/biz/ - Business & Finance

free Burp Suite course (Burp Suite is the no.1 tool for web app testing):
https://hackademy.aetherlab.net/p/burp-suite
https://www.youtube.com/watch?v=AVzC7ETqpDo&list=PLq9n8iqQJFDrwFe9AEDBlR1uSHEN7egQA (youtube version)

Other Resources (podcasts, tech reading, misc):
https://darknetdiaries.com/episode/36/ (great podcast. Ep.36 is about a pentest)
https://wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/ (collection of online CTF games)
http://ctf.infosecinstitute.com/ (CTFs for beginners)
more to come...
(Complete beginnger guide Network Pentest 2019)
https://www.youtube.com/watch?v=WnN6dbos5u8&feature=youtu.be

Link to Certification Info:
https://www.elearnsecurity.com/certification/ejpt/ (Junior Pentester Cert)
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (OSCP - The ultimate goal of aspiring pentester)

Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.

Monetization section (updates soon):

Bug bounty site (hack large companies and websites for bounty rewards):
https://www.hackerone.com

Hackerone also runs this site, which is for learning:
https://www.hacker101.com/

As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.

You got this anons!

Announcements:

Telegram (I will use this group to announce when /RPG/ threads go up on /biz):
https://
t.me/joinchat/AAAAAFihisZbNDWUNip7Yg

IRC chat server:
xrpcxysuvqqcg4hiwymrs2vefvvtkiby7gmp3veuiqbld74s3grjs2qd.onion

For all anons who are brand-new to /RPG/, here are links to all the previously archived threads.

8/11/19 https://yuki.la/biz/15207935#p15207935
8/4/19 https://yuki.la/biz/15111033
7/28/19 https://yuki.la/biz/15009378
7/21/19 https://yuki.la/biz/14908749
7/14/19 https://yuki.la/biz/14784856
7/9/19 https://yuki.la/biz/14685592
6/29/19 https://yuki.la/biz/14460030
6/29/19 https://yuki.la/biz/14451088
6/22/19 https://yuki.la/biz/14291877
Original thread that inspired /RPG/:
6/9/19 https://yuki.la/biz/14246491#p14247207

Based OP. Thanks for the links.

>>15467643
>>15467651
>>15467663
BASED OSCPanon

thanks op i've been looking for these

Glad to see you're still up OSCPanon. I started Zaid's python and ethical hacking course a week or two ago and I've been doing over the wire in between lessons. Long road ahead, but every day I learn a little more.

pic related only thing in my way right now

>>15467667
no problem anon. I’ll continue to add more resources

>>15467673
thanks for bump

>>15467674
sorry its been a while. august was a crazy month. I’m getting back to normal schedule tho now

>>15467725
lol I hear that anon. Just try to have discipline. you got this. good progress!

>>15467643
is it possible to get one of these jobs without a college degree and just certs? i'm a neet and am willing to do nothing but try to learn all of this over the next 6-12 months, i have nothing else better to do and $120k remote starting sounds incredible

Is it even possible to break into this in Canada without a degree Not a NEET but my job has nothing to do with IT. I use linux exclusively for years and have basic programming knowledge but no major projects to my name if that somehow helps me

>>15467807
>>15467828
Definitely do not need a degree. I do not have a CS degree (my degree is unrelated) and very few of my team members have any college education. The degrees people do have are largely unrelated or only somewhat applicable. If it required a degree, I wouldn't post about it, because college did not work out for me too well.

The whole point of this is to help people find an alternate pathway that does not require going in debt to get an education.

>>15467969
And just OSCP is enough? Usually they say you need all these programming projects for example to show your skills.

can i work from, say, singapore for a US company? or from any other shit 3rd world countries without a US citizenship? i quit being a burger a while ago and wondering if an OSCP fellow can work for like 10k a month from out of US.

THANKS.

>>15468104
You probably need projects for a programming job, but Penetration Testing is not programming. The OSCP is proof of your work. It is not a question-answer test. In order to pass, you must successfully hack several lab servers and show your work in a professional report. That is why OSCP is proof alone that you can do the work.

A github with your own tools may increase your chances for getting hired on a specific job, but it is not at all necessary.

>>15468156
Oh I was working on some to put on github then realized I'm not creative enough to come up with anything impressive.

I will try this pentesting stuff then

>>15467643
Based anon, thanks!
I am just wondering: How high does ones IQ need to be for that whole thing?
I am a white guy, average IQ. I would say that it takes me some fair ammount of time to get good at things.
Right now I study Computer Science and I have friends that outperform me like crazy. They get top grades in exams while I am hovering around somewhere in the lower third. They learn extremely fast and get really good at things.
Sometimes I feel like I should just become the guy at McDonald's. I mean there will be always smarter people than me anyway and as far as I understood, it takes quite a bit to be successful in pentesting. However, it's actually the only thing I am interested in, apart from the trade I Learned before.

WWWWEEEEEEEEEE WWWOOOOOOOO
WWWWEEEEEEEEEE WWWOOOOOOOO
WWWWEEEEEEEEEE WWWOOOOOOOO
DAILY REMINDER THAT OSCP HAS MARKETING WAGIES THAT SHILL THEIR COURSE 24/7 ON EVERY CORNER OF THE INTERNET. IT MAY HELP WITH HR BUT IT IS BY FAAAAAAR NOT ENOUGH AND THE FIELD IS OVERSATURATED.
WWWWEEEEEEEEEE WWWOOOOOOOO
WWWWEEEEEEEEEE WWWOOOOOOOO
WWWWEEEEEEEEEE WWWOOOOOOOO

>>15468275

so how much is enough wee woo anon?

>>15468352
A couple of years work experience. And pen testing >100k is a meme if you are not senior expert in the US

>>15468151
My team has people worldwide. This shouldn't be an issue for you.

>>15468257
I don't really know much about IQ scores honestly. I've never been tested, no clue what my IQ is. If you are average intelligence white male, then you are ahead of the game. It is simply a fact that 90% of these positions in the US are held by average intel white males.

>>15468275
Liar. Try working toward a goal and improving yourself little by little anon. You will not feel the need to attempt to devalue the accomplishments of others any more, if you feel good about yourself. Working toward a good goal and accomplishing small victories along the way will make you feel good about yourself. Try it out.

Got sidetracked with aleph ones "smashing the stack for fun and profit" article, taking the x86 assembly intro course on opensecurity.info (https://www.youtube.com/playlist?list=PL038BE01D3BAEFDB0)) right now

>>15468378
Junior and Mid level pentesters is a meme. Those are not real jobs. The jobs with those titles are either not true pentesting jobs, or are trying to take advantage of someone who aspires to be a pentester but lacks OSCP and relevant skills.

All pentesters who are capable are "Senior" level on paper. So in some ways, you are right. But your message that obtaining OSCP and getting into a job will not net you 100k+ in the US is simply not true. Also, US companies like to have people around the world, for 24/7 coverage and to work with worldwide clients, so it is not just for people in the US. I encourage people in other countries to take this path, because for many of them, it is an even better deal.

>>15468415
Good stuff. I'll check out that course and add it to the list if it looks good.

Also, I am looking to update the email list. Anyone who wants to be added to the new list please email me: OSCPanon at protonmail dot com

I send out notifies about new threads, IRC info, telegram info, etc... I will also be sharing hacking whitepapers, tips and tricks, and new exploits as I discover them. So if you do not want to join the IRC chat, then definitely get on the email list.

>>15467643
how is buffer overflow still a thing? i mean every damn app has now DEP and ASLR and i doubt that any serious job that pays you 150k per year will not ask you to hack (and give you 25/100 exam points) some shitty email app from 1985

>>15468620
i wrote you and you never answered

>>15468741
Are you sure? I just got caught up on emails. I get a lot of them, so if I really haven't replied, then please resend so it bumps to the top of the stack.

>>15468715
Actually they still happen and there are good DEP and ASLR bypass techniques. However, when you are actually doing regular testing, you are not too worried about stuff like that. Pentests are time constrained. You don't have time to discover a new vuln and write a new BO for it. That kind of stuff is for security 'researchers'. And you would be very surprised what clients pay for these types of tests, for just a week's work. It is outrageous. Demand is very high, because no one wants to get BTFO and have their company rep go to shit.

I've got sidetracked and fell into the ol' depression hole for a few weeks. This morning I step out of it and tried to get my shit together. This is a pretty good-timed thread for me.
I installed Kali as my new daily OS because my machine has shitty specs and I couldn't run a lot of vm's on it at the same time. If I don't try to do any weird shit, is it really as vulnerable as everyone says? I understand that I'm using it as a root user, but If I create another user without root privileges to do my daily shit it shouldn't be so dangerous, right?

>>15469156
So I don't want to say it is totally fine, because kali is not designed to be secure. That said, it is not "wide open" or anything. I actually did the same thing when I first started on this path. I was very poor at the time and only had really old shitty laptop. I wiped it and put kali on it, because it was all I had to work with. I would say, as long as you are not doing weird shit or visiting non-reputable websites, then you should be fine. Definitely use a non-root user, and just be mindful of your web surfing. You should be ok. I would try to do sensitive stuff on your phone maybe? Like if you have a smartphone and your bank has an app, use that, rather than banking on your kali machine. Either way, just be mindful and you will be ok. You can also take some added precautions like learning how to use iptables to create a firewall. This would also be very relevant training for your pentester path.

Do you do any malware analysis? Is that shit a meme or just for extreme nerds?

I've been reading malware and security blogs but most of it is beyond my understanding

>>15469485
I prefer not to do malware analysis. I really prefer not to do anything defensive at all. My malware analysis generally is me pulling apart malware to figure out how to improve it or change it to suit my own hacking needs.

I think it is for extreme nerds. But I could be wrong, and I say if it interests you, that is all that matters. Get involved in whatever portion of the field most interests you. You will only benefit from the knowledge gained. This sector is going to continue to grow and will dominate the job market. We are truly moving into a cyberpunk world.

>>15469520
Sorry I don't know shit im just trying to figure out what i can do to get any literally any tech job because im tired of working in a brainlet industry.

How much do people such as Xylitol https://www.xylibox.com/ make? Do these security researchers actually make good money? Seems like they disrupt massive criminal botnets

>I really prefer not to do anything defensive at all.
What do you mean by this? Isn't it your job?

What is this thread?

>>15469566
Xylitol should be making a lot of money, otherwise they are just not doing something right. I am sure they do very well for themselves.

>I really prefer not to do anything defensive at all.
>Isn't it your job?

Well yes and no. So, primarily my job is to hack into things. This is offense. A client gives me a target, and I break into the network/system and loot as much sensitive shit as I can. The only part that is "defensive" in nature, is the fact that at the end, I produce a report, and in that report, I not only show how I broke into the systems, but for each system/technique, I give a detailed remediation plan. ie: I provide the defensive fix for the problem also. I don't mind this part too much. What I mean by saying that I don't prefer to do defense, is that I do not want to be the person responsible for securing systems or networks, or for stopping botnets and the like. I like hacking. I don't want to block it, I want to hack.

>>15469609
A primer for people who want to get a tech job which they can do remotely (from home) and make good money doing it. The focus is for penetration testing jobs, but all discussion about tech jobs is welcome.
> inb4 why on /biz ?
/biz is my fave 4chan spot. I think it is the only place with so many people actually driven to 'make it' and willing to put in the effort and time to make that possible.

Please read the past threads if you are interested.

>>15467643
why do you post these threads on /biz/ and not /g/?

>>15469638
I just started going back to school for my bachelors in business administration. I'll be 28 this Friday and hate my current career. Is a bachelors in BA something I can use to get into this field? College is a meme but sometimes you gotta pay to play and I am a brainlet who isn't good enough at maths to do STEM

>>15469638
Oh I see. Is there some laid out pathway to get into it? So far it just seems like
>learn this random stuff from all these different resources
>get certification such as OSCP
>apply to job and get job

>>15469648
see >>15469638
for bonus points, I'll add that I fucking hate /g

>>15469661
a BA might help in some abstract ways. It tells potential employers that you are not retarded and you can finish something you started. I would suggest, if you get a BA, but have interest in this field or other tech fields, to go into the sales part of the field. Pentests have to get sold, and if you get a BA and learn a bunch of tech shit, you could be really good at talking to clients about what you are trying to sell them.

>>15469663
The reason that I have created all this content is because there is currently not a laid out pathway. I am trying to create one for you through aggregating all this info. That is also why it is the best time to get into this career. You are an early adopter of sorts. The reason there is such a huge demand for people who can do the job is specifically because there has never been a college degree for it, and suddenly there is this massive demand. Get in before colleges really start to catch up. But also, that is kind of how hacking is. You don't get all the info in one spot. Part of becoming a good hacker, is learning how to do research properly. I've provided a head start on the research. Most places that "teach" hacking will tell you to DYOR for the most part. They only provide a basic foundation, and a shaky one at that. OSCP provides the most info, but you still are supposed to research a lot on your own.

>>15469705
Does this program cost money or what? Not opposed to investing in myself, just wondering.

>>15469661
oh and one more thing. I don't like math. I'm not great at math. Hacking does not require much math at all. Just basic math really. I'm always confused when I see people on /g say things like you have to take all this high level math to get into cyber jobs. Just complete bullshit. Unless you are working in crypto or for NSA codebreakers or something, then you only need to be able to add and subtract. Programming languages have come a long way, they are close to human language now. If it required a lot of math, I wouldn't do it.

>>15469754
There are only a couple things on my list that require money. I tried to seek out as many free resources as possible for suggestion here. Basically I suggest paying for premium HTB when you are ready for practicing there. It is totally not required, just kind of nice to have your own lab vs share with the whole public community.
The only other thing that cost money are certifications. Most certs are not cheap. Most run $300-400 for defensive tech stuff. Offensive tech ones are more expensive. OSCP costs about $1000. But if you get that cert, depending on what you currently make, you are probably looking at recouping that 1 grand in your first month on the job. When I got OSCP I was making $75k/year. My first job after OSCP was $125k + $20k for benefits. I was contracting, so I asked them to pay me the extra 20k since they weren't providing healthcare, and they were happy to oblige. It is a worthwhile investment, but you also do not need to spend a dime until you are basically ready to take the test. You can get all the training you need for free on your way there. If it is too costly, there are other certs for cheaper that you could take, get a better paying job than you currently have, and use the extra money to then pay for OSCP later. Also, if you get a tech job while you are working toward pentesting, you can usually get your employer to pay for OSCP for you.

>>15469754
also if you are a US veteran you can get vouchers for certs for free. if you need this info, just email me.

!!!!!!!!!SHILL ALERT!!!!!!!!

op works for the company that sells the oscp course and certification which will run you $2,000.

A certification alone is never enough to land your first job and there are nearly 0 entry level remote pentesting jobs.

Stop making these threads, oscpajeet.

>>15469907
lol considering the amount of people who will actually follow through and pay for the OSCP at some point... paying someone to shill here would be a terrible ROI for the offsec company. Not to mention that they are constantly backed up with open seats and do not need to shill anywhere. Even if you did all the things I have listed, and never took OSCP, you would have gained a ton of knowledge and be much more employable in the tech field. Period.

Also, back to /g if you do not have the heart to even try

>>15469907
I know guys IRL who have their CCNA making 50-70k so why shouldn't getting the OSCP get me a good job to? Fuck off troll

I'll be checking iptables at night. I'm pretty much in the same position as you were, that gives me a lot of hope. As always, thank you oscpanon, you give us losers a reason to keep going.

>>15469798
I'm not a veteran but can I still get your email?

>>15469956
hey m8, to a certain extent I appreciate the scam. I know you need to get people into your sales funnel or whatever. It's just irritating how transparent this shilling is.

Like if I were to tell you that all the OSCP material was available via torrent and there are lists of htb's which are nearly the same as the oscp labs, would that make you uncomfortable? Of course not, you're just a humble guy who makes 6 figures and uses his free time trying to get more people into his career as a... form of charity I suppose. Sure, makes perfect sense.

pic related is you, you glowing piece of shit. go shill on reddit.

>>15470001
This is a good point. That is what certs are for.

>>15470048
No problem anon. That's why I do it. Getting into this career basically saved my life. I was miserable before and couldn't stand to do my awful wagie job any longer. At least with this job, I am happy.

>>15470096
OSCPanon at protonmail dot com

>>15470097
I am aware that OSCP material is available on torrent, but it is dated (2013). I also point out myself that you can use vulnhub, totally for free, and don't have to do HTB. These are just my suggestions for getting from point A to point B. You don't have to follow every single part.

A lot of people really appreciate the time I put into aggregating this info, so I'm afraid you are in the minority on your opinion. That's fine though. I don't care if you do it or not. I offered to help people, and if you read the archives, you would see that I was asked to start these threads. I also run an IRC and telegram for this, and answer hundreds of emails per week to help people.

Again, I say, you should choose a goal and work toward it. Once you start to make small accomplishments on your way there, you will feel better about yourself, and once you feel better about yourself, maybe you will understand how someone like me could just want to give back to the only community left on the internet that he thinks isnt a complete piece of shit. It's up to you anon.

>>15467643
Keep making these threads anon. can't commit to it fully at the mo but they're a great resource.

>>15470097
why do so many sour grape faggots spend time FUD'ing genuine advice? All you're illustrating is how pathetic you are

>>15470185
will do anon. I apologize the threads have not been as frequent as of late. It is very time consuming for me, but I will try to keep posting them regularly. Regardless, I'll keep archiving everything so when you are ready, it will all be here. Good luck anon

>>15470193
meh no worries. Thanks for the bump. The positive emails and posts here let me know it is worth doing. I know that the FUDDERs, if they asked themselves, how many lives they have impacted in a positive way, and how much positive change they have had on the world, would be left questioning how they spent their short time in this life. That is why I wish them the best and always just suggest that they work on themselves. Everyone should try to just make small improvements to themselves as often as they can. It really makes a huge difference in your life to have a positive attitude and work to do positive things.

hackerman!

>>15470193
lol sure

put the torrent link in the OP if you're not a shill, oscpajeet

this is 4chan. you can't just shill here carelessly.

>>15470150
>I am aware that OSCP material is available on torrent, but it is dated (2013)

They aren't that different, you'll get 90-95% of the content using the pirated stuff

>>15470001
OSCP gets you an interview most of the time but you still need to show that it was more than just a once off. You can get somewhat lucky with the OSCP machines.

- keep learning new stuff
- have some knowledge of current events related to security (e.g. iphones got hacked by lots of zero days recently)
- maintain skills (hack the box, CTFs, etc)
- community involvement (conventions, workshops, meetups)

OSCP covers no cloud specific skills, and OSINT is only lightly covered. Same for post-exploitation, pivoting, persistence, and stealth. These might be needed depending on the company you apply for. Try to have a few things that set you apart from a fresh OSCP grad.

>>15470266
you would have to have downs to think it would be worth their time to 'shill' a skillpath here that maybe 1 or 2 people will follow through on

>>15470319
>what are sockpuppets?
in the hole, glow nigger

>>15470266
I would do that, if I could verify and guarantee that the torrent wasn't malicious files. I cannot guarantee that, so I will not tell people to download something that I myself would not. I don't care if someone else puts it in the thread. I know that I have seen it linked on /g , so you could probably search there. I'm sure if someone is interested, they can google and find it.

>>15470278
good advice.

>>15470319
Ikr? Would be easier and less costly to just pay for advertising.

>>15470364
ok I have tried to entertain your concerns, but you are clearly just trolling and being a negative influence, so I will not continue to reply to you. if you really give a damn, then report me and piss off. I been here for several months, and I have provided solid info and people appreciate it. No one has spent a dime. Not sure about how you choose to spend your time, shitting up a decent thread. Maybe you would benefit from some self reflection. Regardless, I'm done with you for now.

>>15470364
I'm not even participating in learning this shit, it is just painfully obvious that you have a mental illness

Don't fall for the whitehat meme. The laws don't protect you and you are only wasting your time. Why would you take a 10k bounty for a bug that can cost a company potentially hundreds of millions? Sell that shit to the highest bidder, it's only fair, capitalism is a competition and you are selling a valuable product.

>>15470490
I have touched on this in past threads. I do not discourage people from blackhat, but I always suggest that they learn the potential pitfalls, and do proper research to stay safe and practice good OPSEC. I have nothing against blackhats, it just wasn't for me any more at this stage in my life. For others, maybe it is worth the risk. Each person has to make that decision. Just be careful anons.

>>15470437
see, I was going to let it go. but now you pissed me off. I'm going to post the torrent in every one of your shill posts on biz and /g from now on.

here is the OSCP material:
https://www.skytorrents.lol/wytseb/8fcb255cd7d585c618f567bef76e1fb21ec6a30f

here is tptacek, a security and cryptography expert, shitting all over the OSCP on hackernews:

https://news.ycombinator.com/item?id=18488511

>Don't waste time with certificates. They mean fuck all in the industry. Any job that cares about them is a job you don't want.

>>15470561
Thanks for finally posting relevant information. Feel free to keep posting it in the /RPG/ threads. As I said, I do not mind.

As for certs, that is a dumb thing to say. Why would they exist then? Anyway, my company is one of the largest in the world and requires OSCP. They don't even accept other hacking certs. This is also true of every other decent job I have interviewed for in this space. Not sure why you think certs are so bad, but if someone is able to get a remote pentesting gig without any certs, then more power to them.

>>15470588
lol ok, good cop

now get on the bad cop puppet account and tell me how you really feel

Hey look the NSA recruiter is back
fuck off again glow nigger

>>15470614
you're fucking schizo lol have sex, I just did and I'm feeling pretty okay. Anyway, thanks for the laughs

>>15470685
I would work for the NSA any day. Nice benefits, OK pay, access to shit you can't do legally anywhere else. Sounds chill as fuck.

>>15470588
Anon thanks for taking the time and uploading content, been following you since that first thread with 42, you’re changing the lives of many anons, don’t lower yourself into paying attention to these dick riders, we all know where the world is heading and where these careers stand, Godspeed.

>>15469907
oscp course and cert costs $800

>>15470588
>Why would they exist then?

They exist to make money, they don't run cert programs at a loss for the good of world internet security, after all.

>>15470561
>here is tptacek

He's not wrong but you have to remember he's smarter than 99% of HN and most definitely 100% of 4chan while most certainly being more rich and more connected than us, so he isn't dealing with the same HR and life bullshit that the rest of us have to deal with.

He and patio11 made specific points about pulling diamonds out of the rough with Starfighter ('the rough' meaning "C# devs doing boring work" IIRC), and the blunt truth is that we're not all diamonds just because we want to work in security. The same is true for anyone joining security and his posts in that thread sound *really* familiar to the Starfighters pitch.

In other comments he promotes work-sample interviews, but not every company does that. Are you personally going to optimize for tptacek's strategy, or the larger market? He doesn't tell you what to do if you fail his work sample stuff, after all. Chances are you'll want to go apply somewhere else. If you want to re-apply, how much time do you have to study and eventually succeed?

If you can get tptacek to mentor you when you don't understand something in the books they tell you to read, then fuck getting OSCP of course, but I suspect it's actually useful to some of us, even if he views it as silly, because we don't have mentors like tptacek at our disposal.

He even tells you point-blank that resumes don't matter for his companies, so if that's true, why not get OSCP if you have the time/money and want to get it? Having OSCP won't make a difference applying to his companies, but it will make a difference if you apply to other companies.

>>15470943
is that all?

>>15470977
It is true they exist to make money. But if they did not prove value to certholders, then companies would not want people who have them. If companies did not want people with certs, then those cert companies would go out of business. The cert business model is based on reputation and value. I am pretty sure a light amount of google research will show how valued OSCP holders and the cert are.

If nothing else, having a top cert will at least get you more interviews with good companies. But as I have said, if you can do it without the cert, that is fine. I am just providing the path I know to have the highest percentage chance for success.

>>15470932
no problem anon. we're all gonna make it.

>>15470986
It’s a google search away

>>15471029
I think the main crux is that what companies value doesn't align to what makes a good security practitioner.

I personally have had to explain OSCP quite a lot to security-focused companies and I'm in a relatively heavy tech city with a security presence.

Two conclusions I came to after all that:
1) its reputation isn't as good as they say
2) they don't know the technical requirements for passing OSCP, so they can't know how OSCP makes me a better security pro -- they are just looking for signalling in this case

It will get you interviews, for sure.

>>15471294
I would say it depends on the company. I would agree with you outside of strictly pentest firms. Pentest firms know very well the value of OSCP and what it takes to get it, which is why they value it so highly.

Firms focused on defensive security do not have a clue what OSCP is or what it takes to get it, so it would not help you much there, agreed.

>>15471294
also I love this pic. mind if I save for a future /RPG/ thread?

>>15467643

I am disabled and cannot drive. I know this is called "remote" but I hear most of these positions require some on-site work as well. How much of an obstacle would this be if I was trying to get hired?

>>15472736
I do zero onsite. You should be able to get a job like this that does not require any travel or onsite at all.
I literally do not have a driver's license and do not drive.

>>15467643
Hey OSCPanon! Really love these threads man, keep it up. I'm halfway through Zaid's course right now.
Quick question, do you think the market for pentesters will become oversaturated in the next few years? It may take me a while to get my cert since I'm a poorfag in college still.

>>15469907
The base OSCP costs 800.
For comparision, even entry level IT braindump certs such as CCNA or the Comptia trifecta cost more than.

>>15473100
the market will be even more open in years to come. by about 10x. I touch on this in other threads, but basically you will be an early adopter. Colleges have barely or not even started programs for this yet, and yet companies are dying for this skillset. You would be well served to learn it now. Also, thanks for the pic, I appreciate it.

>>15470685
do you think that I give a fuck if he's recruiting for the government? That's even fucking better. That means that I have a secured job when I finish the path, you schizo neet.