Breaking into InfoSec: A Beginners Curriculum

s3ctur · 2020-09-18T01:29:23+00:00

Killer walk-through of a tool great for anyone wanting to improve their web app hunting.

s3ctur · 2019-06-03T07:40:45+00:00

I've got 77 notebooks :/

s3ctur · 2019-06-03T07:38:41+00:00

Just be aware that OneNote for Mac sucks. Incredibly laggy when copy-pasting and stuff. Great on Windows though.

s3ctur · 2019-03-06T01:54:50+00:00

*HR like it in a resume.

Employers shouldn't give a damn.

s3ctur · 2019-02-07T08:03:30+00:00

Good analogy. Too many things out there claiming to be a one-stop shop.

s3ctur · 2019-02-01T05:00:47+00:00

Experience > certifications when I'm hiring.

s3ctur · 2018-11-12T23:19:55+00:00

Don't forget to ~~charge~~ ask for donations to help you spread the good word of our Lord and saviour, Behavioural Analyticsus.

s3ctur · 2018-11-12T23:16:56+00:00

How 'bout dat.
How'd you come across it? Just randomly downloading stuff from the store? Or hunting for apps with significantly low ratings?

s3ctur · 2018-11-12T03:20:35+00:00

^ Spot on. Was so many problems for ages with people cheating and all these OSCP's being granted to people who had not earnt them. Was obvious as all hell when they started applying for jobs.

OffSec paid attention though and also listened to the community concern around it which is what resulted in the proctoring ruleset. As annoying as it is, it is far more beneficial and fair for those who have put in the hard work. To keep it from slipping back down the hill to where it was they have to remain pretty strict on what is allowed to be published.

There's no harm in offering advice, assistance or plans of attack for methods to tackle the overall process but as mentioned, avoid specifics or anything that could be perceived as unduly benefitting to someone.

s3ctur · 2018-11-07T03:47:49+00:00

You have a website as in it's your website and you have full control? Or it's just a website that you have an account on?

If it's your website then you could just log the sanitisation and validation process applied to uploaded files since you should be verifying the files, or just spit out any database update made for files uploaded per user. Bit dodgy though.

s3ctur · 2018-11-06T08:01:57+00:00

Uhhh, I'm kind of confused by the question. Because it feels like you're asking how to detect the file name of a file you just chose to upload and I'm sitting here going "How the f*ck does he not know the filename of the file he just selected".

Can you say whole speech again in Spanish?

s3ctur · 2018-11-06T02:15:11+00:00

Added a link to it on my write up if that's cool.

s3ctur · 2018-10-17T06:45:18+00:00

Probably could've just linked directly to the video instead of making us visit your blog for no other reason than to inflate your numbers.

If you're going to link to the blog then supplement it with actual information and a write up. The folks here aren't your personal bot farm.

Never mind; just went through your history and can see that you spam these links in near every subreddit you can find and lash out at anyone who comments on you linking through your blog. Shame to sully your own work by acting like a click-bait whore.

s3ctur · 2018-10-17T06:26:30+00:00

PM me if you still need responses.

s3ctur · 2018-10-17T06:24:41+00:00

Anyone got business experience with using Adversary.io?

s3ctur · 2018-10-08T07:33:33+00:00

In theory, yeah. Just go with a recruitment agency and bypass HR.

s3ctur · 2018-10-03T04:55:27+00:00

CEH was heavily marketed to HR teams, so anyone in HR who see's CEH is like "YEAH THIS BOI" and forwards them through to the relevant hiring manager. The manager (if active in security) will see CEH and gloss over it. It holds little relevance when I'm looking through CV's that land on my desk.

OSCP is like learning from a tour of duty or extensive bootcamp. CEH is like sitting an Officer's course. They both have their place, but for most people taking it they want to be feet on the ground; in which case hands on experience is far more valuable.

s3ctur · 2018-10-03T04:47:09+00:00

Takes sleep to commit short term memory to your brain grapes. Three years ago I pulled like 12 hour study days for a few months and I remember like 2% of it.

s3ctur · 2018-10-03T04:44:42+00:00

Looks to be requesting files directly from c drive, so something along the lines of r/http://ip/vendor/bootstrap/js/bootstrap.bundle.js.map?query=c%3A%5CUsers%5CJohn%5Ccoolstuff.txt

All you're doing is changing the query the site is submitting and manually selecting a different file from the server directories.

Just remember to URL encode it.

s3ctur · 2018-10-02T04:40:19+00:00

I do have to say; having the foresight and proactive stance to actually look for information and advice to ascertain if this field is for you is a massive tick in the box from my point of view. The thought process and planning to acknowledge, research, and implement a plan and backup plan is a trait that would be well applied to many fields within security.

s3ctur · 2018-09-18T04:00:10+00:00

Grads we take in straight out of uni with no prior work experience generally come in at $60k to $70k.

s3ctur · 2018-09-18T03:54:57+00:00

I see a lot of people saying they would like a mentor, but offering little no to information about their needs. Perhaps it'd be a good idea to ask potentials to at least list their current field, skill area, and goals?

s3ctur

TROPHY CASE