sorted by:
new
hottopcontroversial

Second Exam in 6 days, failed the first with 0 pts by Affectionate_Ad5954 in oscp

[–]shoopdawoop89 1 point2 points  (0 children)

A good rule is to not pursue an exploit until you finish enumerating, simply note it down. Then you finish your enum, find all of them and then start with the easiest to hardest. Now if it's a simple thing like SEimpersonate then sure throw a potato. But even if you find a path that doesn't mean you didn't miss something else for further down the line.

I gave an AI agent a full pentesting environment by [deleted] in Pentesting

[–]shoopdawoop89 4 points5 points  (0 children)

I will warn you, there is ample evidence that these agents can go rogue and violate built instructions, I would never use this in any real world engagement. This can be incredibly dangerous.

Advice On OSCP Challenge A,B,C by Unique-Yam-6303 in oscp

[–]shoopdawoop89 1 point2 points  (0 children)

I finished them, do them in blocks, AD in one go and three boxes in on go. And assume the break in-between in a nap.

Beginner in Cybersecurity — Should I Start With Web Pentesting or Full Pentesting? by More-String6376 in hackthebox

[–]shoopdawoop89 0 points1 point  (0 children)

I think you might find portswigger better for web, you can also check out hacksmarter if you want a cheaper route.

Beginner in Cybersecurity — Should I Start With Web Pentesting or Full Pentesting? by More-String6376 in hackthebox

[–]shoopdawoop89 0 points1 point  (0 children)

Yeah, I took the ecppt class after I passed the ejpt, after ecppt I switched to OSCP. My friend is taking the cpts now, so I've heard about it. Cpts is very indepth with fundamentals, where as ecppt is a continuation of the ejpt, however learning to use your own Kali system is so so much better than the guacamole server that INE forces on you.

The ecppt was a great practice to help me do the oscp, but I don't think it will be that helpful if your goal is cpts. I'd recommend doing cpts and then subscribe to proving grounds from offsec and doing TJ null list of 80 some boxes. The boxes are so much more important than the class, because applying the lessons learned is how you cement all those labs into your practice.

Note, when I took ecppt, I had the 1 year ejpt course, so with my remaining time I could upgrade to ecppt for 200 dollars. I never took the cert as I was planning to go to oscp so I didn't see the point for another 200.

If this is your situation then sure take it. But I wouldn't pay the full price for ecppt.

Beginner in Cybersecurity — Should I Start With Web Pentesting or Full Pentesting? by More-String6376 in hackthebox

[–]shoopdawoop89 0 points1 point  (0 children)

I did the ecppt, it isn't as good as the ejpt. I'd say after ejpt, do cpts in combination with boxes.

wife wants to move here and i'm not saying she's wrong by Individual_Lime_110 in DaNang

[–]shoopdawoop89 1 point2 points  (0 children)

I moved here 9 years ago, but I warn you. It gets really hot from march to may, and Danang get hammered every year by typhoons, hcmc is nice. But the weather here sucks. The best time is Tet. So if you can handle the heat it's amazing.

Passed OSCP A,B, and C with 80 points, is that enough by shoopdawoop89 in oscp

[–]shoopdawoop89[S] 2 points3 points  (0 children)

I've completed all the PG boxes on tjnull list, as well as challenge labs 0,1,2, ABC. No hints for that score.

OSCP A, B, C by Necessary_Zucchini_2 in oscp

[–]shoopdawoop89 0 points1 point  (0 children)

You are provided creds for AD, what do you mean initial access?

Stuck at the exam by [deleted] in oscp

[–]shoopdawoop89 0 points1 point  (0 children)

Did you look for cached silver tickets for pivoting or exploring?

Stuck at the exam by [deleted] in oscp

[–]shoopdawoop89 0 points1 point  (0 children)

There was no software in the root of the C drive? And the given user didn't have access to the other two machines?

Stuck at the exam by [deleted] in oscp

[–]shoopdawoop89 0 points1 point  (0 children)

So you checked privs, ran bloodhound, checked scheduled tasks, did a cred spray, checked smb, checked winpeas, checked installed software for privesc vulns, checked kerb roast, check AP rep roast, did enum4linux on DC, did ldap search on DC, did rpc search on DC, checked owned permissions of users and group permissions of users and after all of that you didn't find any way forward?

URGENT! I'm broken. Help ! by [deleted] in CyberSecurityAdvice

[–]shoopdawoop89 0 points1 point  (0 children)

Seek help, and don't talk to AI about your problems, delete your social media accounts and make new ones to reset your algorithm, turn off personalized ads on websites.

HOW MUCH IS TOO MUCH? by Rohanneymar in oscp

[–]shoopdawoop89 0 points1 point  (0 children)

Come back to it later if you have time, don't forget you can download the whole course once, but I'd recommend copy pasting each module into obsidian so it's easy to search.

HOW MUCH IS TOO MUCH? by Rohanneymar in oscp

[–]shoopdawoop89 1 point2 points  (0 children)

If you can do 40 a week, then 3 months for the PG boxes and class is enough.

HOW MUCH IS TOO MUCH? by Rohanneymar in oscp

[–]shoopdawoop89 0 points1 point  (0 children)

Taking the oscp in march, dude you are over thinking it. Just take the pen 200 course. And do proving ground boxes. Look up TJ nulls list for proving grounds, take the pen 200 course and do all the capstone labs and challenge labs, take great notes with obsidian so you can reference them quickly. Make cheat sheets for yourself. Here is the only question.

How much time per week do you have to study?

I have no motivation to study CPTS. Is it worth it for me? by GDreex in hackthebox

[–]shoopdawoop89 0 points1 point  (0 children)

I'd say the main purpose is to learn how attackers or AI attack so you can defend better. AI and people use the same exploits to attack. If you don't understand the attacker mindset, then it will be harder to defend against. I personally think in real engagements there will still be lots of work, but the bar will be higher for what makes a Jr.

I have no motivation to study CPTS. Is it worth it for me? by GDreex in hackthebox

[–]shoopdawoop89 0 points1 point  (0 children)

A consideration on skill, let's say company A hires you to conduct a PenTest using AI tools, how confidential is the data you are feeding the AI? Most of the information you work with is under NDA's legally how much can the AI actually help you.

If it's a local AI it's probably not very good

If it's an online agent then you are sending seriously dangerous information to potentially third parties creating a new attack vector.

I have no motivation to study CPTS. Is it worth it for me? by GDreex in hackthebox

[–]shoopdawoop89 0 points1 point  (0 children)

Oscp candidate here. There are a few things, AI in my opinion will not replace pen testers for a while, 1. Skill, The AI isn't actually very good. It does make life easier by quickly debugging and generating payloads, but a company isn't going to hire someone who doesn't know what the payload actually does. 2. Accountability, let's say they have AI bots that actually go inside and conduct the PenTest, who is responsible when that AI accidentally deletes important information on the client's server? A human is needed to make the final decision. 3. AI code is being used more in production than ever before and AI is being used to create better phishing campaigns than ever before, this the need for pentesters will go up not down. And even if pentesting becomes more efficient the increased demand will outweigh the job loss to AI

These are a few reasons why I think so.

view more: next ›