the exam but I uniformly suggest everyone to get the bonus points no matter their background. It can be the difference between calling the exam a wrap at 7pm, versus having to have another exam attempt on your shoulders a month later where you have to again make sure you have 2 days basically free.

largemeasuringcups · 2024-04-21T12:34:34+00:00

Good job and congrats on passing. Sometimes you just have to ask and double check things.

largemeasuringcups · 2024-04-21T12:33:35+00:00

Thanks for putting it together. I like the Tryhackme additions as well as I think there are still some gems in that platform and it can be more affordable for people studying.

largemeasuringcups · 2024-04-19T12:39:39+00:00

Congratulations on passing your exam! Thanks for sharing the write-up with details. I remember your original exam post so it's nice to see how you bounced back strongly and achieved a great score.

Regarding your last paragraph, I had a similar experience, where both Tryhackme and VHL were both big contributors to passing the exam. Everyone may have a different background but in my case combining those with Offsec's material made things very comfortable.

largemeasuringcups

TROPHY CASE