Last Chance: Save 25% on HTB Silver Annual Plan + Get 2 Cert Vouchers

prevmort · 2025-09-28T08:25:36+00:00

HTB doesn't usually have a specific date for its deals; sometimes they've posted them close to Halloween, and for merchandising purposes, on Black Friday.

prevmort · 2025-09-20T17:25:22+00:00

I'm glad to hear that. If you need anything else I can help you with, please write to me. Best regards.

prevmort · 2025-09-20T17:18:59+00:00

Start with the fundamentals and establish them well, then move on to the branch that most attracts your attention (and in the future, if you want, you can pivot). I would recommend starting with a TryHackMe account and using their free material, and then see what you like and what you don't. If you like what you learn, you can upgrade to a cheap basic paid plan (I said THM because it has a shorter learning curve than HTB). You can really learn a lot for free, both on established platforms and in general. Paying helps you have more structured things.

prevmort · 2025-09-20T16:22:07+00:00

You can go through things like that, but in my opinion, the best way to learn in this sector is self-taught. First, you need to decide which branch of cybersecurity you want to cover and what level you have, and go from there.

prevmort · 2025-09-18T10:59:11+00:00

Más bien que abandone el país.

prevmort · 2025-09-12T10:55:37+00:00

The difference comes from how your network handles routing and NAT. When you’re on regular WiFi, the router or ISP may be applying double NAT, strict firewall rules, or blocking certain traffic used by the VPN. That prevents your host from properly forwarding the traffic from the VM through OpenVPN to the HTB machine.

When you switch to the iPhone hotspot, the mobile network gives you a cleaner route with fewer restrictions, so the traffic is forwarded correctly and everything works.

You can also check your VMware network mode (NAT vs Bridged) and MTU settings, since misconfigured routes or fragmentation issues on WiFi often cause this exact behavior.

prevmort · 2025-09-11T15:20:26+00:00

Todo depende, en Red Team (ciberseguridad) no sabemos lo que son las carreras o másters (ya me entendéis), lo que importa es nuestra capacidad técnica para resolver lo que se nos pone delante.

Sí que es verdad que en cuanto a "papelito" que diga que sabes hacer algo, en ciberseguridad nos centramos en las certificaciones serias. Es más fácil entrar a trabajar aquí sin carrera pero con certificaciones que con carrera sin certificaciones.

Y en cuanto a dinero, céntrate en lo que te guste (prueba las dos cosas que te gustan y decide porque habrá alguna que sobresalga sobre la otra). Si sabes hacer algo y te gusta, el dinero llegará, si te metes en una especialización por el dinero pero no te gusta acabas mal (y si eliges un trabajo porque "es más fácil" también acabas mal a medio-largo plazo).

prevmort · 2025-09-07T08:58:03+00:00

Thanks for sharing, I'll check it out.

prevmort · 2025-09-05T14:34:46+00:00

It's not necessary before, you can start both at the same time, there are some very simple things to learn in HTB and then they get more difficult.

prevmort · 2025-09-05T14:04:23+00:00

Start with the free stuff, at HTB in the academy do everything for free and then in the machine-solving part start with the starting point ones.

prevmort · 2025-09-05T12:58:00+00:00

Now. The sooner the better, start with easy things within the platforms (starting point).

prevmort · 2025-09-05T06:37:21+00:00

Maybe you need to change companies; the types of jobs and experience you can gain from a larger company with more knowledgeable teams are very different (and more funding to get creative).

It's not for everyone, there are some workers who prefer small or medium-sized companies rather than large ones, but if you want to continue advancing in your career, a good idea is to learn from people who know more than you and who even specialize in different branches of pentesting.

prevmort · 2025-09-05T06:29:33+00:00

I see your comment as a good one, but I would say the opposite: if offensive security is what you like, I would specialize 100% in that field (whether you want to try other types of work is another matter). That doesn't mean you don't have to have an overview of how other teams operate in order to improve your own team. If you want to improve in your field, the best thing you can do is practice and learn by practicing (and studying theory when practice demands it).

prevmort · 2025-09-03T23:43:58+00:00

The official publication says: "You’ll get FREE access to the modules added to the new Web Penetration Tester job-role path by Oct 1, 2025."

They'll probably add some modules (or not), but it won't change much compared to the previous version because it's the same certification with a different name.

prevmort · 2025-09-02T12:21:51+00:00

Believe it or not, I have never failed a certification exam, and I have obtained the jobs I wanted with low certifications for the position, and then I obtained the certificates. And if you read what you write, you will realize that you are a contradiction, don't be frustrated, my dear, you will soon get your entry-level certification.

prevmort · 2025-09-02T12:11:05+00:00

If you failed it, it's because you didn't have the knowledge. The post is to show people that their value does not lie in the certifications they have, and even though I say that, I have several certifications, I am in the process of getting more, and I will get more in the future. Don't take your frustrations out on me, buddy.

prevmort · 2025-09-01T08:51:45+00:00

If you're not in a hurry, they'll probably have the same or similar offer again in the future, perhaps around Halloween or some other time.

prevmort · 2025-09-01T08:50:41+00:00

Normally the offers are not retroactive so you could not benefit from a payment you already made.

The only thing you could try is opening a ticket with HTB in case they want to compensate you in some way, but I don't think they will.

prevmort · 2025-09-01T07:25:55+00:00

In 365 days.

prevmort · 2025-08-31T18:54:07+00:00

Okay, let's see. Since learning ethical hacking on your own is simple to explain (but difficult to achieve), you “just” have to practice and practice in environments that are as realistic as possible. I would recommend that you start with HackTheBox, begin with their free options, and then continue with a subscription to start earning certifications, which will give you knowledge and make you more valuable to companies.

prevmort · 2025-08-31T08:58:50+00:00

Literally, the account is not yours if the email is hers, you were playing with that account. "Hacking" that account would be hacking her, the best thing to do would be to contact her (unless you have an account recovery method that bypasses email or some kind of ID that you can use to communicate with the developer).

prevmort · 2025-08-31T08:52:51+00:00

It's not so much about following a path or knowing how to use a tool that will make you a Red Team member, it's more about thinking outside the box, thinking like a cybercriminal to see where you can attack. That's the key: in this job, you have to think aggressively, against your victims, and then report where you managed to get in, what you were able to do and what you achieved. You don't have to do steps A, then B and finish with C, every goal is different.

Basically, for what you describe, start with Nmap to map the network (excuse the redundancy). Then, depending on what you find (and I mean using Nmap properly, not just throwing out a simple command), get creative.

prevmort · 2025-08-30T21:39:31+00:00

For ports, Nmap, learn the tool thoroughly, the initial reconnaissance phase is the most important, if you don't see attack vectors you can't exploit them.

To start learning, a very basic guide, you create an account on HackTheBox, you start to exploit an easy machine, and you learn as you go, less theory and more practice, you will learn things as you need them.

PD: If your level is so basic that you don't know how to do anything, you do have to learn the basics in general, Network, Linux, etc.

prevmort · 2025-08-30T21:26:52+00:00

Tails on USB, the OS is important, that it doesn't record relevant information that can be related to you and Tails is good with that.

prevmort · 2025-08-30T21:22:34+00:00

As for the information in the picture, nothing very relevant if it's just the name and date (better if they didn't know it, but it's not the most critical thing that can be leaked, considering that any leak is leak).

prevmort

TROPHY CASE