/biz/ - Business & Finance

free Burp Suite course (Burp Suite is the no.1 tool for web app testing):
https://hackademy.aetherlab.net/p/burp-suite

Other Resources (podcasts, tech reading, misc):
https://darknetdiaries.com/episode/36/ (great podcast. Ep.36 is about a pentest)
https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/ (collection of online CTF games)
http://ctf.infosecinstitute.com/ (CTFs for beginners)
more to come...

Link to Certification Info:
https://www.elearnsecurity.com/certification/ejpt/ (Junior Pentester Cert)
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (OSCP - The ultimate goal of aspiring pentester)

Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.

Monetization section (updates soon):

Bug bounty site (hack large companies and websites for bounty rewards):
https://www.hackerone.com

Hackerone also runs this site, which is for learning:
https://www.hacker101.com/

As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.

You got this anons!

New Announcements:

Anon found a new course on youtube: (Complete beginnger guide Network Pentest 2019)
https://www.youtube.com/watch?v=WnN6dbos5u8&feature=youtu.be

Telegram (I will use this group to announce when /RPG/ threads go up on /biz):
https://
t.me/joinchat/AAAAAFihisZbNDWUNip7Yg
(please create a new telegram account with a bullshit phone number before joining. You can get a burner number with an app called Burner App for IOS or Android.)

IRC: Hopefully functional next week. I am taking the time to build it on tor with complete anonymonity for myself and the users. In the meantime, you should get familiar with using hexchat to connect to IRC over tor. We will have a onion address. When the IRC is live, I will also post a guide on anon/secure IRC setup. Also, still looking for more mods.

Also, my replies will be slow today, as I have a lot going on. If thread drops off the board, I'll repost later and do a mid-week edition as well.

>>15009378
>https://pastebin.com/e35Vr0LX

are you the anon who posted the original threads and wrote the path to pintesting guide? if so, thank you very much anon. i'm really interested.

how difficult do you think it would be (and long do you think it would take) for someone with zero programming knowledge to get OSCP? I'm really good with computers but I dont have any programming knowledge. I'm someone who has lived on his computer and online for most of his life, who knows everything there is to know about computers just short of writing lines of code myself.

but i hate my career at the moment, and im looking for change. pentesting sounds enticing. and I've always regretted not studying cs at uni. meanwhile my comp sci friends make super comfy money and have comfy careers in that industry

>>15009393
looking forward to the IRC btw. will that be the best way to contact you in the future?

can you really get 150k a year remotely with only an oscp cert?

>>15009570
yeah I'd like to know this as well. it sound too goo to be true. How long would it take someone with zero coding experience (but who is nonetheless extremely experienced with computers) to get oscp cert?

>>15009427
I am the anon who posted the original threads and guide, yes

You don't need to program to a level of development. You more just need to be able look at code and tell what it is meant to do. There is also a good guide out there called I think 0 to OSCP in 292 days or something like that. I did it. You can do it too. Also, you don't need a degree. I don't have a CS degree and I do just fine.

>>15009534
Best way to contact me would be via email, and IRC once it is active.

>>15009570
I am living it, so yes. I also have a CompTIA cert that I got years ago, but nobody cares about that.

>>15009592
I had very little programming exp. I had not programmed since AOL / Visual Basic days. Even then my warez were not amazing. I completed everything in 4-5 months, while working full-time. A safe estimate is 1 year.

>>15009647
brb gonna get cert

>>15009378
Decided to embark on the RPG route, been playing with kali Linux and gonna get an associates in Network Admin, thanks for the resources m8

>>15009647
How do you find work after you get the oscp? I know it's high demand field. But are these jobs advertised? I'm like 1/4 my way to being confident about the test btw. All thanks to you. I've been here since the beginning. Waiting for you to send me some audio resources though. I'm the truck driving anon. Maybe you remember me. I will always remember you, anon. I will buy you an e-beer

>>15009661
kek

>>15009679
no problem.

>>15009694
I do remember you anon. Apologies it has taken me a while to dig up audio resources. I would look for audiobooks. I will post a few suggestions here, but you can usually find free versions of audiobooks, so dig around.

https://www.audible.com/pd/Hacking-The-Beginners-Complete-Guide-to-Computer-Hacking-and-Penetration-Testing-Audiobook/B078THKMKC

https://www.audible.com/pd/Hacking-Basic-Security-Penetration-Testing-and-How-to-Hack-Audiobook/B015GH0ENY

It would also be useful to listen to youtube videos on the topic while driving. I did a whole CompTIA security+ video course just listening to the audio while I worked on other stuff. If you need a basic understanding of networking protocols and security, check out Professor Messer on youtube.

I'll find some more of these today and post em.

Hey OP
Thanks for making those weekly threads. I am the anon who sent you the E-Mail for the idea with the Telegram channel.
Just a short personal question:
How much do you like what you're doing? And was it already like that from the beginning?
I am studying Computer Science right now, and find it 'okay'.
But the thought of being a wagecuck afterwards makes me sick.
I was lurking into that Cyber Security field already for some time before you came up with those threads and found it very interesting. Anyway, I started out with Zaids course the other day. I know already a lot of things he talks about and it kinda seems a bit boring therfor.
But I never had a real passion for anything else neither.
Should I just pursue it anyway? Becoming a bug bounty hunter. The upside is being self employed, but what I'm afraid of is that I will be bored from it one day and hate it.
Nonetheless I fucking love the endgoal => to break into things. Exploiting stuff. I have done that with so many other things in life already.
Anyway: Did you love pentesting from the first second on?

>>15009694
Oh and to the finding a job part... I have found my last 3 jobs via Linkedin. I highly recommend setting up a profile and building it up over time (it takes a while to fill out all the fields on there and have a good looking profile.) Start connecting with people in the industry. I started by connecting with Kevin Mitnick and some other industry leaders I recognized. Once you are ready to look for a job, activate your free trial of Linkedin Premium, which enhances your ability to job search on the site, and pushes your resume to the top of the stack of any jobs you apply for. It also helps by telling you what keywords boost your rank for various jobs. As an added caveat, Linkedin Premium gives you access to Linkedin Learning, which has a ton of great video courses on hacking and everything IT. These would also be great for listening to while driving. You get I think 2 months free with Linkedin Premium. You can take the free trial once per year.

>>15009785
I have always loved hacking. From the very start. I do not love everything else IT. I worked defense for a while, and it was ok / kinda cool for a bit, but I hated it eventually, and it did not take long. I would never be a code monkey and do programming for a living. I have done web dev for small businesses. It was ok. Not great.

But hacking. Always loved it. I think when you get into the actually "breaking into all the things" you will enjoy it. Get far enough along to do some vulnhub / hackthebox / bug bounties, and see how you like it. I think you will probably enjoy it.

When I started on the path to do it professionally, it was because I was wagecucking in a different field, and I couldn't take it anymore. I was ready to kill myself. I decided I would either become a hacker professionally, or just fucking die. I put all my eggs in one basket. I quit my job and studied full time. I went through a period of being quite poorfag during this time. But in the end, I have a job that I don't even mind doing. A lot of times I actually enjoy it. It's not ideal as I still have a job. Obviously I would rather run my own pentesting business or be a rich NEET, but it is so much better than any other options I had, that I can honestly say, I'm happy. Probably for the first time in my life.

>>15009378
bumping to say thanks again anon - been working on this since the original thread about a month ago, and now I'm fairly comfortable with the command line and I've learned a few scripts in python. before I was just your average windows-savvy neet.

can you talk a bit about the career side of things? do you work for a firm? do you freelance? you mentioned a lot of job opportunities; what do those look like? any wisdom about the industry in general you can share?

>>15009879
Thanks anon!
I will keep pushing. I can kinda see myself in you, as what you say.
All the best!

>>15009920
good progress anon. keep it up.

career side:
I work for a very large penetration testing firm. I work remotely as a "security consultant." I do only penetration testing. I have done freelance work before, but I got tired of finding the next gig, and in the end, my full-time job pays more, consistently. I am valued by my firm to the point that nobody manages me. I just get emails with the assignments.
I also did bug bounty hunting when I quit my job, in the beginning of my quest. Again, it was just not consistent. A lot of the time, you don't find any good bugs, so a lot of your time is unpaid. Plus companies like to argue so they don't have to payout. Didn't care for it, but some people love it. I think I have nearly as much freedom in my current job.

What I can say in general is that the industry is desperately hurting for qualified penetration testers. It is also only getting worse right now. Next year the ratio of positions open to qualified applicants will be even larger. There is a huge "cyber gap" and it is largest for the offensive side. If you get qualified in this field, you will always have a high paying job.

>>15010021
no problem. You got this

I just wanted to say thank you OP for inspiring me. I've started studying as few weeks back. Looking forward to some live chat, as I feel I could help others with some things I know - Linux, networking, and get the occasional help I need. Hive mind.

>>15010078
Agreed, that is the goal anon. To help one another so we all make it.
My apologies the IRC is taking so long. I have some developments in life that have been keeping me incredibly busy, but I will deliver. I have completed all the research and decided on a build for keeping the chat highly secure. This week I will begin deployment and testing. I hope it is live next weekend. I'll make announcement here and in telegram group when it is up.

And just a reminder, I will start to reply slower today as I do have stuff going on, but I'll keep checking back to reply in batches.

>>15010101

I've got a question maybe you or others could advise: I'm reading a book called "penetration testing with kali linux", and though it's released by offensive security team, the version I have dates to 2014. Would you have a more recent version perhaps?

>>15009811
Tha k's anon. My id will have changed due to being a truck driver and moving. I will have to check some of these things out. Thank you so much and have another bump. You're doing great things here for the neets especially. I envy you guys and all the time you have to devote to learning about hacking/coding/etc

do you think there's an age at which you're too old to get into pentesting if you have no experience with it? would employers less likely consider a guy who just started getting into pentesting in his 30s -- especially with no previous professional IT-related experience?

>>15010155
The PWK course is the course with OSCP exam and certification at the end. I cannot give out those materials, they would revoke my cert (and the stuff is very well watermarked). You will have a hard time finding updated version for this reason. It should still be applicable, what you have already.

>>15010202
It will be tough with your driving schedule. May take a little longer but you can do it.

>>15010204
Not really. I'm an oldfag. I wasted my 20s doing fuck all and didn't get my first penetration testing gig until I was early to mid 30s. A lot of the guys on my team are older actually. We have maybe one person in their 20s. I think in this profession, it is good to be a little older. Companies figure you have some extra knowledge just from having been around for a while, even if it is not IT related besides your pentesting cert or whatever, they know you have been on a computer for a long time. I wouldn't worry about age.

>>15010339
>I wasted my 20s doing fuck all and didn't get my first penetration testing gig until I was early to mid 30s.

that's good to hear. thank you! i've totally wasted my 20s as well. the only good thing to come out of this decade for me will be, hopefully, that i bought LINK

Hey anon, just want to say thx for all your other threads and info. I wanted to go down this path for a while but had no idea where/how to start. I've saved all your stuff and have been working away at this. Thanks for taking time out of your own life to put effort into something that might help other people.

>>15010339
> The PWK course is the course with OSCP exam and certification at the end. I cannot give out those materials, they would revoke my cert (and the stuff is very well watermarked). You will have a hard time finding updated version for this reason. It should still be applicable, what you have already.

Ah understood, that's why it's impossible to find. I'm planning to buy the course but first want to get my feet wet first so I'm not reading official material and understanding 1/3 of the conceps.

>>15010876
no problem. As I have said in past threads, I have been on 4chan for a long time, so this is my way of giving back to the community. I know we'll all make it. I'm just trying to help how I am able.

>>15010948
yeah what I can say is that they do not update the coursework very often. So if you have a copy from 2014, that is a great start.

>>15011066
Reading through Reddit there is a lot of hate for people doing OSCP before having a background in at least reading code / managing servers / networking etc. Unsure about attempting ocsp without the background..

>>15011426
lot of hate never stopped me. people who wish they could accomplish their own goals but lack dedication have hate for others achieving something. I don't bother with that stuff. Everyone at every turn discouraged me from completing OSCP. Nobody believed that I would ever become a professional hacker. Had I listened to them, I would not have accomplished anything. Pure FUD

Do I need a degree for this?

>>15011614
No. My colleagues and I do not have degrees. The great thing about this path is that it is based on merit and self-teaching. No degree needed.

>>15009378
Curiously this is exactly what I was looking for OP, presently trying to get more and more into Cyber Security and this really helps. Thank you! I will continue my own quest, by picking up along this one.

first time poster in this thread, so maybe a dumb question, but would there be a viable income in discovering and selling exploits and general bugs discovered via automated ways like fuzzing?

I've seen some blog posts that left me with impression that even on commodity hardware It's possible to find something in a week of fuzzing of some random semi-popular software

I ask because this stay-in-your-basement path is more attractive to me than the glamorous hacker career... even it it's only side income Ievel money

any advice?

Thanks OP. Used to hack stuff as a teen in the 90s, went the freelance programmer route and got burned out years ago. Dont have a tech job really now and cant stomach the idea of working in an office as an adult. Thats great about the old school CompTIA exam my dad and i trained for that way back when. Will check out your links, sounds like a comfy gig with a good barrier to entry.

>>15011889
I touched on this earlier in the thread. You can make good $$ as a bug bounty hunter. However, you have to understand that some weeks do not go as well as others. So sometimes you find that you spend a lot of time that ends up being unpaid. As to your comment about staying in the basement, please understand that /RPG/ is specific to a mission of attaining a Remote penetration testing job. I do not ever have to leave the house for my job. My hacking set up is indeed, in my basement. I do everything remotely, and attend meetings via slack and other chat applications. It is up to you, but you can do either one. I just prefer the security of a paid salary. If you go the bounty hunter route, then brush up on fuzzing, (afl fuzzer, peach fuzzer, etc...) and learn assembly and C#. You will need to learn more code than a regular pentester.

>>15011900
I was in the same boat when I started. As a teen used to hack stuff in the 90s. Remote penetration testing is a very comfy gig, and does have a good barrier to entry since there is not an easy college degree type path, it requires individuals to take it upon themselves to learn and succeed. Join the telegram group to stay posted on future threads, and the IRC when it goes live. Would like to hear of updates on your progress.

>>15011889
oh one more thing, for Windows based applications, DnSpy is a fantastic debugger tool which reveals source code and allows you to reverse engineer it very well. Check it out

>>15011655
You said you had an unrelated degree in your past thread

>>15012117
Thanks, I already have some experience with asm, will check the hackerone site!

>>15012262
That is true. I have a degree in an unrelated field. My company doesn't even know about it. I didn't bother to put it on my resume. My colleagues have no degree or just a general associates. Most of us are college dropouts.

>>15012336
Yeah hackerone is a great site. I think it is the best bug bounty site for hackers. You can also learn a lot from reading the public reports.

I'll be eternally thankful to you, anon. I don't have any IT experience so it's going to be harder for me, but I'm getting there, I'm no brainlet either so I'm catching up quite quickly.
I'm a single father, I'm studying law and I'm doing freelance gigs to survive. Here's my question, is there a use for law knowledge on this industry? In about 2.5 years or so I'll get my degree, but all of the time that I'm dedicating to it I could use it to study this and finish waaay sooner.

>>15012445
There is a huge use for law knowledge in this industry. Every single penetration test has legal implications, and are governed by agreements drafted between the client and the contractor or contracted company offering the test. Lawyers who fully understand cyber security and can work directly with penetration testers and defense teams are very valuable. Given your situation, I would suggest completing your law training and working on cyber security knowledge as you go. If you can get into law within the cyber security industry, you will do very well for yourself.

>>15012445
Alternatively, if you find that you really are passionate for penetration testing, you can always switch over to full-time pentester, if you find it more enjoyable than law. But if you enjoy law, then definitely doing the combo, law + cyber, is the way to go for the big money. It's a win-win either way.

>>15011655
Bro I don't thin so... on any ad on internet related to pen tester theys earch for CS meme degree... the boomer only search for degree nowdays.. a sociofobic NEET didn't go to college

>>15012684
lol what? are you drunk?

seriously though, do your research. there is no "penetration tester" degree, and a compsci degree does nothing for you to that effect. You are talking about something that you do not know anything about. Examine yourself anon, rather than blaming others and the world/boomers at large. I am giving you a proven path that does not require a degree. If you are not even willing to research it, then I cannot help you, but discouraging others does nothing to improve your own situation. Also, I have covered this topic in several previous threads, so I can tell how new you are.

>>15012684
uh oh now im worried. i dont see myself getting a cs degree anytime soon. is it really true that pentesting jobs want to cs meme degrees?

>>15012798
oh ok thanks for clarifying

>>15012543
>>15012504
Thanks, anon. I honestly appreciate a lot the time that you're putting here. This threads give me the motivation that I need to keep going. You're doing God's work. I honestly want to pay you back once that I make it.

>We're all going to make it

>>15012840
yeah every one of these threads eventually has a couple FUD posters. don't pay them any mind anon.

And a quick note on job postings:
Every job posting you see that says 10 years experience, means 3 years experience in reality. Every cyber security posting that mentions a degree, always says "or equivalent experience" or "or equivalent certification." It means nothing. People are used to posting jobs with degree requirements when the money involved is so high, but in reality, the only thing they care about is whether or not you can do the task. It is very hard to find people who can hack professionally, so all that matters is whether or not you can do the job. They do not care about anything else.
My firm is more than happy to interview and potentially hire Anyone with OSCP. They go as far as hiring people with very little (1 year unrelated IT) experience, and pay for them to get OSCP on the job.

>>15012906
We're going to make it anon! I spent a lot of time here when I didn't have anything in life, and was struggling very hard just to buy food. My way of paying it back is what I am doing now to spread this info to you anons. Do the same. When you make it, come back and tell your story and encourage other outcasts to find a way out of typical wageslavery. That's all I want in return.

>>15009378

Honest question, just out of curiosity if you were to turn blackhat do you think it is possible to make millions penetrating companies that have lower security? Forget the ethics for one second and assume you will get away with it every time as blackhats rarely get caught. Is this possible?

Are there people that drive around in tinted vans penetrating companies servers from the parking lots? Especially blockchain companies or companies that do money transfers/payroll transfers, etc.

I know a lot of blackhatters work remotely but are there any advantages to working locally?

Would this be possible given your knowledge so far or is this dated?

I'm genuinely curious and have no affiliation with any of this but I did use to fuck around years ago a little.

>>15013302
OP has mentioned before that there's more money on blackhat, but I won't put any new words in his mouth.

Just realized the pastebin link in the general post is dated and that guide is v1. I will update the link in the future threads, but here is the v2 guide re-worked for /biz : https://pastebin.com/vyhNRqj8

>>15013302
Yes I do believe it would be possible to make millions as a true rogue blackhat. What you describe is certainly possible. Personally, I never sought to make money this way. My time as a blackhat was spent as a hacktivist. I did a lot of blackhat stuff for ideals. The reason I discourage people from going blackhat is because of what happened to myself and my fellow blackhats back then. You think you will get away with it, but in reality, you will not. You will more than likely be hunted down by 3 letter agencies with little to no respect for human rights laws. It is a very dangerous game. I am not going to say that you cannot do it, but I am saying that if you wish to try, you should be extremely paranoid with your OPSEC, and expect the worst. I never got caught to the point of actual prosecution, but I was thoroughly targeted and harassed. My OPSEC had to be so good, that I felt like I was living in tinfoil-hat land and just wanted out. Be careful with this anon. You may make a lot of money, but you will be dealing with a whole terrible reality that you didn't know existed. And as a blackhat, you will not have any "real world" help to bail you out or to even believe you when agencies start targeting you. I understand why some people would go this route though. Personally I don't think it is a good long-term plan, but being honest, yes there is a pile of money to be had for such activities.

>>15013302
And there are always advantages to working locally... Wifi.. Social engineering.. But it is dangerous.

based pentest OP is back
I emailed you about books a while back
just want to say thanks again, this shit is super interesting.

>>15013504
no problem anon. I hope I answered your email question. I try to answer everyone, but my email does pile up, and I am sure I miss some. If I ever go more then 6 days without reply, just resend the email so I see it. I will always respond. I also started a telegram private group for announcements, at the suggestion of another anon via email. And IRC will be up soon. Hope to see you there when it goes live.

Reminder that OSCP is outdated garbage and will NOT get you a job

>>15013588
pls be nice this is a cozy thread

>>15013588
always a few FUD posters each thread. Are you not accomplishing your own goals anon? Please do not discourage others from pursuing a positive path. If you decide to work hard toward change on your own path, then I will be more than happy to assist however I can. If it is IT related, I am sure I can help. Otherwise, we can probably point you in the right direction. But you have to do the work and change your outlook anon.

>>15013407
Luckily I am not in the USA and would stay away from US-based companies/entities. But I fully understand what you are saying. I guess I was just a little curious.

As to your history are you a little surprised as to why we never hear from Anonymous anymore? Have they all been taken down by the agencies? I figure ppl involved realized it just wasn't worth it to stir up a bee's nest anymore.

>not doing anything to stop Van Eck phreaking
>not knowing that the gyroscope in your hard drive can be used as a microphone
>not using ECC RAM to stop rowhammer attacks
>not being able to set kernel parameter to deny inserted USB's
>not desoldering the microphone
>not realizing that the CPU microcode could communicate with the microphone regardless of libreboot
>not putting nail polish on the screws and taking high resolution pictures to ensure signs of tampering
>not removing the modem with DMA
>not going fanless to prevent binary acoustic data transmission
>not knowing the Ethernet and wifi card have access to keyboard
>using xorg where any window can steal the contents of the clipboard or keystrokes
>not knowing that the sound card can change the headphone jack into a microphone jack and use it to record through the headphones
>not knowing they bounce an infrared laser off a flat surface anywhere near your laptop to steal your encryption keys by listening to your CPU fan
>not knowing spectre, meltdown, rowhammer and rambleed can break anything remotely using a web page with javascript

How much of this /g/ copypasta is real?

>>15013588
First time anon here:

I kind of worry about this, traditionally anytime I've ever heard about any kind of sweet employment or revenue deal, that marks precisely the moment in time where it stopped being profitable to pursue it. Dropshipping, affiliate marketing, STEM degrees, or etc.

Probabilistically, since I'm banging into the concept at random, it probably means I'm not one of the early adopters. Don't want to spend a year of my life learning some shit just so I can be late to the party and fight with pajeets over scraps.

The only time in my life where I learned about a concept or opportunity ahead of the rest of the crowd has been LINK so far. and I'm not sure I was early so much as just lucky. Sold at $4.10 btw, eyeing re-entry at $1.80 if we get there.

>>15013650
Anonymous was disassembled and destroyed, bit by bit. The original IRC chat was completely compromised, and chat admins were replaced with Feds. Though anon claimed no central leadership, it is natural for certain entities to rise to the top, and for others to listen to them / follow them. Feds know this. They compromised certain high profile individuals, and in some cases took over their online identities in order to d0xx and mislead the rest. Some anons realized this and got out. Others were not so fortunate. Some were V&, others were targeted and blackballed within their industry. A very few were recruited. Anonymous has been a compromised operation for a long time now. Do not trust anyone claiming to represent them for the last few years.

>>15013696
most of that is real. Tempest attacks have been known by deep techies and 3 letter agencies for 25+ years. There is a congressional hearing from the early 90s in which popular hackers from the time describe how to do things like read the data from screens from a distance and other attacks you have mentioned involving fans. This is why I mentioned above that being a blackhat is not viable, at least in the US, and even abroad for the most part. No system is really secure. If a 3 letter agency decides to target an individual they suspect of hacking, there is almost nothing to stop them if they go local with attacks. I never leave my main laptop at home. It goes where I go.

>>15013776
>>15013776
The last estimate taken at all seriously for OSCP holders worldwide placed it at around 20k. A recent Linkedin check I did placed it around 5500. As I posted above, the numbers are in favor of the employee/contractor. There is a huge gap between need and qualified persons. This will exist for a long time to come. Precisely because there is not a clear path, especially in academia. I dare to say that the information I have laid out here for /biz is currently the most clear path / the largest collection of aggregated information for this profession, that has been laid out.
I am also a Link holder. I sold some of my stack at $4.26. I have been buying below $2.40 for two weeks. It seems to be a good long term project. Let's hope it works out.

>>15013302
>blackhats rarely get caught
Lol
How they get paid doofus? Bitcoin, Monero? Haha

>>15009661
lol

So this is the new PHD in math meme eh?

>OSCP
>150k starting remotely

Lol sorry but there's a reason he isn't posting this on /g/, they would rip him apart.

There are no infosec jobs that pay 150k starting with just a cert. You need experience and networking to get that.

>>15014352
/g/ is a cesspool of regular IT normies with no vision. there is nothing there to advance skill. its all about new phones and hardware. its like helpdesk staff. thats why this isnt on /g/

try harder to FUD. I guarantee you don’t hold any pentest cert worth a damn. which means you are just talkin shit

>>15014352
I shitpost on /g/ all the time larping as somebody who knows stuff, just like 87% of that hellhole

>>15014352
find me a single /g/ thread with as much helpful legit info as I have provided in a single /RPG/ general thread (much less the combination of info I post throughout all these threads plus guide.) You will not be able to do so. Non-hackers love to hate.

>>15014837
Not him but I did want to ask though, are the only high-paying jobs you can find on LinkedIn?
Every job I look up on google comes no where close to 6 figures.

>>15014905
Dice is also a good source.

Google "OSCP starting salary" . Ignore the analysts jobs, those are people with Sec+ , those are not pentesters. The pentester title would be "security consultant" and the other ones (engineer) are defensive, yet they still are near 100k range. As I have addressed in previous posts, your starting salary should be 100k at the minimum, for any OSCP offense. 150k with some experience.

>>15014935
thanks anon
you've been very helpful
may your altcoins moon

>>15014983
Thanks for the positive energy anon.

No degree here
which CERTS should I take to impress boomers managers of companies?

>>15015152
that depends on the job you seek. you should read the guide here: https://pastebin.com/vyhNRqj8

but heres a quick rundown:
defense:
Security+
CASP
CeH
CISSP

offense:
OSCP
GPEN
other SANS certs
OSCE
AWAE

networking:
Network+
CCNA
CCNP

Server:
MCSA
MCSE
RHEL

>>15009378
I'm currently working on mine, only a few days in. After I get it where do I start looking to find a job?

>>15009378

I have a question, OP. I'm currently working as a software dev for a startup, been doing that for a while and I got pretty comfortable with JS/React/Node, etc. However, I've recently began considering moving to pentesting, possibly looking for cybersecurity roles.

I have a CS degree and I've done InfoSec coursework but I am really having second thoughs about this since it's an industry that places a lot of focus on certs and I'm just no interested in spending a year chasing them.

What would you recommend?

ps Heres some ass for your trouble

Another question for OP

do you see this as a safe career path? In my current field there are so many stories of 50 year old engies getting JUST'd from their jobs....does that happen in the offensive world?

>>15015658
>50 year old engies getting JUST'd from their jobs
why do they get justed?

>>15015783
employers discover it's cheaper to dump them then continue matching 401k, usually.

>>15009378
well OP, let me ask you. The udemy ethical hacking course is on some ridiculous 90% off sale right now for new users. Do you know if these kinds of sales are frequent or is this an uncommon event? Shit ends in two hours but I've gotten JUSTed buying shit because it's on sale just to find out later that it's always on sale.

>>15015423
much of the IT industry is cert focused. I would say at least with pentesting, at some point it stops. With OSCP i don’t need to get anything else, and its lifelong, I dont have to renew it every few years like CompTIA. Maybe in dev you could avoid some certs, but eventually you will have to get some or take some classes for compliance.

>>15015658
I think you would be safe on offense. There is such a desperate need for talent, that I don’t think age is an issue.

>>15015877
udemy courses go on sale for 80%-90% all the time. doesnt mean they are not good courses or worth the money, but I would say it is baked in. you dont need to buy it now, it will be on sale again soon. Just dont ever pay full price

>>15016036

Are there any udemy courses that would prepare me for entry-level offense/pentesting jobs?

I've heard there are 2-3 top-tier udemy courses on ethical hacking and I've noticed that you mentioned Zaid Sabih's courses but would you say that would be enough to be employable?

>>15014016
Even before cryptocurrencies were big, there was a billion-dollar blackhat worldwide market. Most blackhats arent in the US fucking idiot. Most in Russia and never get caught or extradited. Why do you even think white hats exist? To guard against the tons of blackhats that roam free you brainlet idiot. Like I said its an ocean of blackhats and yes the letter agencies capture whales from time to time but often a lot of fish go through the nets and never get caught.

>>15014016

read this blog and see how many don't get caught brainlet.

https://krebsonsecurity.com

The podcast Darknet Diaries made me hate pentesters/white hat hackers.

>>15016524
lol I dunno, https://darknetdiaries.com/episode/36/
Jeremy from Marketing is a good Darknet Diaries podcast about a whitehat. It’s pretty cool. Not sure what there is to hate. Whitehats dont expose or catch any blackhats. They just try to hack stuff first and advise on patching the holes before the blackhats get there.

I mean I get it, but we cannot all take blackhat risk. Its different if a blackhat turns and exposes his fellow hackers, but thats just a snitch, not a whitehat. It’s just a cool job for most of us.
>>15016369
a lot do not get caught. mostly high profile do. I wouldnt be concerned about it rly if I wasnt in the US.

>>15012939
>My firm is more than happy to interview and potentially hire Anyone with OSCP
Would your firm hire from outside the US?

>>15017778
He’s larking anon lol

>>15018223
larping*

>>15016327
>I've noticed that you mentioned Zaid Sabih's courses but would you say that would be enough to be employable?
I am not OP. But how fucking retarded and low IQ are you, when you think a fucking 10$ course makes you employable?
Jesus fucking Christ. I study Computer science and I am doing this course as well. It covers the basics of the basics.
You write a few scripts and learn a few shell commands. It's good to get your feet wet and see if it could potentally be something for you. But not more than that. Obviously you will learn something there. Even more if you have no previous knowledge. But it doesn't go very in depth and at the end you may have an idea of the bigger picture, but that's it. You won'f be able to solve/hack anything in real life yet. No special knowledge, nothing.
However: It is a good place to start

>>15018258
Why do you think that?