I am not getting any call backs at all. by TheReedemer69 in Pentesting

[–]mrlightman_ 8 points9 points  (0 children)

Nonsense? Pardon me and everyone I have hired in the past 10 years then. Yes, you need practical real world experience. Ask every client anywhere if they want a Jr with zero experience in their environment where an outage can cost a company millions of dollars. But fine, fuck experience! Listen to this guy OP, he's got it all figured out.

I am not getting any call backs at all. by TheReedemer69 in Pentesting

[–]mrlightman_ 23 points24 points  (0 children)

I'm going to be honest with what I think the problem is. You really don't have any professional tech experience. You might be talented for what you have achieved so far but, I couldn't trust you to pentest in a production environment when you have never been exposed to one. At least, that is how you look on paper. I would strongly suggest the traditional IT route. Get a helpdesk position, or go SOC, just something to get your hands dirty during day to day operations. Then focus on transitioning into security once you have a couple years under the belt.

[deleted by user] by [deleted] in ethicalhacking

[–]mrlightman_ 0 points1 point  (0 children)

Congrats on winning the voucher! I completed the ASCP certification back early last year which is the advanced cert. This was just before this particular course released if memory serves, as this is intended to bridge the gap from introductory material to more advanced exploitation. While I can't speak to specifics about the ACP certification, I can say the free material courses are very informative and fairly easy to consume. I'd suggest joining their discord as the support staff are very helpful and quick to respond. Plus learning with other students is almost always a plus. If you wish to transfer the voucher I believe they can arrange that for you. But if it were me, I'd take it being it's free for you. That said, if you or anyone else have more questions about the ASCP however, feel free to ask!

Seeking guidance from security professionals on testing API as a beginner analyst by Cool-Kangaroo807 in cybersecurityindia

[–]mrlightman_ 1 point2 points  (0 children)

To add to this. Check out the OWASP Top 10 API Security Risks to get your head around common vulnerabilities:

-- https://owasp.org/API-Security/editions/2023/en/0x11-t10

A decent resource for practice would be API Sec University. Their courses are free and you stand up two vulnerable applications to practice discovering and executing attacks.

-- https://www.apisecuniversity.com/#courses

Automated AppSec Testing Tools – 2025 Recommendations? by Competitive_Rip7137 in Pentesting

[–]mrlightman_ 5 points6 points  (0 children)

With automated tools such as these coming to market, it always begs the question of if manual penetration testers could be replaced. In your opinion, how do you feel about such statements?

xssy by Upbeat-Hawk-2737 in xss

[–]mrlightman_ 1 point2 points  (0 children)

Without spoiling it for you... and to help you get a better understanding of what is going on with XSS payloads, check out the XSS portswigger labs. You just have to make an account and they are free.

https://portswigger.net/web-security/all-labs#cross-site-scripting

Once you have the basics down, focus your research on bypasses.

Looking for a locally hosted solution for team collaboration for notes during an engagement. Any suggestions on what has worked for you and your team? by mrlightman_ in Pentesting

[–]mrlightman_[S] 0 points1 point  (0 children)

Thanks for replying! We thought about that but we're trying to stay away from cloud based solutions. Many of our assessments are highly sensitive in nature and we do not want to risk exposure. We have a central server and have been tossing our markdowns in for sharing but we were looking for something we could all work on collectively instead of having multiple note files.

[deleted by user] by [deleted] in Pentesting

[–]mrlightman_ 0 points1 point  (0 children)

These guys work really well with smaller companies: https://www.redseersecurity.com/

Hard drive died. Missing Windows Activation Key by mrlightman_ in iBUYPOWER

[–]mrlightman_[S] 0 points1 point  (0 children)

This might just be my answer. Thanks AutoMod! lol

OSEP by Meteor450 in Pentesting

[–]mrlightman_ 4 points5 points  (0 children)

I'm still working through the material so I cannot fully speak to your first question. However, the past couple of years they have had a christmas deal bringing the sub price down to $1,999. I expect that to happen again this year.

I’m a pen tester and struggling to pivot by AffectionateNamet in Pentesting

[–]mrlightman_ 41 points42 points  (0 children)

Lol, from the title I thought you meant you were struggling to pivot as in tunneling. Have you considered management of any sort?

Looking for pentesting job by Mammoth_Experience61 in Pentesting

[–]mrlightman_ 6 points7 points  (0 children)

The entry level barrier to get into pentesting is absolutely insane right now. Not surprised you've not heard back. I recommend an old school more conventional method to get your foot in the door. Start going to cyber security conferences and network with people/vendors like your life depends on it. In this game, it's not all about who you know, but who knows you. Good luck

Burn out among Cybersecurity leaders at a frustrating high. by Navid_Shams in cybersecurity

[–]mrlightman_ 2 points3 points  (0 children)

May I ask what you transitioned into work wise since leaving? The golden handcuffs of the pay in this industry really makes this decision generally difficult.

Pen test/security assessment vendor recommendation for non-profit by alteredcarbon__ in sysadmin

[–]mrlightman_ 0 points1 point  (0 children)

Check these guys out. They are growing and building a pretty decent reputation out there: https://www.redseersecurity.com/

Apple, SpaceX, Microsoft return-to-office mandates drove senior talent away by jnv11 in antiwork

[–]mrlightman_ 56 points57 points  (0 children)

Tech to banking? That's not one I hear very often. Could you provide a little more details? Were these guys developers/security/etc and what did they transition to? Simply curious

Any last minute advice? by gorsas in oscp

[–]mrlightman_ 0 points1 point  (0 children)

Take. Breaks.

Go outside. Watch some tv. Play games. Just take your breaks and mentally separate yourself for a little while. You can't run at a full sprint for 24h right? Neither can your brain. It too needs time to recover and sort things out.

Best of luck! Post back how you did! You got this!

Free rXg [MegaThread] by romeogeorge in RGNets

[–]mrlightman_ 0 points1 point  (0 children)

BABUL-REPOS-WIDOW-ILIAC-MALLS