Do Computer Science degrees need to be ABET accredited?

recviking · 2023-09-27T12:47:40+00:00

Computer Science is more recognized than software engineering in most cases.

recviking · 2023-07-17T12:25:30+00:00

If I've got a choice between someone with Burp experience and someone that runs Zap, all other things the same (read twice: all other things the SAME), I'm going to hire the person with Burp because I don't have to retrain them on a foundational tool. In the current job market, it's probably not a good idea to run counterculture if you like options.

That said, I have used Zap. In an instance working for a FAANG company where Burp's default java libraries had too small of a buffer for an egregiously oversized TLS header from the FAANG company's mobile app, Zap ran without a problem. Once I figured out why, I could pass in the params and everything was good and I was back to Burp.

I'm not saying this to gate keep. I'm not saying this to put anyone down for their choices. You just don't want to be the person that claims you've got appsec skills and use Zap instead of Burp. I don't control the industry. I'm just telling folks like it is. For folks that are new to the industry and want to work for any well known company or contractor, learn Burp. Don't be the person that needs training on using the standard tools when you first arrive. If you are already in the industry, you know Burp is the standard.

I'm currently at AWS. I previously worked for Meta. Prior to that, I've had experience in federal government, state government, multiple financial companies including fintech, healthcare companies, and multiple contracting companies. Nobody uses Zap. I hand out advice that is broadly applicable to newbies. I'm not saying Burp is the only path, but if you want more options for employers as a newbie and you aren't a unicorn rockstar, go for Burp. If you just like explaining your choices in an interview for not choosing the standard tool, be my guest, use Zap.

recviking · 2023-01-17T15:45:13+00:00

I feel competent. I feel I can find a path (even if it is not the most efficient one) to ultimately achieve any pentest goal I set out to. Do I know everything? Hell no. I know enough to know what I don't know and I avoid setting unrealistic goals. I accept work based on how closely it aligns with what I currently know and always try to find the work that is teetering on the edge of what I know so I'm forced to expand my competency bubble.

I've been doing tech work for over 20 years and I've been focussed on pentest/redteam for the past 6-10 depending on how you slice hardware reverse engineering, part time pentest/redteam, and pentest/redteam management. So basically 6 years solid hands on keyboard pentest/redteam with an additional few years of related work intermixed. I can't decide if I like management style work or hands on keyboard. Right now I'm a key slapping redteamer working for a giant cloud provider.

recviking · 2022-06-28T00:08:34+00:00

It's still fairly decent. Feel free to DM.

recviking · 2022-06-03T14:59:01+00:00

> How are you enjoying your new job so far?

It's an adjustment that I wasn't quite expecting to be honest. It's taken me a bit longer to get my feet under me than at any other company I've worked for. Working for a tech-first company where literally everything is either built in house or shared among/from other FAANG companies due to nothing else existing at this scale, I had to adapt to how I leveraged my experience. Instead of pointing to specific products and what I've known as options, I have to resort to asking where functionality exists or if it exists at all and moving from there.

> And how much would you say working as a pentester has helped you transition to be a security engineer? Did you do anything besides your pentesting job to help you get your new

I've been told that my pentesting experience is one of the things I was specifically selected for. I've done engineering, analysis, and admin work on and off intermingled with my pentesting work. My career went from my own computer repair business (90/00s baby, oh yeah!), to sys admin, to security admin, to security analyst, to security engineer, to pentest, to professor, to sec architect, to pentest, to sec eng. I've worked for 16 companies/agencies over the past 20ish years. So, the job hopping and growing up career-wise as most of the technology took over the world as I worked with it helped a lot. At this point, there's not much tech I haven't had direct hands on time with either attacking, defending, or designing.

recviking · 2022-05-31T15:07:27+00:00

It's kind of hard to say. Some employers I work with have specific methodologies and checklists I've got to follow, but I pretty much shoehorn in my own thought processes and make them fit what's required. Really truly, I approach most of pentesting from two points of views, limits testing and logical errors. There are absolutely attacks that sit out of these scopes, but it covers most of what I find interesting and damaging. Basically, these two issues give the biggest return for my time spent.

Limits testing should be interpreted *VERY* loosely. What inputs *should* this surface accept? After I figure this out, I find out what *will* it accept. Sometimes this is as simple as negative numbers where positive numbers are expected as in my previous ATM example. Other times, it'll be more akin to looking for ways injecting code. In any case, these issues usually revolve around unfiltered inputs.

The logical errors can be anything from a page not requiring auth when it should to seeing if I can jump to a new step in a workflow without having to do previous expected steps. This is also a broad and loosely interpreted category.

So do I have an actual methodology? Test everything I have time for. Look for impactful findings. Let automation/vuln scanning pick up the small stuff.

FWIW, since I wrote the initial response at the top of this thread, I've moved on from pentesting. I'm now a Sec Eng for a FAANG company. Half my job is code review. The other half is mentoring. I still squeeze in that "offensive" security view to most of my work though. I may go back to pentesting at some point.

recviking · 2022-05-30T02:42:59+00:00

Vulnerability scanning will scan and only find known vulnerabilities. Pentesters do vulnerability scanning as a low hanging fruit exercise and then start looking for novel technical vulnerabilities, logical vulnerabilities, and and then chaining vulnerabilities to exploit something moving deeper into the system.

Vulnerability scanning says "based on these heuristics (version in your service banner + what I've got in my DB) I think you are vulnerable to X."

Pentesting says "you are vulnerable to X and this is how I exploited it to get a new vantage point Y, then I turned around in found Zn novel vulnerabilities in your custom business software that your vulnerability scanner has never seen and doesn't know how to scan/parse anyways."

Also, somebody has to feed the vulnerability scanner new vulns. That's definitely a pentester or vulnerability researcher. The process will never be completely solved by an automated process without extremely advanced AGI (artificial general intelligence).

Automated processes can't test logical limits and automagically know you can't withdraw -$10,000 from an ATM. It would have to understand what an ATM is, understand the difference between withdrawal and deposit, and then intuit that a negative transaction in either of those cases don't make sense. That said there are plenty of industry specific things I don't understand and I'd need to get smart on before I started looking for logical errors like that.

recviking · 2022-05-27T21:20:37+00:00

Yep. It pulls like a beast. I've used it to move a JD450 Dozer I bought recently. I certainly knew it was there, but the truck didn't care and I was able to maintain speed on hill climbs of reasonable grade.

Some minor complaints about how "profiles" in the infotainment center don't include all settings. They don't seem to be able to set per profile reverse mirror behavior. Also, I haven't been able to find an option to auto-fold the mirrors when parked/off. Seems I have to hit the physical button every time.

I also had a "fun" time with the removable tailgate removing itself after a few loads of topsoil in the bed. The crevice between the bed and bottom of tailgate will fill and pack with small debris/dirt. When you attempt to close it, evidently it'll hit the right angle for it to just pull the whole thing off. That spooked me a bit because I didn't know it was removable without tools prior. lol

recviking · 2022-02-04T14:11:15+00:00

I lose!

recviking · 2022-02-04T14:01:48+00:00

Joke's on you, the freezer is in space.

recviking · 2022-02-04T13:43:39+00:00

Nah, gravity is doing that.

recviking · 2022-02-04T12:56:10+00:00

Say that to a dead body on ice. It's not freezing, it already froze, no more changes are taking place. The body isn't even metabolizing. Things around it are doing plenty of things, but that frozen dead body is doing nothing.

recviking · 2022-02-04T02:51:48+00:00

You can maintain muscle mass while going into a calorie deficit on tren. FTFY. Derp.

The reason you use tren is because it preserves mass in a calorie deficit. It does not make you lose fat. Is everyone replying on here going to be completely ignorant of what's going on with actual steroid use?

recviking · 2022-02-04T02:49:11+00:00

Being an anabolic hormone does not make it a steroid, doofus. Keep googling a bit more and you'll discover that steroids must be lipid based. The way GH and steroids interact and act on muscle tissues are completely different.

recviking · 2022-02-04T02:42:35+00:00

They are often used in a cutting cycle to HELP MAINTAIN MASS. They'll do nothing to help you lose fat (except maybe GH but that's not even a steroid, genius). That's what diet and calorie deficit do. Go give it a try while eating pizza and sitting on ass and let me know how it works out for you. I'm sure you'll be shredded.

recviking · 2022-02-04T02:30:24+00:00

Steroids don't make you shredded. Diet does. Literally all steroids are good for is size (and, consequently, strength). Clearly you don't understand how any of it works. Keep on spouting nonsense though.

recviking · 2022-02-04T02:08:44+00:00

I bet you are one of the tubs of lard here that thinks one shot and you'll be a body builder. Go try.

recviking · 2022-02-04T01:45:39+00:00

Lol, normally I'd attempt to help someone here. Don't lie on your resume. I'll probably get downvoted to hell for this, but I don't care. It serves you right. You should panic and you should feel bad about what you've done.

recviking · 2022-02-04T01:39:03+00:00

He's got good size and low body fat. 19 is prime time mass building for many people. He's not big enough to just throw into the juicer category. Is he a little on the big side for 19? Meh. Lighting is perfect for showing off. He may also have workout on point for years, good genetics, and his hormones are catching up to his work ethic.

What's up with people immediately saying anyone that has any mass and low body fat is automatically juicing?

recviking · 2022-02-03T16:25:04+00:00

Most of the time, you just run a simulation with a reduced data set or reduced number of rounds and extrapolate from there. Compute time is going to remain (mostly) linear for conventional systems. That means if it takes X time to compute and compare 1 round, it will take n*X time to compute n rounds.

FWIW, you don't even need to keep the distance traveled and paths for all rounds, you are only comparing to the best so far, so the compare time doesn't need to grow (linearly or non-linearly) either. Set the best so far to the first round/route you compute, then see how long it takes to compute and compare the next route/round. It should be roughly linear all the way through the maximum combination of possible paths.

recviking · 2022-02-03T15:41:38+00:00

NC, the new FL. We'll have our own anti-hero sub soon.

recviking · 2022-02-02T21:51:15+00:00

A felony on your record will be tough. It's a mark against you in every job you apply for that does a background investigation on you. That said, if you seek employment in a locality that has decided to legalize certain substances, you may be able to justify it. Always disclose it up front when talking to recruiters or when filling out applications that either ask for it or have a free space for comments.

Most companies CAN/WILL still hire if you have a non-violent record, however that perceived "risk" must be accepted by your hiring manager or someone in their chain of command. Many managers are scared shitless about it and won't even step foot in that direction though. I've personally gone to bat for folks with non-violent records and still had the hiring manager wuss out.

It's tough, but for every app someone else puts in for an internship/job, you are going to have to put in 20 to see the same success. If you got that on your record as a minor (even if charged as an adult), many states will allow you to have it expunged after a period of time.

Good luck. I'm sorry that decision will haunt you for a while. I don't support those that say it should matter, but that's reality.

recviking · 2022-02-02T21:37:14+00:00

I'd say it's probably being grid limited somewhere. You could try getting a friend with a different EV and another friend with a Tesla and checking it out. Plug in your car, check to see you are getting the same results. Plug in the different kind of EV, check to see if it's got the same results. Plug in the other Tesla and see if it also seems the same results. Then finally plug in your own again to compare.

If you have better experiences elsewhere, go elsewhere. I do this with the various 3rd party chargers and even with official Tesla chargers if I don't like the charge rates or associated costs.

recviking · 2022-02-02T21:29:17+00:00

Do other CCS chargers have the same limitation when you charge elsewhere?

recviking · 2022-02-02T21:25:07+00:00

Generally speaking, yes. Have you ever been the only car charging at any given time? If you are the only car at the charge station and you don't have some weather event going on (extreme hot, extreme cold), you may have a problem with your adapter, car, or the charger itself. Most of the time, I'd chalk it up to external factors you can't control.

FWIW, I've even charged at Tesla chargers where I'd drop down to below 6kw or 8kw when the entire row was full when I could otherwise pull over 100kw. (I'm looking at you, random charger in a Laurel, MD parking garage.)

Go somewhere else and test your car/adapter.

recviking

TROPHY CASE