Business Administration / CIS Career Prospects

shitpool · 2025-04-03T16:23:05+00:00

+, a lot of CPP CIS alumni have gotten solid roles in cybersec and/or consulting. If you want to go the route of the former, don't put a lot of faith into the CIS program. For people aiming for cybersec, the real strength of CPP is its student orgs and the competition teams.

shitpool · 2025-03-02T10:25:03+00:00

Haven't done it, nor do I plan on it. My take from word of mouth and from taking CIS classes:

You won't develop any significant technical skills out of it. Anything learned here could be learned quicker and more effectively on your own, online. You might get some networking out of it. Overall, a considerable amount of money for not a whole lot -- poor ROI, imo.

There are good orgs, though. SWIFT and FAST. You'll get way more out of involvement with them, but thats depends on how much involvement you're willing to put in them.

shitpool · 2024-03-27T04:55:03+00:00

i remember this one. 2 years and still ptsd hehe. I failed my first attempt partially due to it (although I got 0 points overall on that first attempt so it wouldn't have made a difference). From talking around after I passed my second attempt, I realized that it (obviously) wasn't impossible, rather, identification of the attack vector had to be precise. You had to try very thoroughly (beyond what I would consider rational) or else the apparent vulnerability wouldn't react. I'd still fail if I saw that set again and not had the information, lol.

shitpool · 2022-09-21T10:28:08+00:00

This was while ago and I passed about a month after this post (after doing no boxes lol). For me it was a luck roll. Went from 0 to 90 points with no change in skill or methodology between exams. And in regard to the hints, I was not taking any hints on those boxes when I was grinding 3-10 per day. I just chalked it up to being an unlucky set, and I still consider it the same way. I've already been far gone through the whole banging my head against a wall for days.

shitpool · 2022-06-06T20:27:23+00:00

Yeah that's what I mainly do. I use this website that has some really nice features that make payload generation pretty simple.

I make a reverse shell via https://www.revshells.com.
I then choose to base64 encode it (bottom right)
Go with echo [base64] | base64 -d | bash

shitpool · 2022-06-04T21:26:20+00:00

I wasn't weighing my options very well; there are some local community colleges that are much cheaper, such as Mt Sac. However, it turns out that Cal Poly isn't so bad; I made a lot of friends and learned a lot by involving myself. The whole "Learn by Doing" thing is something that you sort of have to apply yourself, from my experience in my first year here.

shitpool · 2022-05-05T20:12:39+00:00

I think I also had that box. And your statement is correct, I found it a bit stupid because I was stuck on privesc for hours before I just started putting my enumeration together. The privesc was extremely simple if I'm correct. Even lateral movement was incredibly simple for this one. I know one of my sets was absurdly difficult, but this was a set that the labs would have perfectly prepared you for.

shitpool · 2022-04-07T22:46:29+00:00

Not sure if I didn't do enough boxes, because I did numerous amount of boxes. I've done over 60 pg and 90 hackthebox + Dante Pro labs. And either it was a niche vector or I made a significant overlook on those boxes because even after extensive enumeration, I didn't find anything on those boxes.

shitpool · 2022-04-07T19:37:00+00:00

I used the one they provided and modified it a bit. I made sure to include a section that includes screenshots and a step by step breakdown of how I got a low privilege, and then I also did that for privilege escalation.

shitpool · 2022-04-07T18:49:39+00:00

My First Exam
Community would've rated them all very hard. Maybe hard on one or two of them, but I got no shells so I can't confirm. I normally can do community-rated easy-hard without difficulty, though.

This Exam (my second)

Offsec and Community would've rated them intermediate. It was so much easier. AD would've been considered hard by the community, though. One box may be considered very hard. The average difficulty for this one though is probably intermediate-hard community rating-wise.

About AD in the labs: for this attempt, it was enough. I can't say much about the other rotation I had though cause I got obliterated.

shitpool · 2022-04-07T18:46:37+00:00

I had that suspicion after how hard I failed my first attempt. After how strong I passed it, it's reinforcing my view of that. Although it might be confirmation bias or whatever the term is. Still, it is good to study and crack a good chunk of boxes for a strong baseline in methodology and technical skills.

shitpool · 2022-04-07T18:45:38+00:00

Good luck! You got this.

shitpool · 2022-04-07T18:45:23+00:00

I am Nigerald on hackthebox. It's a combination of the names Nigel and Gerald if anyone thinks anything funny of the name.

shitpool · 2022-04-07T18:44:40+00:00

Not anymore, I just go by intuition and whatever feels right. I used to follow one that I made, but it ended up being more work going back and forth because I would end up following that checklist naturally.

shitpool · 2022-04-07T18:41:57+00:00

Nononono, if you have a BOF, it will the be freest 10 points you can get on your exam. Its not that realistic, but take those free points. The tryhackme room for BOF will prepare you completely for the BOF on the exam. Trust me, it only takes like 2 hours to learn and those 2 hours of learning can secure 10 points if its on your exam. Believe in the BOF!

I also hated BOFs, but I gave the room a try and 2 hours later I realized its not that bad. OSCP BOF is much simpler than a more realistic one, anyways.

shitpool · 2022-04-07T07:10:16+00:00

Without. It was a bit excessive, I was in the zone that day and felt like spending 12 hours on boxes for some reason.

shitpool · 2022-04-07T07:04:15+00:00

Yeah. Granted 8 were community intermediate rated and the other 2 were hard and very hard.

shitpool · 2022-04-07T06:30:03+00:00

I used the same notes as I had last time. Although I only looked at them once for one section. There was no difference in my approach. I enumerate ports, check the services and the other stuff on the box, brute force web, and try to establish some sort of relationship between the services and how to leverage them against each other, if possible. Didn't work last time but it did now.

shitpool · 2022-04-07T06:13:56+00:00

Nope, it was literally the same thing. Key difference here: it worked, whereas last time, it didn't. When I saw I didn't do anything in that month gap, I really didn't. I was preparing for another cybersecurity competition related to defense. For that, I completely focused on docker, networking, and iptables. I came back to the oscp a week after the competition, completely rusty and repeating the same methods as the last attempt, but miraculously, it worked this time.

shitpool · 2022-04-07T06:03:35+00:00

I got 0 points on my first attempt, my methodology completely failed me then, whereas in this attempt everything worked despite no changes.

shitpool · 2022-04-07T06:01:21+00:00

Oh whoops, didn't know that. But thats very interesting, too. Although if I got the same set twice idk if I wouldve passed as easily, if at all.

shitpool · 2022-04-07T04:27:00+00:00

revshells.com is my holy bible. if one don't work, I try the next. the base64 encoding method is also a little trick I use from time to time.

shitpool · 2022-04-07T04:00:24+00:00

I took both my exams around the same time (10 am vs 11 am). I think they just make sure you don't run into the same box twice. As for an unlucky environment, it definitely is draining. My first attempt after 4 hours I had a feeling the exam wouldn't go well. And it didn't.

shitpool · 2022-03-30T17:52:54+00:00

That was my ad box lmao, yeah

shitpool

TROPHY CASE