[ 3 / biz / cgl / ck / diy / fa / ic / jp / lit / sci / vr / vt ] [ index / top / reports ] [ become a patron ] [ status ]

/biz/ - Business & Finance


View post   

File: 996 KB, 500x280, 328579234758947.gif [View same] [iqdb] [saucenao] [google]
15111033 No.15111033 [Reply] [Original]

This thread is for the discussion and support of those anons who have accepted the Quest to become remote pentesters. I am OP, my email is OSCPanon at protonmail. You may contact me via email with any questions related to hacking professionally, or learning to do so.

Link to original guide (Path to Pentest - Anon's Quest):
https://pastebin.com/vyhNRqj8

Link to the last General thread:
>>15013302

So what are you doing to further your Quest this weekend anon? Here are some good resources and things you could start working on:

Free ebook downloads for several of the books I cover:
https://b-ok.org/

-Noob-friendly complete guide to OSCP content (with very helpful links):
https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html?m=1

-Another book recommendation and guide to the PWK training:
https://tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/

-IppSec (HtB walkthroughs):
https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/videos

Learn Linux (free courses from Harvard, Dartmouth, Redhat):
https://www.edx.org/learn/linux

Learn Linux (Bandit - Over the Wire):
https://overthewire.org/wargames/bandit/

Learn Metasploit (free course from offensive security):
https://www.offensive-security.com/metasploit-unleashed/

Learn Python (free course & codeacademy. added youtube source):
https://www.learnpython.org/
https://www.codecademy.com/learn/learn-python
https://m.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g (Corey Schafer channel)

Start creating your virtual lab with VirtualBox (Free):
https://www.virtualbox.org/

Free Windows VMs from Microsoft:
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Build your hacking OS (Kali & Parrot):
https://www.kali.org/downloads/
https://www.parrotsec.org/download.php

Vulnerable VMs to practice against:
https://www.vulnhub.com/

Vulnerable lab & CTF community:
https://www.hackthebox.eu/

>> No.15111042

free Burp Suite course (Burp Suite is the no.1 tool for web app testing):
https://hackademy.aetherlab.net/p/burp-suite

Other Resources (podcasts, tech reading, misc):
https://darknetdiaries.com/episode/36/ (great podcast. Ep.36 is about a pentest)
https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/ (collection of online CTF games)
http://ctf.infosecinstitute.com/ (CTFs for beginners)
more to come...
(Complete beginnger guide Network Pentest 2019)
https://www.youtube.com/watch?v=WnN6dbos5u8&feature=youtu.be

Link to Certification Info:
https://www.elearnsecurity.com/certification/ejpt/ (Junior Pentester Cert)
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (OSCP - The ultimate goal of aspiring pentester)

Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.

Monetization section (updates soon):

Bug bounty site (hack large companies and websites for bounty rewards):
https://www.hackerone.com

Hackerone also runs this site, which is for learning:
https://www.hacker101.com/

As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.

You got this anons!

New Announcements:

Telegram (I will use this group to announce when /RPG/ threads go up on /biz):
https://
t.me/joinchat/AAAAAFihisZbNDWUNip7Yg
(please create a new telegram account with a bullshit phone number before joining. You can get a burner number with an app called Burner App for IOS or Android.)

IRC: Will Update in following posts so people don't miss this.

>> No.15111054

IRC server is up and functional. I am currently testing the final secure configs. I estimate that I can complete initial testing this evening. When I do, I will list the onion address for connecting. In the meantime, please check this guide for a how-to on connecting via TOR: https://0x00sec.org/t/how-to-connect-to-irc-using-hexchat-and-tor/6866

>> No.15111090

I recently read the “OSCP in 492 days” blog post and the guy said he quit his job to study full time and he still had no life. In your experience is it that difficult? My estimate is at my current rate it’ll take me 3 years or so.

>> No.15111134

>>15111033
Is SENT overpromising bullshit?

>> No.15111205

>>15111134
It’s just an openvpn wrapper, there are better ones that scramble all metadata, just don’t use pptp which can be easily decrypted but ipsec (you need to serialize it with tor anyway)
but the idea is nice, probably something better than sent can be build

>> No.15111453

>>15111205
Dang I guess I wasted money on this

>> No.15111490

>>15111090
Wtf I thought OP said he got his cert in a few months

>> No.15111508

>>15111033
Thanks OP

>> No.15111532

>>15111054
Thanks Anon. I've followed the instructions, and when I got to the part where it said to enter sudo service tor start, I did that, but nothing seemed to happen. There was no error message so I guess that means it's working?

Ive got hexchat open and ready to go, but I'm a bit of an IRC noob so I hope you provide detailed instructions on how to connect to your IRC chat when it's ready please. Thanks so much Anon. You're doing God's work

>> No.15111794

>>15111033
You're doing gods work op spreading this Intel to biz neets

>> No.15112274

Read your previos post. Starting to learn linux now. What linux distro do you reccomend to learn first?

>> No.15112329

>>15112274
Dont worry about distros too much bro they're all basically the same, but kali or just download the tools and put them on ubuntu

>> No.15112713

>>15111090
>>15111490
pls respond OP

>> No.15113128

Currently working through the junior pen testing cert . Slides are a little dry but still good content.

>> No.15113149

The telegram channel doesn’t work or it is coded?

>> No.15113200
File: 61 KB, 540x680, CE03EBDC-50CD-4685-9FF5-D1250E57E324.jpg [View same] [iqdb] [saucenao] [google]
15113200

>>15111033
I love these threads. Just bought some books on pentesting but I’m a alazy NEET so keep posting them and I’ll get around to it when I’m not waging. Thanks for doing this anon.

>> No.15113363

>>15111090
that sounds like too long. my guess is that guy is a total brainlet. I was working full time when I did OSCP. I did some initial study during a period of a few months with no job, but rly, 2-3 years sounds like way too long if you are truly on task...

>>15111134
likely. I'm watching VIDT and LINK. LINK is a long-term interesting one. VIDT may be nice sooner. Other than that, I'm not interested in many shitcoins. Mostly top 5.

>>15111490
I got it in 4-5 months

>>15111508
np

>>15111532
I will get instructions up ASAP on connecting to the onion

>>15111794
ty

>>15112274
if you are never touched linux, I would start with linux mint, or ubuntu. I started with mint.

>>15112329
also this

>>15112713
sorry been busy working on the chat server

>>15113149
It should work. We had a lot of people join last week, but I did notice it seemed like nobody was seeing the announcements today. I will take a look at it and see if it is fucked up.

>>15113200
sounds good anon


And to all, sorry I ran into some issues with the server today during testing, so it is not ready to go live. I'm really trying to get it done tonight. I found a pretty bad vuln in the software I used the first time and I scrapped it to get something more secure. Testing now.

>> No.15113381
File: 933 KB, 2559x1706, daisy-taylor4014.jpg [View same] [iqdb] [saucenao] [google]
15113381

>> No.15113408

I should add for the timeframe question... I did it in 4-5 months but I was really hungry. I think if you don't know anything really starting out, that 1 year is a good goal.

>> No.15113595

>>15113363
Gameanon here!
Keep up the good work everyone. Since I'm starting from close to zero IT knowledge, I prioritized learning networking fundamentals such as the OSI model and CIDR notation before trying to dive into learning specific pentesting tools. It's really helping to put the different exploit technique walkthroughs I've seen in perspective. Also reading Georgia Weidman's book for a full overview of pentesting methodology. Highly recommend the Cyber Mentor's vids for entry level topics so far if anyone is at the same noob level as me: https://youtu.be/pmvkJISXw9g

>> No.15113635

>>15113381
romulan tiddies

>> No.15113660

>>15113381
>damn she’s cute
>such pretty feet
>let me see over here what site this is from
>....
FUCK

>> No.15114077

gotta keep this bumped for later

>> No.15114163

>>15112274
I actually went out and found myself a $20 used netbook, put a ssd and more ram in it, and then installed Lubuntu. It's been a fun little side project, and it's forcing me to get comfortable with linux outside of a VM environment. Plus, a part of me loves reviving old tech. Just an idea for ya.

>> No.15114223

>>15114077
thanks anon. I'm just about done with the 2nd setup. Will post the onion tonight.

>>15114163
good stuff

>> No.15114253

>>15111033

thanks anon

>> No.15114284
File: 45 KB, 657x527, 1560543981454.png [View same] [iqdb] [saucenao] [google]
15114284

>>15111033
Awesome thread! I saw the guide a while back and started learning Linux today. Got it set up on my laptop and going through some guides. Hope these generals pop up more often.
Cheers OP!

>> No.15114314
File: 361 KB, 1198x753, YfvBjRK.jpg [View same] [iqdb] [saucenao] [google]
15114314

WE'RE ALL GOING TO MAKE IT, BRAHS

>> No.15114322

How much do you make doing this OP?

>> No.15114561

>>15114322
$150k/year

>>15114253
np

>>15114284
I will certainly try to get them posted more often. It's been a real busy month, and this week I've been working on getting the IRC up instead of posting generals.

>>15114314
we're all going to make it

Also, the IRC is up and functional, with SSL and an onion address. It's ready for live testing. I'll drop the address in a minute. Gotta have a couple beers after all that server config.

>> No.15114750

>>15113363
>I'm watching VIDT and LINK. LINK is a long-term interesting one.
kek absolute brainlet

>> No.15114855

xrpcxysuvqqcg4hiwymrs2vefvvtkiby7gmp3veuiqbld74s3grjs2qd.onion

in order to connect via tor:

get on linux, you should already have a linux vm or linux box if you have been following the guide.

open a terminal and run
sudo apt-get install tor hexchat

now in terminal run
sudo nano /etc/tor/torrc

scroll down to the line that reads :
#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections

delete the #

now push ctrl+x to save and exit

now in terminal, run
sudo service tor start

now tor is running

now open hexchat. now the first time, you need to connect to a server to be able to access the preferences tab. connect to any of the default servers listed, doesn't matter which one.

once connected, on the top bar click Settings and then Preferences

in preferences click Network Setup on the left

scroll down to proxy server and input the following:

hostname: 127.0.0.1
port: 9050
type: socks5
use proxy for: all connections

ok close that to accept changes

ok now click Hexchat at the top bar and click network list

click Add
name the server. doesn't matter what. I called mine RPG-IRC

click edit
paste the onion address in the box

look down and click the checkboxes next to use SSL and accept invalid SSL certs (I'm using a self-signed cert during the test phase, I'll change it later.) The SSL is more about encrypting your comms than verifying the server, but I will update the cert in the future with a CA.

You should be done. Close the box and then select the server name and click Connect on the bottom right.

When you get in the channel, register your nickname with:
/msg NickServ REGISTER nickname password bullshitemail@fake.com

then /join #RPG

I'm still working on the channel list and crap like that, but you can come in and hang out and help me test it out.

>>15114750
I might be a brainlet. But I think LINK will do well in the future as more companies use it and it actually generates adoption. But I'm not all in.

>> No.15114943

>>15114561
I'll look out for the IRC then. It's fucked up that generals barely survive on biz anymore. Man just to make at least 100k and have a fucking house or apartment would literally be my dream, that's what inspired me to follow the guide. And to have a remote position? pls gib. I am going to grind to make it happen.
I wanna give my dog a nice yard ;_;

>> No.15114985

>>15114943
IRC is up:
xrpcxysuvqqcg4hiwymrs2vefvvtkiby7gmp3veuiqbld74s3grjs2qd.onion

also, having a yard for my dog was a big motivation to get a new house and get out of the apartment lol.

>> No.15115010

>>15114985
damn, congrats anon
that really gives me hope! Hope you and your dog are happy now. Thanks ill save the link!

>> No.15115333
File: 7 KB, 225x225, 23589028359.jpg [View same] [iqdb] [saucenao] [google]
15115333

>>15115010
can't complain

>> No.15115367

>>15111090
In general, it takes about 1000 hours of doing something to truly master it. Keyword, master it.

>> No.15115780

>>15114855
nice irc is up, need more anons in here!

>> No.15115805

Where are you located anon? I currently live in NYC doing cyber sec for a very large respected bank. If you are somewhere nearby would like to meet up and talk to you.

>> No.15115889
File: 6 KB, 225x225, sure-pal.jpg [View same] [iqdb] [saucenao] [google]
15115889

>>15115805
lol sorry anon. closest you can get is the IRC. as much as I would enjoy that.

>>15115780
yeah we do need more anons in the IRC! its only been up briefly tho, and based on the telegram activity from last week on announcement views, I think we will have a decent amount of participation.

>>15115367
sounds about right

>> No.15115900

>>15111033
BASED pentester anon

>> No.15116026

Hey, YOUNG anon here. How young? Young. I've already watched bits and pieces of kali linux tutorials, are those good to start with? These threads are super helpful btw!!! What can I expect to make from remote pentesting alone?

>> No.15116396

If anyone was trying to get into the IRC server, or was recently kicked out, I have fixed the issue. If you still have trouble getting in, please let me know.

>>15116026
that is a great place to start. I always say you can expect to make at least 100k+

>> No.15117023

This thread still alive?
Security is a great field to get into. Been doing pentests and red team engagements for about 6 years now. There are endless opportunities. Lots of different directions to take. Application and cloud security are big ones now.

Pay is great, coworkers are also autistic, get to pick on Boomer network admins all day. Love itttt

OP has some great links he's provided. I highly encourage all neets with half a brain to dive into this.

I'd also include /r/netsec for a good resource. Ya, ya, ya Reddit is for fags, I agree, but it's honestly a great place to read about the latest happenings in the field.

>> No.15117116

>>15117023
great stuff anon. Thanks for jumping in. If you feel like kickin it ole school, check out the IRC that just went up today.

And I agree with all your points about the on-job stuff. coworker autists are the best

>> No.15117648
File: 29 KB, 400x444, 1502971619414.png [View same] [iqdb] [saucenao] [google]
15117648

aspiring security anon wondering what the remote/freelance job market is like? not even looking for high income - just wondering if there's jobs beyond doing bug bounties

i'm currently studying pentesting because networking and computer security / theory is the most interesting stuff to me, but in terms of jobs it seems like they usually go to teams of people and companies and there isn't much of a market for freelance

any guidance as to what to look for, study specifically, or whether there's a similar line of work which would lend towards freelance?

>> No.15117753

>>15111033
I've been watching some oscp videos and thinking about going through with this but it doesn't seem like there's enough job demand for people new to it. I have IT experience years ago and help manage a crypto network, is this enough to qualify for the experience requirements?

>> No.15118122

To do the VMs what do I really need? Should I get an used laptop, install kali on it and then run VMs on that? Right now I've got desktop with Windows and a school laptop with Mint. Can I not use my deskstop to run a VM of both Kali and the attacked VM?

>> No.15118376

>>15117648
Freelance work is hard unless you've already established yourself and can prove it through cve's, tools you've written, etc. Some of the tests and exercises you perform can impact operations and cause downtime for the organization. Working for a big company with all kinds of insurance and we'll vetted testing procedures is a lot more appealing to the client.

>> No.15118399

>>15117753
Short answer, yes. Just need to have the intelligence and drive to accomplish your goals. I've worked with folks that had no security experience before the current job and within a year they are a god at their particular job.
I'd say explore a lot of different specialities I'm the field. Find what interests you most and expand on it. Wireless, application, physical access, social engineering, etc. It has a lot to do with the current background and what you enjoy. It should come to you naturally as you get more experience and exposure.

>> No.15118413

>>15118122
Yes you can just use the desktop and run multiple VMs. That's the best way to test stuff imo. Have both windows open. Execute something, look back to the other vm. No result, try something else. There's no harm in having it all run off a separate laptop, just not needed in most cases.

>> No.15118612

Guys, be sure to join the IRC. Why not help each other out vs struggling individually.

>> No.15119390

>>15118612
this. only 7 anons have joined the IRC thus far

>> No.15119502

Interesting way to recruit military/intelligence personal. Who is funding this program? GCHQ or EUMS?

>> No.15119523

Oh didn't looked at when the thread was originally posted.
Hi NSA anon

>> No.15120306

>>15111033
does this work for people outside outside US? can I really get in as an eastern European?

>> No.15120309
File: 515 KB, 1500x2275, 1561845217302.jpg [View same] [iqdb] [saucenao] [google]
15120309

>>15117648
freelance is tough beyond bug bounties, unless you are really good and companies will farm stuff out to you. I'll get back to you on this with some additional resources.

>>15117753
that is plenty of experience. also, there are a lot more jobs for offsec than you would think, and it is growing.

>>15118122
yes you can run both kali and victim vms on your windows desktop. should be np. email me if you have issues and I can help with how to set the hardware reqs

>>15118413
this anon knows his stuff. thanks for answering questions while I was away. cheers

>>15118612
I'm sure the IRC will continue to grow. Sunday night premier was less than ideal.

>>15119523
kek. I told you guys before, I am building a hacker army to defend us from our future AI overlords. Also, we're all gonna make it

>> No.15120339

>>15120306
this does work outside the US. As far as Eastern Europe goes... I mean if you couldn't get a decent job doing it, it seems like that is a pretty chill place to be a blackhat. Not that I am encouraging that, just an observation.