Are RAT's honeypots for feds and botnets or are there some that are actually legit? I have an old laptop to fuck around in but am wondering if anybody can chime in with experience.
Colton Young
Audit anything before you use it and if you cannot audit it (that is, if it is closed source) do not risk using it.
Robert White
Any one using an iPad pro for pentesting? going to start testing on one to see how well it works up, anyone into /swift/?
Caleb Gutierrez
What could be a good and reasonably cheap VPS that I could run VPN over, that would respect my privacy? I locate in EU.
Landon King
Some builders are infected themselves. If you want to be sure, disassemble it and check or just write your own toolkit.
Joshua Wood
Scaleway, bare metal instances. The smallest ones are 5EUR/month and there is a ready to use OpenVPN template.
Gavin Diaz
Who is going for /certs/ here?
I have Sec+ already (a bit of a joke but good on resume), this year my biggest goals are finish up my degree and get OSCP.
Also am studying for CCENT but I really couldn't care less about Cisco IOS. Just want the TCP/IP networking knowledge. So I am not really enjoying studying for it desu.
Jack Robinson
Thinking about OSCP, it seems to be the only one that makes sense at the moment.
Jaxon Carter
I use Kali for tryhard stuff, ParrotSec OS for programming when not trying to pentest (It's kinda like Kali but more modern UI and you aren't expected to be running as root at all times). On VMWare Workstation Pro 14.
Carson Davis
CISSP is done already, getting Sec+ because I got gifted the test coupon.
OSCP I'm starting in a few weeks.
Dylan Kelly
Has anything changed for you since you got CISSP? (And where are you based?)
John Bell
Few years ago I was able to learn stuff like stack&buffer overflows by using Damn Vulnerable Linux but was never able to figure out how to get stuff to work on any modern distros so I gave up.
Bentley Hall
Going out for dinner, but I've got MSCE, Sec+, A+, Net+, CISSP, CEH, and most recently OSCP, and my work is paying for CISA now so I'm studying that. Anyone interested in the listed certs I can answer questions.
I'm between the ages of 25-30, been in Cybersec since I was 18, income 165k. West coast.
I have two job prospects I'm scheduling phone screens and interviews for.
I have almost 0 on paper security experience, I've been doing general Systems Admin and Accounting for a small company for the past 5 years.
I'm in NY right now I'm at 60k, the lowest of the two prospects is 90k.
Levi Russell
Is that before tax?
I live in EU so it's a bit hard to understand. I'm at 23k, infosec analyst 2nd year.
Elijah Perez
>*UNAFFILIATED TRASH - AS LULZEC TAUGHT US - TRUST NO ONE!*
Juan King
got any quality resources for CEH?
Jason Baker
Yes, before tax, US Tax Code is exceedingly complex.
Is 23K your take home after taxes?
Where in Europe since that seems awfully low for Western Europe?
Hudson Powell
Why even bother? Just l33t hax0r into the company you want to employ you, but leave a trace.
Ryder Perez
Seconded.
Jordan Miller
Best advice.
Carson Ross
i hope you're joking. if not, you would just go to jail
Sebastian Scott
Is Kali really any better than other distros or is it just Debian with a dragon
John Moore
It's just a toolkit.
Jonathan Gutierrez
Less of a question about the certs you have, but what are you thoughts about the new "Hacking+" CompTIA certs? I've been hearing a lot of talk from my coworkers about how it is going to basically castrate the CEH or force EC-Council to step up their game finally.
Easy read good info, CEH test wasn't difficult IMO
CISSP is a credential as much as it is a cert. People throw it next to their name all willy nilly like you can't just study and pass it, which I believe you can. I got CISSP when I was 22, having 4 years experience as a netadmin, and a sec+. I went to a bootcamp, spent 16 hours a day studying, and passed. You dont know your score if you pass, it doesn't tell you. Life changed when I became a civilian, and HR was treating the CISSP as the gold standard. I went from making 53k to 110k. CISSP again is more managerial than technical, so be prepared for paperwork if your betting a job against that cert.
OSCP was the hardest test I've ever taken, and I failed once. Know your shit.
Alexander Young
So, all in all, what certifications do you consider useful?
Wyatt Gutierrez
I've got a kali usb and an rtlsdr dongle with good antenna setup. What should I do next?
Hunter Morales
I'll assume you're getting a certification on two grounds, either A: You want to get it to prove to yourself you can, and/or B: You want it on a resume / for promotion. Nothing wrong with going for B, just realize that you might not enjoy what you end up doing if you get a cert purely for a hire. I love having a CISSP, I hate being a CISSP. Management is boring and conceited. OSCP is completely unneeded at my current position, but I got it because that's what I wanted. When I find a job requiring the kind of thing in an OSCP with similar pay allowing me to keep my lifestyle, I'll 100% switch positions, I'd even take a paycut.
But to answer your question, a bachelors gets you the interview. Your certs and experience get you the job, so CISSP, CCNP, and for DoD Sec+ ideally.
Colton Davis
hack the gibson of course.
What the fuck do you mean do next? There's no reason to hack innocent people. If you want to do something significant go hack some politicians and dig up dirt, even if they're local.
other than that do labs like OP says bro
Joshua Miller
Thank you, refreshingly concise.
Henry Butler
Funny you say that, I am getting into the local political dirt digging.
John Green
But that's naughty and in this general, we're friendly hackers. Most white, some grey.
Justin King
Yeah, I am pretty sure black hat wouldn't be discussing their stuff on here.
Michael Smith
I'm asian
Matthew Edwards
Tread lightly. Remember, everything is more monitored than ever before and there is a very good reason there is no modern hacking group that goes by "Anonymous"
Even if someone is local it does not mean that they are not well connected. It is all connected. Think recursive octopus tentacles.
Number one if you think of trying to hack "someone" with your phone turned on and your phone and in your pocket I suggest you pick a different profession.
They seem to be a France company, how is France's take on privacy? I'd love a VPS located in Netherlands, Switzerland, or better yet Norway, with them stating something good about privacy, but suddenly all the prices from companies like that are waay higher.
how to hide myself on domain controlled enviroment? except leaving it. hackermans?
Liam Price
What do you mean? Hide what? From who?
Just use a VPN.
Jace Davis
First year CS student.
How exactly do I get into learning about security? Is it a matter of learning security concepts in general or learning a particular field very well? What can I do in the meantime as supplementary study/recreation on top of my course?
Aiden Carter
Apparently it's about having a vast knowledge of everything and, from there, being able to seek vulnerabilities
can an iphone be permanently hacked through one of those charging stations?
Alexander Thomas
To get good in security you should learn and have practical experience in administration and configuration of linux, windows, windows server, a decent foundation in programming and scripting and good networking knowledge. From there you can focus mainly on security topics.
Liam Morris
And get a decent grasp on web and database stuff, forgot that. Basically as said, get an technical overview of pretty much everything (a mile long, an inch deep) and then ask agian
Juan Scott
I'm the guy that posted the image.
>what kinds of things would I use scripts for? >how should I go about item 2 on the list? >how necessary is item 6? I was under the impression that kernel development was in the extreme end of elite level programming
Hunter Fisher
>>what kinds of things would I use scripts for? Literally everything. In this day and age there is no field in IT that you don't need scripting for, be it Bash, Python or Powershell. Its just an easy and fast way to implement tools, automate tasks, chain stuff together... >>how should I go about item 2 on the list? Any PC with virtualization support will do, just make sure it has a decent amount of ram. 16gb should be enough for the start if you are limited on money, 32gb is better though. Networking practice can be done entirely with simulation tools like GNS3. >>how necessary is item 6? If you want to go full forensics there is no way around learning low level stuff, but let me tell you its tough shit and just one part of cyber security. >I was under the impression that kernel development was in the extreme end of elite level programming Its not like there is a "skill scale" where you have webdev on one end and kernel dev at the other and everything else in between.
Benjamin Mitchell
How could you pentest on an iPad?
Wyatt Williams
What are some good keyloggers?
Brody Sullivan
Be gone scriptkiddy
Benjamin Brown
how do I transform a meterpreter session into a real shell, I know I can drop into a shell using shell but is it possible to switch to a different user from there? i.e switch from daemon to user1 (assuming I had user1s password)
Jordan Gonzalez
... just install rootkit user
Josiah Evans
it's for making CTFs a bit easier don't need backdoors just want to streamline the process a bit by not having to switch vms
Have can run almost any lang now nativity, I.e, you can do anything you want on it. I do a lot of python, and JS/PHP/MYSQL. All apple stuff for the last 10 years or so can do packet injection.
How do you guys document your pentests or CTFs? Note taking software? Wiki? Video? Pen and paper? This is the part that I find the hardest, because it takes me out of the flow, when I'm trying to work through things.
Kayden Myers
>Using a peripheral that probably has a hidden microphone Get out of here!
Ryder Gomez
How do I actually engage in CTF/events/uni security groups if I'm not knowledgeable in anything?
Leo Bennett
follow the fucking guide in OP.
do VMs from Vulnhub by following walkthroughs.
do VMs from HTB while watching the ippsec videos.
Levi Morgan
Why does no one ever read the OP in any general thread?
Jaxson Walker
You hear this a lot: "A thread died for this." While accurate, this phrase generally carries no weight. But just this once, if you would do me a favor and hear me out, it would do all of us a lot of good.
A. Thread. Died. For this. You woke up this morning, poured yourself a bowl of Faggot Flakes, moistened them with your impotent Faggot prostate milk (which IS in fact impotent, because you're a fucking faggot) and, within seconds, decided that today of all days would be the time you decide to cut your synapse firing quota by just a little too much.
So you hopped online, carved out this uninspired chicken scratch, probably failed the captcha once for every strand of peach fuzz on your half-empty sack, and clicked Submit.
At that moment, a thread died. A thread that could have been bumped. A thread that could have been resurrected with content, or valuable discourse between its denizens. Hell, it could've even been bumped for absolutely no reason. And that would've been okay. Because, had it survived, a few more seconds could have been spent without having had your abortion of a post been born in this world.
Logan Butler
Thanks for the bump.
Tyler Martin
I write or copy/paste everything into a tree-style note taking app. I think the one Kali uses by default now is Cherry Tree. Keepnote is also popular. But you just gotta experiment and do what works for you.
Easton Brooks
Goodnight bump.
David Ortiz
So hopefully I don't get too much shit for posting this but I'm currently a java developer that knows c++ and python, where would I start if I wanted to get into penetration testing and generally being a hackerman
Landon Nguyen
Cya bump
David Williams
Start by looking into OP info
Hudson Hall
bump
god damn Sup Forums is dead compared to the fermi wars
All I did was solve a fucking riddle on an ad at tge train station. If that's all it takes then no wonder the threat level is probable. (riddle was "What has a slender body, one eye and never cries?")
