/biz/ - Business & Finance

>>18157805
what's a pentester

free Burp Suite course (Burp Suite is the no.1 tool for web app testing):
https://hackademy.aetherlab.net/p/burp-suite
https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA (youtube version)

Other Resources (podcasts, tech reading, misc):
https://darknetdiaries.com/episode/36/ (great podcast. Ep.36 is about a pentest)
https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/ (collection of online CTF games)
http://ctf.infosecinstitute.com/ (CTFs for beginners)
more to come...
(Complete beginnger guide Network Pentest 2019)
https://www.youtube.com/watch?v=WnN6dbos5u8&feature=youtu.be

Link to Certification Info:
https://www.elearnsecurity.com/certification/ejpt/ (Junior Pentester Cert)
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (OSCP - The ultimate goal of aspiring pentester)

Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.

Monetization section (besides getting a steady gig):

Bug bounty site (hack large companies and websites for bounty rewards):
https://www.hackerone.com

Hackerone also runs this site, which is for learning:
https://www.hacker101.com/

As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.

Its a great time to work remotely boys! Even better to be involved in an industry largely unaffected by the coronachan economic destruction. So what are you doing during quarantine? Vidya? Movies? Porn? (stop) Or will you improve your situation and reach comfy status? Time to get back to work.

>>18157805
Cool but why is this here

>>18157841
Some of them click in and out and for others you have to turn the top part to get the tip out. Others just have caps.

I've almost completed the certification to test fountain pens but I'm not there yet.

>>18157805
As someone who wants to get into PenTesting, I already know all of this shit and I still can't find a fucking job. It's impossible.

>>18157841
someone who gets paid by clients to hack into their networks or apps in order to identify security vulnerabilities.

>>18157874
its always been "here" since /RPG/ started. it began here organically during discussions about how to work remotely. its my business and it finances my shitcoins.

>>18157878
this guy fucks

>>18157899
what country anon? If you are legitimately qualified than it seems there is something else create a roadblock.Do you live in a shithole or have a felony? Getting your first gig in any business is not 'easy' but if you possess legit skills, than it should not be that tough. Email me if are for real and could use some info to get an interview.

>>18157805
Based oscpanon. Ive been going through the previous threads and currently studying your guide. I have a long way to go but at least now I have some goals to set thanks to you. Glad you're still here dude.

>>18157899
the thing is you dont need a job, you can use hacker1 or bugcrowd and sit home taking fat dabs

>>18157899
also this >>18158019

if you are skilled than check out hacker1 or synack (synack has some pros imo but hacker1 may be more anon)

>>18157964
based, keep it up anon. you got this.

>>18157805
>cybersec thread on biz
this topic is so barely relevant to the board...what the fuck

wrong board incel

Man i remember these threads. Was enjoying it for a bit then my fulltime wage cuck job got super busy and now i forgot everything.

>>18157959
I am in the US. I don't have job experience, so that is likely my issue. But I do have a CS degree. I really am passionate about this stuff, I self-teach and I want to learn more. Maybe I just need to bite the bullet and do the OSCP.

>>18158019
How likely is it that you make decent money doing this? Like I'm just starting out and I have bills to pay.

>>18158105

same. good to see oscp anon back, i'll pick it up again at some stage.

>>18157805
Jolie shows her boobs for .5 seconds in Hackers. How much CKB would she hold if she was a real person?

>>18157805
FUCK I ABSOLUTELY LOVE THAT FILM.
Has one of the best soundtracks ever and I think Angelina Jolie gave me my first wet dream.

>>18158054
Thanks bro. It's gonna be a slow process, but I get some motivation thinking you managed to do it while working on another job. I'm shit at programming and haven't written a line of code in months but reading the pastebin I got myself some goals to pursue. Is it possible to make it in the field with no prior experience in the field? I come from a stem background but I have little to no knowledge as far as networks and network security goes and I was inundated with not knowing even basic infrastructure. Im still setting up my lab and got my Linux machine up and running on an old shitty desktop. Sorry for the word salad, I'm about to go to bed and this thread popped up. I was even thinking of emailing you if you're still on/biz/

>>18157805
You stopped posting and stopped responding to emails. Is it really you? Also did we ever get a discord or IRC?

>>18158079
>>18158086
Oscpanon has been here longer than you fags, show some respect to the man. Or, just get out.
>>18158105
Same here. I was in the early threads but only recently managed to get my shit together and make some time to work on the material.
>>18158124
Now's a good time to pick it up bro. Let's go make it

>>18158079
thread about making $ in a way that doesn't suck on /biz. a shock I know...

>>18158086
>incel
weak

>>18158105
I learned while working an unrelated shit job full time. its worth it.

>>18158112
sadly certs are important to getting that first gig. CS degree is nice but will not actually get you a pentest gig. OSCP will. I'd say just do it. You can make decent money on bug bounties, but you have to be real good. I'd say the people making good money there either are veterans or also work in the industry already.

>>18158124
thx anon. try to put aside a small amount of time per week. it pays off big in the end.

>>18158140
probably none

>>18158157
you are not wrong

>>18158161
you can make it. it is a field you can transition into for sure. STEM helps, but really you just need to commit to doing it and dive in. Thats good you have a lab. Keep working. email me, I'm back around. I know some anons have a new irc, but I haven't been able to get in there yet. I'll be active again tho if you want to hit me up on email. Sorry for the time way. shit happens

>>18158219
we got an IRC but its not up right now. (sorry) . as I said above, some anons put up a new one I heard. but I haven't been able to get in. if I see enough interest, I'll load up a new one. it is me, email me if you like to make sure

>>18158257
I'm gonna email you if I really need your help on anything related. My priority now is to study and practice based on the material you have provided so far. Thanks for the updates on >>18157840.
>Sorry for the time way. shit happens
No worries fren, just different timezones and unfortunate work shifts.
Also bump for the irc channel. /biz/ is not the ideal place for us interested in oscp but /rpg/ threads are always welcome. Forgot to say, based email address

>>18157805
It's been a while, I took back my studying again last month. I FUCKING NEEDED THIS.

Thank you, OSCPanon

>>18158257
>CS degree is nice but will not actually get you a pentest gig. OSCP will. I'd say just do it
Bummer honestly. I spent a lot of money on a degree and it doesn't even matter kek brutal. But yeah I'll just get into the OSCP. I am trying to avoid a help desk role if I can.

>>18158257
>we got an IRC
That's very much in the spirit of Hackers. Every zoomer in this thread is now required to watch Hackers (the film).

>>18158446
sounds good anon, I'll be around. I might reload the IRC soon. I just got caught up and forgot to reload it with satoshis.

>>18158549
keep at it anon

>>18158556
its not that the degree is useless. I just think that in terms of getting a job, it helps a lot more on the defensive side of the house. Like you could definitely get an analyst job real easy. In fact, you may look into doing that while you work on offsec. Look for a SOC (security operations center) or NOC (network operations center) for a defense job while you train offense. The good news is that everyone is going remote right now, so you may even land a remote gig.

>>18157805
How were you, anon? desu I was a little bit worried about you.

If I know nothing about this what's the first book I should read?

>>18158675
Im good. Was just busy. sorry to worry you anon

>>18158888
something that will get you interested and hyped, like Ghost in the Wires. then install linux, check out my resources for learning linux, and then get Hackers playbook v2. It will get you hands on quickly and into interesting stuff.

>>18158888
also checked.

and being new, I recommend Backbox for a first linux distro with pentesting in mind. its ubuntu based.

>>18157805
do you do anything cool or are you just some corporate stooge

>>18157805
I'm pretty good in C, and very comfortable with Java. Also use Python for scripting. what things can I apply my Programming skills in the area of cybersecurity?

>>18159044
I do exactly what a blackhat does, except the client asks me to do it and pays in advance. I break into bank accounts, private email, internal networks, etc... and exfil sensitive data that would be harmful to my clients if released.

>>18159061
Lots. You could write tools that automate pentesting operations (python). You could identify vulnerabilities in web applications (java). Conduct code reviews or perform debugging and fuzzing, in order to identify code vulnerabilities in C, as well as write exploits in C. The vast majority of kernel exploits are written in C for example. It just depends on your area of interest. A lot of exploits are also written in python. You could also combine the knowledge. Like many exploits for java deserialization are written in python. ex: https://github.com/frohoff/ysoserial

I don't have a degree but I'm working through physics and about to get my sec+. Can I get a job? I honestly dont know how to sell myself on a resume cause ive always worked in my dads business making audio gear and microphones and shit.

>>18157805
Gameanon here. Good to see you again, OSCPanon! Got my first OSCP exam attempt scheduled for early May. Goin back into grind mode!

For any newbies who wanna join our interim OSCP IRC, here are the instructions:

1. Install tor and weechat on your Linux machine (or whichever IRC client tickles your pickle)

sudo apt install tor weechat

2. Start and enable the tor service

sudo systemctl enable --now tor

3. Open weechat and type:

/proxy add tor socks5 127.0.0.1 9050

/server add neetsec neetsechutbk4w7x.onion

/set irc.server.neetsec.proxy "tor"

4. Set your nickname

/set irc.server.neetsec.nicks "youtnamehere"

5. Connect and join our channel!

/connect neetsec
/join #neetsec

Can you mail the address of the second IRC channel?

>>18159806

right here bby
>>18159794

>>18159821
10ks

>>18157805
This looks pretty cool, thanks anon. Doing my MS in computer science and plan on taking some security courses, this will definitely help.

THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!
THIS THREAD IS OFF TOPIC
JANNIE DO YOUR JOB!

>>18157805
That is a dude.

>>18159891
Angelina Jolie is the hottest dude

Great to see you back OSCPanon.

We missed you.

t. ya216

FUCK YES!!!!!! FINALLY HE RETURNED. So fucking glad to see this thread.
For everyone lurking: please do yourself a favour and read up the archives for the remote pentester generals. Now that everyone has to do homeoffice without setting it up properly by the company there will be so many black hats fuckimg shit up which will In return boost IT Security demand EVEN MORE. JUST FUCKING DO IT.
t. einzuwa

Welcome back oscpbro

great fucking thread

MOOOOOOODS
Remove the glow nogger
Off topic and advertising and do on

good thread but angelina is a shit waifu

Quick rundown on this thread?

>>18161445
Glow bigger luring idiots into private telegram and discords promising jobs and riches in an attempt to black mail them. Comes back from time to time to find new victims

>>18161445
its 48 deep
you have potentially 3 months stuck indoors you lazy fuck fucking read

>>18161445
They test pens.

Quick question: how often do you come across OWASP top ten exploits in live tests?