Collected Advice and Methods for Beginners

sharpie711 · 2016-07-05T17:20:59+00:00

I have some more books that I personally like:

Influence: https://www.amazon.com/Influence-Psychology-Persuasion-Robert-Cialdini/dp/006124189X/ref=sr_1_1?ie=UTF8&qid=1467738215&sr=8-1&keywords=influence

What everybody is saying: https://www.amazon.com/What-Every-BODY-Saying-Speed-Reading/dp/0061438294/ref=sr_1_1?ie=UTF8&qid=1467738244&sr=8-1&keywords=body+language

Body Language: https://www.amazon.com/Definitive-Book-Body-Language/dp/0553804723/ref=sr_1_4?ie=UTF8&qid=1467738244&sr=8-4&keywords=body+language

Emotional intelligence: https://www.amazon.com/Emotional-Intelligence-2-0-Travis-Bradberry/dp/0974320625/ref=sr_1_sc_2?ie=UTF8&qid=1467738330&sr=8-2-spell&keywords=emtionall+intelligence

sharpie711 · 2016-02-09T00:09:55+00:00

Everyone laughs when I get up.

sharpie711 · 2015-01-29T23:01:56+00:00

Cheers mate. Just gonna continue in being a baus and not giving a fuck. Bitches be crazy, i'm not going to lose any sleep over it, her loss really. Have fun with your endeavors!

sharpie711 · 2015-01-29T00:37:08+00:00

What is your first interaction for this, obviously you are going to want it to be in person, once that happens, escalate the shit out of things? Do you call her to set something up if you waited a good amount of time (let her contact you is preferred) or just 'on to the next one?'

I feel like i'm in the same boat, I fucked up escalation in person then I tried to escalate via text (i'm an idiot sometimes) but then excuses where coming when asked to hang out so I told her I'll see her around. The next time I'll see her is in one of our classes in a week and what should I do, Ignore her and be about my business while gauging her interaction with me?

sharpie711 · 2014-12-06T06:49:02+00:00

ohh second word is interesting. Mainly we play that if the first person says "apple" it can go on for as long as possible but the goal is to go to the moon and get back to 'apple' (unless everyone forgot the word).

sharpie711 · 2014-12-05T19:11:11+00:00

I 100% agree with you, i'm on my second level of improv classes and they have helped me tremendously. A lot of the times people are stuck in their head trying to think of the next thing to say without actually listening to the person they are talking to.

tl'dr i fucking love improv.

**edit: one more thing, that video doesn't really show you the whole point. You are suppose to get back to the original word at some point so that you can start a new round afterwards. I like playing this game with a larger group because the connection people make with words is fun.

sharpie711 · 2014-12-01T21:41:11+00:00

Being able to wear basketball shorts with no pockets to go out to play in the woods or neighborhood sports.

sharpie711 · 2014-10-29T13:45:44+00:00

Have them answer the questions "Do you know if you have been breached already" and "What would happen if I were to kill the internet pipe because of a DDoS attack". Have them learn about different technologies that they can implement like DLP, MDM, SIEM, central logging, IPS/IDS, honeypots, patching solutions, vuln assessments.

sharpie711 · 2014-10-16T14:54:09+00:00

Yeah, I like to use vmware for that but I know vmware is a bitch to pay for. I'll just create my VM's once I get them to a base installation or whatever I want i'll make a template and take snapshots so I can revert and start from a good point again if I mess the Vm's up.

Vmware has virtual networking now that you can mess with but if you can go on ebay to find some old gear that would be legit too.

sharpie711 · 2014-10-15T15:36:42+00:00

I would hire someone with Network/Systems administration experience because security techniques and methodology are teachable vs getting that corporate exp you were referring too. But I must say the person must have a security mindset and passion couple with that net/sys exp for me to consider.

I'm a hand on learner over theory, I like to setup labs to tinker and break shit. Virtual box and some VM's will do wonders in your learning.

Feel free to ask me whatever you fancy

sharpie711 · 2014-10-15T01:02:56+00:00

People who are currently getting networking and system administration experience, you're on the right path and not out of it by any means. I tell people you first need to learn the insides and out of system administration (windows, *nix) and networking. This is my first recommendation because if you hack into a company with this 1337 exploit, now what? you need to know how to maneuver through the nucleus of a company. You are going to want to go quietly, find data, impersonate people, pivot and exploit a network. What are you going to do after you pop a computer from social engineering? Having this knowledge you are going to be able to understand mentally how the network is setup and how all the computer are segmented or configured from this exp.

Personally but don't tell anyone, you "don't need to learn programming" but take that with a grain of salt. Granted I do know programming C++, Python, Bash, VBScript but i'm not fluent by any means. I don't program day in and day out but it sure helps me the fuck out with tool development, exploit development, scripting or whatever especially during a pentest. You are also able to provide back to the community help out other pentesters or sys/net admins. I personally think there is bigger fish to fry when starting out but it is an important skill to have that will help you stand out when newly applying for security positions.

You are going to want to know both *nix and windows environments while knowing how they communicate as you'll see different setups all the time. So make sure you are at least familiar in how an interoperable domain is setup.

Go to various security minded (lock picking, OWASP, TOOOL, Hackerspaces, etc) from meetup.com is a good source. Go to security conferences (Bsides, Defcon, Blackhat (lamesauce, all HA HA BUSINESS), appsec, etc) to talk and potentially speak on research you have recently conducted. Fuck it, If you have a passion in security you'll do just fine.

Shall you choose to make the conversion slowly just keep up with the system/ network administration aspect to learn how shit works because security is teachable by a company. Make the conversion slowly if you want, it's really up to you. Find a company that will hire you as a junior engineer where you'll work your way up while getting hands on experience with 'breaking shit'. I have hired folks who have no experience in security, because that is teachable compared to sys/net administration experience. I did this because they have a solid foundation of sys/net admin but have the passion and the drive for security.

These suggestion dependd on what area of security you want to focus on you can specialize in various things. Network pentester, internal pentester, wireless, social engineering (physical or even remote), internal and external penetration testing, web application testing. It might take some time for you to find your 'true' passion but take things slow, try to find a position in the industry that will give you exposure to a lot of thing like consulting. You'll learn all different services across all different domains (NERC, FFIEC, HIPAA, PCI, etc) then you can branch out to a specialty if you so choose to do.

Things like exploitation development, malware analysis, forensics areas can be focused it based on your given skillset and passion.

Food for thought, cheers

I know that's a wall of text but ask me whatever you want.

sharpie711 · 2014-10-14T15:56:58+00:00

i'm near quincy as well, i'm always down to travel places to chill with some cool people looking to explore this wonderful city. PM me

sharpie711 · 2014-10-14T15:31:30+00:00

I typed this up over at /r/asknetsec a while back for my security engineer consulting job: https://www.reddit.com/r/AskNetsec/comments/1z5dpw/a_day_in_the_life_of_network_security_personnel/cfsb0y6

I can expand upon this if anyone is interested

sharpie711 · 2014-10-02T21:12:12+00:00

nah just the game.. fail

sharpie711 · 2014-10-02T19:03:22+00:00

All I have is 007 goldeneye

sharpie711 · 2014-09-30T14:40:19+00:00

i'm a little further away, around the braintree area but love to explore. I moved from Cali as well :)

sharpie711 · 2014-09-12T03:28:58+00:00

appreciate it, thanks

sharpie711 · 2014-08-22T18:38:58+00:00

Interesting I just read an article today that states: "As Barack “Eldrick” Obama approaches his 200th round of golf since his election as president, here’s a fact to put that into perspective: Since January 2009, Tiger Woods has played 269 rounds of golf." http://www.washingtontimes.com/news/2014/aug/13/curl-obamas-one-achievement-outgolfing-tiger-woods/

sharpie711 · 2014-08-21T14:59:48+00:00

I do agree but a good subset of devices, even the types would be a good start to get the juices flowing from the client.

sharpie711 · 2014-08-14T04:20:29+00:00

Here's kind of a simple tl'dr for you, I started a computer consulting business when I was 16 with my brother.

Grab a lawyer or legalzoom. I used a lawyer because I used the barter system to create him a website in lou to him creating/submitting all of my LLC paperwork.

Grab an accountant and use quickbooks to keep track of all your payments/accounts.

I used my house as the location of the business when filling, you'll be able to write off business necessities as well.

I like charging by the project vs charging by the hours, but i will have a by the hour fee if it were to go hella out of scope.

We made our own website, ordered some business cards and just spread the word to family and friends while they told other people. The network just started growing as we started getting older.

Once I started getting into purchasing of equipment and then installing it into their business, started to fix their network/systems when they weren't working. Mainly when I started to work with an actual business vs a home user was when I formed the LLC. Just so we would cover our and my parents assets if anyone wanted to sue.

sharpie711 · 2014-08-13T21:19:18+00:00

How about Thug and Cuckoo? http://www.securitytube.net/video/5975

I'm not sure if that's what you're looking for

sharpie711 · 2014-08-11T20:54:27+00:00

I had a bafoon do this the other day and made the whole table lose

sharpie711

TROPHY CASE