#general

I was wondering how many of you have certs + degrees, and how many of you don't and still work in industry. I don't have any certs or degree but my coworkers do.

and are there regional pricing for it

So many things, its worth it

It’s probably universal at 14$/month

me have few certs, a degree and some industry experience under my belt

I started without a cert or degree (part time) but then finished my degree and went full time, then got more certs

I have certs, but no degrees, i would consider tryhackme as a practical addition to the resume. But like going all out on tryhackme as a primary source of certs, idk about that.

I have degrees, and expired certs. Current role doesn't require that I maintain any, so I haven't spent the money to keep them up on my own dime. Certs are for business demonstration, not for individuals.

I have 10 years of development/IT experience. So I'm in a unique situation tbh. I also already have 5 years of experience working for IL5 networks, websites.

Round 3, cheers!

"practical addition" is fine, IMO, so long as it isn't included as work experience. "Personal Interest" or "Hobbies" is much more appropraite

is this beer

Tis is

isnt chat is pg13 lol

😂

from my perspective of being on/running panel interviewers on behalf of my department and the hiring manager

Networkk + is probably an easy cert for me to get, but fuck it's expensive lol. I'm hoping just adding bug bounties and tryhackme certs will keep me going lol. I also have splunk certs, not sure if those count though lol

I graduated from something like a community college，cringe

alchoholic beverages are frequently showi in PG-13 shows and movies

Thats great, yeah id say like in student eras go for like thm practical experience, before college or upon college go for like the google cybersec prof cert (its a good base for beginners landing a job), then get comptia A+, comptia Sec+, comptia Network+, and then CISSP. Some people like to do these together amidst getting a computer science degree. (cs is a huge boost on the resume, but i think its a bit of a waste on 4years for a cybersec field)

bro have infinite money

yeah, that's what I was thinking. I'll just add it to my portfolio page, not my resume.

Yeah thats on point, like thm would help you land that job, it wont land you that job, iykwim.

I got drawn away from Networking because of my networking class in college. The whole Binary to hex to IP confused the hell outta me

Yeah def if you’re up for time and got like the most demanded certs already, then for sure go for it.

I wouldn't even say that, to be honest. THM is great for introductory material to many areas of cyber, but it won't actually teach you what you need for a particular role; that can only come from being on the job

I'm comfortable. Wouldn't say I have tons, I'm just comfortable.

yeah, I'm already working in cyber. I guess having these will beef up the resume lol

Yeah, that’s why organizations demand experience as a priority in cybersecurity.

I just want to make sure i do everything I can except spend time in college lmao

I'm dreaming for a CCIE

That's a great dream

go for it

You got comptia A+, Sec+ , network+ and CISSP?

I mean, i have a CS degree....It made me understand how things work, why is it the way is it or if i need to develop something on my own and an added advantage of "getting it" quickly.
Plus an added advantage if you wanna just play around roles, i can be hackerman/ sec dev man.

But yeah, GRC, TPRA, Audits ..... for just this a 4 year CS degree seems like a waste of time.

there's tools for this, don't worry about it.

@naive violet You would've loved hardware hacking village!

I have a course for it coming up

Should be good

nope. I have development experience in gov role, and cyber experience in one of the big software security companies though.

Is THM good for learning pentesting?

Yes

Can you tell my old professor that? He mandated we do it by hand

Once I fail the test, money got burn out

old people are why I dropped out. I didn't have time for all that lmao

Dont get me wrong CS is good, but its leaning more to dev “work”, for a solid understanding of computers and softwares def, but that 4 years…

It will benefit you for security either way

Imma be honest. I cheated on my final. IN MY DEFENSE, I did all the packet tracer part that my friend couldn't do, and he did all the Binary to Hex to IP, which I couldn't do, so we worked together.

id say if you get the ones i told you, youd be earning annually like 150k

hy guys i need some help here

Oh i feel ya def

really? They hold that much weight?

Yes

@tender lynx - I wonder if hes around!

That's wild..

CISSP is good, but it requires 5 years work experience, or 4 years + degree.

Especially CISSP

I consider that the "CS" is only for the Ultra level hackers.

I still love my Ethical Hacking professor who kinda nudged us to do OSINT, without telling us it was OSINT. Loved that professor, he got me into OSINT.

Yes, check linkedin, and indeed, and zip recruiter, those are like a must have.

yeah, I qualify for that and PMP. I guess I need to get some certs..

I'll also say, salaries are very region dependent in the US.

5 years in Info sec, or just 5 years in IT?

You get a lot of leads from Dice.com too.

They're so basic. I'm surprised tbh.

Yeah but getting them would boost the standardization. So its a win win

who cares, start an LLC 😛

I don't make 150k, but I live in an area that's considerably less expensive than, say, SF or NYC. If I were to move to those areas to maintain my current quality of life, I would need to at minimum 2.5x my salary

hey nothing beats having your own business that's for sure.

yeah, you'd need way more.

5 years with 1 or more of the 8 domains listed in the CISSP.

Just stay on the grind and time will pass 🙂

Is there a way to get discounts on these besides signing up/ paying for courses.

If you had the choice, don't work in NYC, it's not worth it. The prices of meals, commute, cost of living, it's insane.

when i access the Lateral Movement and Pivoting room, it ask me to configer the dns via lateralmovement adapter on the attack box and when i do ifconfig to retrive the listed adapters the lateralmovement wouldn't show up ,what should i do here ??

• traffic + rudeAF out there

and your house will be a shoebox fr

Hi, I worked in NYC for many years. I'm one of those assholes

I think the google cybersec prof cert gives like a small discount if you continue onto comptia sec+, you can def contact sales though and negotiate with them.

LMAO

Hi Asshole, I'm Goku.

AH

Hi goku, I'm asshole.

hahaha

it's a pleasure.

there's another OpenVPN conf file you need

on the attackbox you mean ? or the local machine

Thanks, I'll make sure to work on these then. I always thought certs were silly. But I'm starting to think, Maybe I've been wrong all these years. I've seen this one, it's so basic lol, it was mindnumbing so I gave up lmao

Gave +1 Rep to @late lantern (current: #1451 - 2)

respect

I guess the attackbox got everything prepared. For the local machine, you need to download the extra openvpn conf file, from the "network" section.

Certs are business shit, not required for your career. If your current job is enhanced by a cert, you can make the case for the business to pay for it. But in reality, certs don't benefit you so much as they benefit your employer.

Actually certificates are silly. They are, for like 90% of major jobs. But cybersecurity got that unique taste to it, it doesnt heavily depend on degrees, it primarily depends on certifications. It’s the opposite of all other jobs in terms of education. Its kinda unique though.

👍 (._.)👍

I will say. If you're going to take pictures of buildings, for the love of God, don't be right in the middle of the side walk. I would have no problem shouldering people if they're in my way.

Also WATCH THE DAMN WALK SYMBOLS! I had so many people walk across the street when they're not supposed to. Had to honk at people so many times

it's hard to know. Al my coworkers have degrees, certs. I just broke in from freelancing lol.

Yes, but cybersecurity has a unique taste, certs are vital, we humans, familiarized ourselves with an understatement of certs to shed the light of university education.

I would say it primarily depends on experience

If you are going to go against the walking sign, RUN!

We got places to be, people to see.

You got time, keep working, you will get to the end point, eventually.

ahh, okay, so for cyber these are actually helpful for our career then?

Assuming you have no experience and you’re landing your first job. Certs are way too vital. You wont have experience in your pockets to show them what you have gotten.

for the local machine i do everything u mention and the attackbox doesn't have the adapter we could connent to so here im stuck

they become less important as you gain experience though.

Yes, with your experience, you should easily land a high paying job. Assuming you have them with 10+ years of experience. The 150-200k annual salary is on the way.

I sure hope so. I'm tired of dev, but this pay cut I took to get into cyber is a mf fr

I believe the only purpose of a certification is to prove that you're not an amateur, especially if you don't have a degree or are switching from another industry. It's more effective to show interviewers that you have hands-on experience, like tinyprojects on GitHub

Those are the basic foundations of a high paying jobs, you can try. Your experience would get you somewhere, but getting those is def a boost with your experience .

after the local machine configrations there is no connections

Pretty sure my portfolio/GH got me my current cyber job lol

whats your annual salary?

I'm making pennies rn like 40k, should double when I start on call.

I wouldn't say that. Having just finished interviewing candidates for our SOC, we focused on knowledge and demonstrated ability rather than certs.

We didn't have a business requirement for certs, ergo we did not hire based on certs.

Yeah, well depending on your region, that could be very bad, especially with 10years of experience, ask for a raise asap.

I've been freelancing to bridge the gap, but I just finished a contrat, so now I'm studying my ass off for bounties lol

I thought cyber jobs started at 65k the lowest.

I work like 2 hours a day, but yeah I agree. I'm looking for my next role ASAP. I'm applying every day, and studying daily to move on.

if you're in the US, 40k for a security job is extremely underpaid for any state. That's like entry level support/help desk 1 positions.

2 hours a day and 40k? that's...... actually amazing.

I am statistically talking, as ive seen what people are recruiting for. Experience is a must, demanded certs are a must. You can go ahead and see recruiters. You might get an exception here and there, im generally speaking.

yeah, it's pretty good considering lol

You gotta layer up multiple organizations together if the terms and policies accept such.

I had an interview last week, the questions were pretty basic tbh.. it was like what is a waf, tell me about a time you had issues with a client, explain how firewalls work, etc. that was for a soc anaylst.. I was amazed how easy the interview was lol

i'd consider those to be entry level softball questions

the employers are various. Some well-trained interviewers in tech, they're considering hands-on experience seriously

recruiters are also largely clueless about the actual job role, they take a job req from the hiring manager then add shit they see other recruiters add, or baseline it from usg

usg requirements are substantially different than private sector, because usg has had more problems with unqualified candidates

classic

yeah, I want more oppurtunities. My experience is obviously impressive and more then most soc anaylsts in their first roles, however I don't need HR up my A@@ because of some silly cert I didn't take.

Bro, I use to be the same way lol

yeah, it was entry level, but it was the technical interview! lmao

realistically, if the hiring manager gives you the go ahead, HR can't really do much aside from say you need to get a certain cert (that they pay for) within 90 days

I'm talking about what you're saying about certs

yeah, for sure.

I was so anti cert... why are you pushing me to get this cert if my skills speak for themself

entry level soc analyst usually requires 2-5 years in other IT roles, helpdesk, sysadmin, etc

haaa, dude it's a hard mindset to get out of.

yes, trust - get the cert bro

@whole yew should I aim higher?

like mid level or senior soc?

or get jr soc for a year, then aim for sr soc?

business reasons. it may be that the company has a contractual or regulatory requirement that the person filling that slot has a specific cert, certs, or degree

jr soc is like a walk in the park for me tbh

It's like when you hire a plumber or a contractor—you don't want an amateur to completely mess up your house

go for security engineer and you'll be there for a good minute until you're ready to bounce to leadership roles

rate your skill and dedication at watching a SIEM, 1-10

uhh probably like a 6 tbh, I could use more experience to be quick and more efficient ofc.

that's jr to associate level SOC analyst. The hard part about putting people in that slot is 1) either they don't know what to look for, or 2) they are too good at it and outgrow the role ahead of the replacement schedule

Its also easy to get lost in all the logs

remember that hiring for a role also needs the person to remain in that role for a period of time to 'break even' on the spin up and learning required to do the role

ughh, i'm always in some weird mid level bs lmao

because you refuse to get the cert lol

definately say that in the interview lmao

Ive seen companies that log EVERYTHING and it just kills the SOC team bc theres so much logs to sift through

lol, fml, I think I'm sold

logging everything isn't bad

hahahahah

if the SOC is getting killed because too many logs, the SOC engineer doing the tuning for the SIEM has hecked up by not tuning the alerts correctly

logging everything isn't bad if it's filtered properly...

A mentor finally told me. Get the cert and don't give anyone room to talk.

Yes thats my point

but ideally, why would you log EVERYTHING?

"don't give anyone room to talk." - not so sure about that one...

I like that.

Log everything for investigations only.

Get the cert, and remove the uphill battle.

Yes bro

..... that's exactly how i just said certs don't work

You'll be bombarded with emails for job leads.

Always keep learning.

It would be a nightmare facing a tons of expired certs

i've interviewed plenty of people with relevant certs who were actually clueless

that sucks

lol

*glares at my coworkers

You need experience too obviously

idk, you could just get a va to do it.

so the windows option to reset a pc is a lie

lesson learned

time to make a usb lol

lol

does the PC have a recovery partition? that's exactly like the USB

no this was an older pc that I decided to wipe and repurpose for school use

it's possible but unlikely. I've interviewed roughtly 100 people for 15 roles over the past 6 years

No way to access a recovery partition / nonexistant

It used to be my daily driver until I built a new one

I should've made a recovery image or something but I just trusted windows for some reason

"Wipe all files" sure doesnt wipe all files

Too eager for certs, as like dating girls, would never get to the end

It remembered the userlogon / password too

incredible work windows

https://tenor.com/view/aplausos-clapped-leonardo-dicaprio-clap-slow-clap-gif-12389001

depends how screwed up the dir is lol

older pc might not run a current os. Try an older one.

should i use vmware or vm virtual box

coz i have a problem on virtual box it's to slow man

Well

"Older" prebuilt from 2019

2060 + 9th gen i5

Would be just fine for schoolwork/school projects

Was used and kept current upto 2023

upgrade ur RAM could be more effective

16 ram enough ?

Im gonna try and safe boot it

See what happens

how much did you allocate?

The userlogon service is throwing the error

for the vm 8ram

I'll take your word for it vs CaTFisH lol

Ladies and gentlemen we got it

but uh

8000 mb?

def not a 100% filewipe

Nor a 100% clean install

It still has every 3rd party driver I ever installed

yea

That should be good. check disk health, and maybe force the wipe in the command line

I mean I know it's fine

lol that's windows

Im just dissapointed in windows

how?

I had the option to overrwrite every partion to make the data unrecoverable

It took 5 hours

Windows has never been anything but a dissapointment.

And lo and behild

behold*

in virtualbox system settings, what does it say for base memory and processors

60% of the files can be recovered

should i set the cpu 4 ?

it was on 3

If you only have a few virtual machines, 16GB of RAM should be sufficient. However, if you're attempting virtualization projects like vSphere/ESXi, you need to ensure that your CPU has more than 8 cores. The key is whether your virtual machines will be running simultaneously or if you'll be activating them one by one as needed

i wanna use only 1

yeah not sure, my vm runs fine with 4096 MB allocated

can i see ur settings if u don't mind ?

even a simgle host running vsphere/Vcenter, it still consume lots resources

wbt the processor

set at 6
what makes yours slow? just opening stuff or are you talking about running scans?

using the firefox there

but th cmd is okey

As far as I know, loaded multiple GUI desktops simultaneously on Linux will significantly reduce the speed

cli ontop

I don't know too much about GUI like kde、gnome or some shit

KDE is the best flavor

I always remain the default GUI setting

Once I try to switch to another, everything got fxxk up

Did you mean to say, leave no room for questions?

yeah, he's obviously saying, it just removes doubt to a degree. basically poises as reduced risk.

but that's why technical interviews exist.

The wording was odd, I just wanted to clarify.

twas

hello someone got subscription to thm i have a qst please

yea

Just ask 😄

where to download VMware. the link is 503 for me =/

Broadcom.

https://support.broadcom.com/group/ecx/productdownloads?subfamily=VMware+Workstation+Pro

i need to make acc?

Yeah

https://tenor.com/view/goose-honk-inhale-inhales-untitled-gif-16237480

Anyone willing to teach me practical OSPF and BGP applications?

Guys what are the best kali linux alternatives
Is it just Parrot OS or theres something else

Any of them. It's an age-old discussion on here.

Run/make your own if you want

Many people use parrot and kali, as many tools are already installed

If you are newer, then use Kali because it has a bunch of pre installed stuff and also a larger community to discuss issues and developments.

If you are comfortable enough with Linux then you can go for Parrot.

It's completely up to you at the end of the day too.

In my opinion, Rum Raisin is the best ice-cream. doesnt mean other ice-creams aren't good or wont do the job.

ESQY

Hiya Hex 🙂

You okay?

and ofc is not work on arch =/

not bad. Been fairly immobile today as I think i got a touch of food poisoning 😦 Other than that, all good. How are your many business hustles going?

😂 I'll think on this one

Rondo - 0day uses windows. One could say it's more of a challenge, as you need to find other ways and tools to complete a task

Like using wsl??

Yeah, thats one solution

Just that certain things just flat out don't work on WSL
Like Hashcat
I don't know if it's because of WSL or because my PC is AMD

Yep. So you find other solutions that are compatible with windows

If theres no way around it, you can always fire up a VM for that one task

Take a wild guess

Usually you use your host for GPU intensive tasks such as hashcat

Also hey Esqy, hope you get better soon 👋

Ouch. Sorry to hear that man

Thanks Jayyyy 🙂 I think at this point is a large part that I've not eaten today. A risk I don't want to take :p

True
The reason I was asking is because my PC crashed recently while my VM was running and it wouldnt launch and kept saying the vm was already running, then I deleted the lck files then it launched but now it wont connect to openvpn whatsoever
So I thought I probably had to set it up all over again and wanted to hear other opinions and maybe try something new

that sounds like an issue with the VM, not the flavour of linux

Try a different VM program - The two big ones are Virtual box and VMware workstation

Aha fair enough, I'm sure you're looking forward to your next meal tho!

Thank you

Gave +1 Rep to @glass nest (current: #18 - 413)

You have no idea! thinking of treating myself to Sushi tomorrow 😄

Go for it 😎

You've deserved it with all that waiting

I got into my uni btw! Starting October

Nice

ooh, with all of your botting stuff, have you seen any that auto-translate well? The ones i've played with look a bit... I dunno, just not very smooth

@glass nest How to accountant? I've got to file a return

oh awesome! Congrats man!

Hex - Get alphabetti spaghetti, mix up all the numbers and spill it over a page. Thats basically accounting. That or maybe use a gig service if it's a one-off

I think the alphabet spaghetti is the solution

My business partner is meant to do this stuff

'Dear HMRC - the spaghetti has spoken. You owe me £50k'

Unfortunately not, is there any one that uses DeepL? I've had the best results with them

I wish

Possibly, Jayy - i'll have another delve into it. Basically, I play a mobile game with people from all over and there is a 'instant translate' button on the chat function, at it really helps with talking. So I tasked myself with making a Discord that does the same thing.

I have a pretty janky solution in place though - 3 channels (so far) when you post in (say english) one, it translates and posts in german one and french one.

To be honest, the tranlastion itself doesnt need to be perfect, I think we all have enough common sense to work out what a message is if its not exact, y'know

My solution: 3 channels

Posted in 'English':

This appears in 'French':

ARe there plans to add any new Ranks? Seems a lot of people now are [0xD][GOD]?

Gotta love teamspeak

memory leak ?

Nope, their way of loading things

oh

Shitcord. Love it!

https://x.com/da_wamwoowam/status/1824872498363523537

https://x.com/da_wamwoowam/status/1824901484019958227?s=46

Is this an insult war between Discord and Teamspeak?

I'm going to follow this post for a while

Teamspeak still a thing?

Could be interesting

Ooh blackout - You back up to full power now?

Lmaooo "crypto don't mine themselves"

Yep, fully healed about 3 months ago now i believe

Just a massive 10 inch long scar 😄

Brilliant, Happy to to hear that man. And thats ok, Girls/guys dig scars 😄

Thats an awesome idea!

Well, if THM taught me anything, its to think outside the box

https://www.deepl.com/en/pro-api
What I'd do is signup for this API, and then have an on-message event to pass it through

Ooh. That link is saved, Thanks Jayy

and https://fallendeity.github.io/discord.py-masterclass/ is fantastic for learning how to quickly make a discord bot

Lemme write a quick poc

you don't need to do that, man 🙂

Pointing me in the right direction is perfect

import os

import discord
from discord.ext import commands
from dotenv import load_dotenv

load_dotenv()

TOKEN = os.getenv("TOKEN")

intents = discord.Intents.default()
intents.message_content = True
bot = commands.Bot(command_prefix=commands.when_mentioned_or("!"), intents=intents)  # commands.when_mentioned_or("!") is used to make the bot respond to !ping and @bot ping

@bot.event
async def on_ready() -> None:  # This event is called when the bot is ready
    print(f"Logged in as {bot.user}")

@bot.event
async def on_message(message: discord.Message) -> None:  # This event is called when a message is sent
    if message.author.bot:  # If the message is sent by a bot, return
        return

    translated = deepl.translate(message.content)
    for chan in [fr, en, gd]... etc:
        await chan.send(translate)

@bot.command()
async def ping(ctx: commands.Context) -> None:  
    await ctx.send(f"> Pong! {round(bot.latency * 1000)}ms")

bot.run(TOKEN)

its not a problem, I just took that from here

Ah ok, cool cool

but that should be enough as a boilerplate, I'm certain you'll be able to go from there

It does seem straighforward

Thanks man 🙂

anytime

@glass nestHey there!

g'd evening, Toaster 🙂

Your new NY Style Pizza is pretty good

But that Garlic Cheese stick thing, was one of the best things i ever ate

Must not be a UK thing 😦

oh, you're in for a treat, it's awesome

Our next thing is korean pulled chicken, i think?

So.. If they are doing NY style, with the also do Chicago Style - to prevent a war

Chicago 'pizza' isn't pizza

that's a casserole

Haha, love it

Lol, I can't argue with that logic.

Well, Dr Toaster knows his baked products

😄

https://m.media-amazon.com/images/I/71RMVdzZ10L.jpg

https://tenor.com/view/monkey-calculate-silly-count-gif-7714714

me right now

For real man, might just be worth finding someone on upwork or something to do it for you

yep still here. inactive tho

My business partner is working it out with me

oh wow esqy long time

hiya leggy, Yeh man its been literal years!

yep i just opened the server because got a notification today. but pleasantly surprised to see you tho

I guess we just kept missing each other whenever we popped on

yeah. oh wow jabba is discord admin now? congrats!

I have had a day and a half of linux networking and obsecure stupid policies from server providers

The ultimate social engineering 😄

16 hours

of tomfoolery

What sort of policies?

after 16 hours did it get solved?

a very TLDR:

• One MAC address per IP

I am currently dealing with a workload of about 200 VMs and you bet sure as hell I ain't paying for 204 ipv4s

jeebus.

👀

yes

after having to nuke this box about 22 times

I have a working method

It's a combination of SNAT, 3 ipv4s and gosh I don't even know

just tomfoolery

Ah, box nuking. a very 'Elf' response 😄

https://tenor.com/view/sister-michael-fecks-same-gif-14816263

That sounds miserable.

aye. And i'm likely going to have setup another hypervisor or two to increase the workload to 500 next week.

😅 ayeyayeyayeyayeyae

lol nuke another 30 times it will sort itself out

Lol I found cissp practice book at my local library. This is so much more elementary then I thought.

this is one third of the interfaces file that I finally wrote that worked. If you get something wrong gg boot from rescue

    up ip route add -net 148.251.XX.XXX netmask 255.255.255.224 gw 148.251.XX.XXX vmbr0
    up sysctl -w net.ipv4.ip_forward=1
    up sysctl -w net.ipv4.conf.enp0s31f6.send_redirects=0
    up sysctl -w net.ipv6.conf.all.forwarding=1
    up ip route add 148.251.XX.XXX dev enp0s31f6

    up ip route add 192.168.0.0/16 via 148.251.XX.XXX dev vmbr0
    up ip route add 172.16.0.0/12 via 148.251.XX.XXX dev vmbr0
    up ip route add 10.0.0.0/8 via 148.251.XX.XXX dev vmbr0

auto vmbr0
iface vmbr0 inet static
    address  148.251.XX.XXX
    netmask  255.255.255.224
    gateway  148.251.XX.XXX
    broadcast  148.251.XX.XXX
    bridge-ports enp0s31f6
    bridge-stp off
    bridge-fd 0
    pointopoint 148.251.XX.XX
#MAIN IP 245

auto vmbr1
iface vmbr1 inet static
    address 148.251.XX.XXX
    netmask 255.255.255.224
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    hwaddress ether 00:50:56:XX:XX:XX
#WAN 222

never again

😭

i'm working on a trackpad and a tiny screen

Sorcerer!

I have like 8 sublime texts & too many network diagrams open

lMFAO

Treat yourself to a mouse

Lol I found cissp practice book at my local library. This is so much more elementary then I thought. @whole yew

Provider wanted £250 a month for 73 ipv4s

oof

The point isn't that it's complex, it's that it's orthogonal to technology. it's bascially business/tech glue

oh I have many. Just left the USB-C to USB-A or w/e the regular one is at my house in london

So it's for managers, Sr engineers?

Everyone that wants to have an impact

CISSP was the single most important cert of my career

honestly, using a trackpad for.. well anything is one of my personal tortures

Bruh

Lol You will maximize your earning potential. The average CISSP earns US$131,030 a year. This reflects a number of aspects that are core to the CISSP, including extensive knowledge of cybersecurity, hands-on cybersecurity experience of at least four years’ paid employment in the industry and a commitment to a strong code of ethics. Employers value and respect the CISSP certification and, as a result, this commands a premium in terms of your salary.

So, CMN - respect points have been added 😄

This is wild

I could've did this test ten years ago with my eyes closed..

I've been leaving money on the table 😦

This is insane..

Maybe, but I doubt you could demand a giant wage rise just for getting a cert

Don't underestimate my gangster

that price you quote is going to be very circumstantial

A bump is a bump

how do I connect my discord account with my tryhackme account ? I have my discord token btw

& THIS IS WAY EASIER THEN DEV..

true, but if you go get the cert the employer doesnt HAVE to give you a raise if they didn't ask you to get it. You'd likely need to find another job that requires it

Of course.

I'm just baffled tbh..

Amazed by how rudimentary these certs are.. I've never really looked at them.

Well, The whole point of certs is that an employer doesnt need to take your word that you know something. a cert shows that you have enough knowledge for it

Yeah. My resume does that lol

So even if it's rudimentry, then the employer doesnt need to go through any sort of disconnected portfolio/job history to be confident that you can do the job

But your CV is just you saying it.

Yeah, I've been playing the game on hard mode.

Just remember though, a cert isn't necessarily a golden ticket to greatness - It's just a quicker way to verify skills, especially through a HR filter. (obviously that doesnt apply to some of the more advanced certs)

thank you zumi yumi

Gave +1 Rep to @fervent meteor (current: #161 - 44)

Yeah, it really is a minefield

ahahaha. aye. not out of choice though unfortunately 😄

Any linux distro works - the advantage to kali or parrot is that their are (often outdated, but they exist) binaries for common tools. The alternative is to figure out the tooling you want, and then install the tools that you'll actually use instead of 4GB of what amounts to bloatware

CMN - So where you at, if not in London (innit)?

nginx reverse proxy, would they even know?

For sure. Thanks.

Gave +1 Rep to @glass nest (current: #18 - 414)

It's layer 2 😦

MK currently at my parents. Been here and there the last few days; Bristol, Cambridge, MK and back to London tomorrow

Then i'm doing medical cover @ reading festival for a week next tuesday

busy bee

Well, don't forget to give me a shout if you are in my neck of the woods

is that where I still remember? I think i'm there in september for a bit

on the public side? are they charging that much for unroutable addresses?

plymouth, yah

yahyah

you'll be the first THMer to claim their free pizza 😄

IDK. I just know it's one MAC per IP. And if you have say 600 vms like I currently do with this, ofc every VM needs its own MAC address. 😅

https://tenor.com/view/dumpster-fire-gif-7182596

dumpster fire so hot the paint catches fire

could probably nginx proxy on the server that's acting as the WAN & LAN, but then it's just easier to run a router and pf/etc accordingly

LMAO

yeah

Is this in Kickstart or ifcfg? Or ip? The machine should still boot if you get it wrong in the latter.

The hypervisor is debian so /network/interfaces, but yeah ifcfg (I think that's redhat?)

And aye...it'd probably time out but I have no IDRAC nor alternative means outside of SSH to the hv

ifcfg is deprecated and not Red Hat specific iirc, but I was thinking of network-scripts

networkd is a bit different

only way to get back in was adjust FWing, boot into rescue, clear ssh known hosts, ssh in with a new pass, mount the partitions, change the interfaces file, and it was one-time rescue so if you rebooted it'd just proceed into normal and rinse and repeat...rofl

i'm not sure either way tbh. It's HV is debian 12. Networkd perhaps?

deb12 uses network-manager as the default

Systemd is default, so yes unless it's been changed

Ah

you can use other network stacks with systemd, network-manager is just the one that plays best

in that sandbox

ahh okay

yeah it would've been w/e was OOB on a debian 12 install

just was a right pain not having any other access than SSH, without installing their VNC image

which in hindsight might've been useful, but it was a routing problem, so I don't think even the VNC would've been accessible

Unless I ticket them and ask someone to attach a session to the box

cloud sucks

on prem for life

Yeah, I was doing all my Linux networking on prem. I was a bit reckless lol

i kind of want to know who the host owner is so i can definitely not do business with them

Lol

Hetzner

i thought they were supposed to be a good provider

look in terms of pricing and specs & CS very happy customer

it's just when you uh

not align with their specifics esp. on the networks side

for this box they built it very quickly & affordable in comparison to others

but g'ad damn

just gimmie a blade or two innit

but no it was insisted it was cloud

i tried using exiftool on a photo sent through mail from my android phone, with gps on, didn't get gps location from metadata, anyone know why?

Hello folks, I’m curious on going into Cyber security field. Currently on the google certification and going to start using TryHackMe but was curious on any advice or suggestions in the field.

could've been a few things i.e.:

1. the photo didn't have any gps data to begin with
2. the email service could've stripped this. IIRC for example, if you're an exchange admin on O365, You can set taht
3. also depends on the device. For example, a lot of metadata stores directly on the phone (i.e. recent iOS) itself and not necessarily ships when attaching a photo

without sounding biast, THM has a lot of hands-on material to practice on, and a lot of free content 🙂

Facts

Also take notes

Nothing Bias about it haha I was suggested here from a few friends in the field but I was more so curious on any suggestions or ideas of which certifications are also good to get!

Currently taking the google entry level cyber security course as it’s very cheap

Depends on the jobs you are aiming for, I guess.

Sec+ is very popular

Honestly open to any field. I’m in Canada and I know there isn’t a ton of people doing it here.

I also heard Comp+ is good

Our government just got breached not long ago got me wanting to get into the field ngl

ah fair:) I'm not sure how "recognised" it is as it's a fairly new cert, but somethings like comptia Sec+ etc are good standard entry level certs that are recognised. It does depend on your country and such. I'd look at junior roles in your region and see what the requirements generally look like.

For example, in the UK, CREST are pretty much the standard. That probably wouldn't apply too much in the US, where OSCP, etc, are sought after. There are also certs based on the job role, i.e. digital forensics, pentesting, SOC,etc, all have their own certs

Well, if you don't mind what role you are going for, then it doesnt matter which certs you get 🙂

Or india where its shudder CEH

Yeah I’ll have to take a look at what they look for in Canada

aye 😅

Thanks for the input!

IIRC Canada has a few solid areas for tech stuff

I’m in BC

Bc means what

British Colombia

Oh

Heh. My best friend is on a work secondment in Vancouver

He's an engineer, so no hot tech job tips from him

hex 👋

bed time i think

gn thm 👋

I’ll look into it thank you!

Gave +1 Rep to @fervent meteor (current: #160 - 45)

👋

and like two ships sailing past one another - adios 😄

soooo much info

so much keyboard

so many layers

so many tap dances

so many combos

hi

ello ello zumi

Hello peeps ✌🏻

It’s too toasty to sleep 😴

a toasty day indeed

meep meep moop moop time for sleep sloop to the beep boop

beep boop, goodnight friendly user, boop beep bewp.

Night Shadow.

whats going on

hey, just taking a break from some hacking. how about you?

getting Ubuntu on baremetal how about ya?

nice. server or workstation? i'm working on DVWA right now. testing some web hacking stuff

for my personal computer (:
Kinda tired of windows tbf

heck yeah man, welcome to the fold. i run debian as my daily

tyty :)

yep. it's kind of a pain when you're starting out. bit of a learning curve when certain issues come up, even with ubuntu, but stick with it, and you'll like it over time i think. zero telemetry if properly configured, which is fantastic.

I've used it before, wsl2, and on vms.

But yeah, it'll be definitely a new experience nonetheless.

ah, right on. yeah. daily driver is a bit different, because when you need something to work for your host OS, the urgency goes way up for fixing things haha

like, "why can't i screenshare on discord?!" turns out discord screensharing only works for me using X11, not wayland window manager(?)

haha

lolol

YESSSS.... JOIN US! I switched a few months ago, currently only have windows on my gaming pc, and every time i boot that machine up i cuss. Linux is love.

I might have gone a little over the top.... pop OS on my daily driver, 3 ubuntu servers on my proxmox server, 2 other laptops running kali and dragonOS... (and unfortunately still a mbp for work, because.. work.)

That's cool! :D lol

it's been fun... totally replaced gaming for me. Now i just tinker and play tryhackme.

That's me lol. Although these days I've been playing FFXIV online, but I'm trying to get back into studying more time than these past few days.

I set up check boxes on my daily obsidian notes for studying, CTFs, and python.... tracking my progress has been super motivating.

Nice! I'm plan on getting back into coding, I was learning C#, but I might get back into it, or perhaps undust my JS a little bit. lol

right on... I need to learn C#, feel like it would be helpful for hardware stuff, but figured i'd start with python as it's A. useful, and B. pretty easy to learn.

Python was my intro language to programming, then after one month or so, I decided to get into web dev, so, I got into JS, of course I started with HTML5, and CSS, because all I knew was from long time ago. This was like 2019 or 2020.

makes sense. for context I am just getting into programming, I've been around computers all my life but in the last 6 months I've spent a loooot of time learning how stuff really works under the hood. about to take my A+ 1101 in the next few weeks, and looking to try to change careers and get into the industry in some capacity. I studied philosophy and art in college and grad school, so python seemed like a pretty friendly place to start. Kind of reminds me of symbolic logic.

Cool, yeah, I used to play instruments, and before taking this path, I was going for sound engineering or a related career. I had one year of using softwares to make music or covers of songs, I even had my MIDI player, and MIDI adapter for my piano, which I think I still have somewhere. Today I don't have the MIDI player, I sold it, I still have my instruments though. lol

Quick question, I'm new to the cyber field is it possible I could buy a raspberry Pi and put Kali on it and use it as my vm instead? Rather than using the webased vm

oh no kidding... I work in audio for Reality TV, and do some music recording and mixing on the side.

yes. I have a ras pi 5 that is running kali right now... i never use it since i also have a thinkpad with kali on it, but it would be a very suitable place to start.

I might invest in one

Nice! I still have my license for this software, Serato Studio, that was the one I used to use. And I think I have one clip I edited with Filmora Wondershare. lol It was a getlucky cover.

Do you run tryhackme solely on your Pi?

right on.... i used to use serato way back in the day when i was DJing... we use pro tools and the izotope suite at work and in my boss's studio.

Not sure if you do CTF's or what

You can for sure.... I just use a laptop anymore because it's more convenient, but kali is pretty good on the ras pi 5 in my experience.

Word

i wouldn't try to run multiple VMs on it to do locally hosted CTF's, you probably need beefier hardware for that, but you can definitely do THM, HTB, PicoCTF, etc....

I see I'm still on the learning paths in THM at the moment but I've been doing some research and quite a few people recommend using your own vm hence why I'm asking I would probably use it to participate in CTF's but not host one

Looking into a cheap ideapad or Ras

yeah that should be fine... tho you also shouldn't discount the value of VM's... virtualbox or vmware are awesome... you might be able to save the $$ and just use a virtual machine on your current rig.

I see would you recommend any Kali VM's?

You can install Kali on oracle VM.

you should just download the optimized VM build for kali for either oracle or vmware... if you're on PC or Mac i recommend vmware, as they just made the previously paid version free. i'm on linux so use virtualbox. Just make sure to take snapshots so you can roll it back when you inevitably bork it.

I read it wouldn't be as good as dual boot, because of some stuff I cannot remember.

But I reckon Oracle has parrot

any modern machine shouldn't have too much of a problem.... except if you want to pass thru a graphics card for cracking hashes. That's my (probably very surface level) understanding.

Fortunately my pc is a beast so I'm not worried about the hardware

so then, forget about a pi.... just set up either a live boot thumb drive or a vmware kali setup

vmware workstation > vbox imo

I agree, i just use vbox in linux because it plays nicer and i got frustrated trying to get vmware to even work at all.

Okay yeah after considering it im gonna go with vmware

Thank you everyone!

Hello.

good call! always happy to help. I'm not nearly as knowledgeable as most of the folks here, but always happy to nerd out!

I'm currently in school for this and have fallen in love with it pretty fast definitely overwhelming at times but its worth it

kvm > tho

It's never overwhelming if you understand your learning pace and consider it before everything else, it just becomes pleasing.

it works

Yeah, I remember when I was a kid, I used to get more overwhelmed, I think that's why I didn't follow up later on in life until years ago. Although I'm not new to the whole cybersec space, I'm definitely new to taking it responsibly. lol

real hackers use HML, not kali

indeed

If it is Debian based then you can actually make it turn it into Kaliana Montana OS

for this case. it will be extra hard. its out of date and cant even update

whats HML?

Oi @molten sky Any ideas to expose a web server to the internet without opening a port for free

Hannah Montana Linux.

for yourself or for the world

Not productivity but i use cloudflared tunnels for that purpose

for myself

literally my suggestion

do they have a bandwidth limit

i haven't used them for that purpose but i always hear good things

LMFAO - Oh you that's hella hacker right there

?

I believe the TOS prevent you from streaming video through their servers for bandwidth reasons, tho they might have dropped that as an explicit term.

HML OS

I just port forward and use cloudflare cdn

not the best solution but works for me

glorious hml >

hannah montana linux should've been the year of the linux desktop but the world wasn't ready for it yet

before its time

Yeah way ahead bro

lol

https://tenor.com/view/mundo-feliz-onetreehsll-world-if-gif-14071235670792471304

the world if hanna montana linux:

Hello. Is there a way to turn on that I can see how long a response took for a request in BurpSuite? I want to try Time Based Injections...

did you check BurpSuite documentation?

Hello, is anyone having any problems with the Lateral Movement modules?

oi @blazing granite mind checking DM's

It looks like in Repeater, it's pretty straightforward (but I didn't realize this, haha. it took a lot of research, then my eyes caught up ;)). Check the lower-right corner (should show milliseconds). However, unfortunately, when it comes to Intruder, I searched for how to get the response time / latency pretty hard. most sources point to enabling the "Response received" and "Response completed" columns. However, I'm confused how those columns are measured. It's not just stating in milliseconds, etc. Anyway, you might want to do more digging with web search, Burp forums, etc. But I had a hard time finding any additional information. It might be a feature of Pro, but I couldn't even see if that was the case.

that was a great question btw, i never thought about that

i haven't done much time-based stuff

i just realized that like firewalls , stateful and stateless people are also stateful and stateless

this is so crazy

Cop cars are scarecrows for people

I'd think that's the point~
Impose dominance like the Government's T-posing.

I wouldn't say for people, I'd say for an oppress country

Iam a biginner can anybody help with this

what do you guys think the main focus of the CISSP content is? I know a significant portion of it covers policies and day-to-day management, but I'm more interested in the technical aspects

CISSP isn't a technical certification. It's purpose is to show/translate how cyber integrates with the business unit.

It’s more high level.

From a technical perspective, yes.

CISO type of decisions so you have to take off the technical hat off

It's "in the weeds" from the management perspective, if that makes sense

oooooh I just read dozens of pages about CISSP and get sleepy

Lmao get use to it

That’s called the grind and you have to take as many questions as possible. None of them will be on the test lol.

But once you pass - it’s the best feeling ever. 😉

I believe every cert would bring good feelings

https://tenor.com/view/monty-python-surprise-meaning-of-life-every-sperm-is-sacred-crianças-gif-11694597

every cert is sacred.

When needed , I would pick up some sections from CISSP

lol imagine putting that top on your Roomba and watching the cats freak out

Gif is a bit much repeating such tho lol

It would be very fun

well

idk about all

CEH still exists

Quick question how does one link their discord and THM account

Ty

Done!

ah yes CEH

35 days streak

hey guys

i need help in exploiting smb

thats pretty general, what do you want to know?

im not able to access a secret file in smb client

Is this for a tryhackme room?

yes

network services 1

Please use #room-help for help with tryhackme rooms

theres no one there

i alr tried

Please ask there and be patient - please don't move here if you don't get an answer. THat's not how it works

shit I'm taking snus overdose

Hi, hi. Hope you all doin great 👋🥳

i've just uncovered the best way to reheat a pizza

@boreal scarab any guesses?

I have a doubt. I am testing my metasploitable 2 vm . Used searchsploit to locate a vulnerability in a ISC bind which is present in metasploit framework. But idk to find that exact exploit in msfconsole. How can i search the file i got in searchploit in msfconsole ?

In msfconsole, use search foo bar to get matching results

stealing this for research purposes

i've gotten so far down the rabbit hole that chatgpt is suggesting chatgpt as an alternative solution

sry i dont understand.
The command i used :

searchsploit 9.4.2

BIND 9.4.1 < 9.4.2 - Remote DNS Cache Poisoning (Metasploit) |multiple/remote/6122.rb

Now how can i load this 6122.rb or find this exact name of exploit in msfconsole

You can examine the exploit to find some info with:

searchsploit -x remote/6122.rb

If it's a Metasploit exploit, it should have some information about the author, vulnerability and stuff
You can use that to search in msfconsole

FYI, it's this ||use auxiliary/spoof/dns/bailiwicked_domain||

any of you have recommendations for a good entry level 3d printer?

Hi, do any one know how to fix it in openvpn kalilinux

Note: --cipher is not set. OpenVPN versions before 2.5 defaulted to BF-CBC as fallback when cipher negotiation failed in this case. If you need this fallback please add '--data-ciphers-fallback BF-CBC' to your configuration and/or add BF-CBC to --data-ciphers.

Note: '--allow-compression' is not set to 'no', disabling data channel offload.

go to #site-support or #room-help

vpn is site support

hello guys

Hello hello

Hello

Hello hello hello

@loud marlin gave me good advice for it. I've had the same question. 👍

Thanks ❤️

Gave +1 Rep to @tranquil osprey (current: #39 - 203)

getting rickrolled by thm room is one of the best experience 🥲

hello

https://tenor.com/view/my-sweet-summer-child-sweet-summer-child-game-of-thrones-gif-19977020

hi

can i ask what did he recommend? i was bothering him couple past days about something else and i dont want to do it again

Good morning?

I don’t even know the time here

its different for everyone

tru

its called timezones

I think she meant where she is...

Not in general.

7:32

lmao

smartass🙏🙏✅

dolphin!!! ❤️

bruh

Hello feathers 😄 how are you?

hello dolphin

and where are you at? Holidays?

I’m good!!! I won a defcon contest and got second in another! It’s been a good year 😂

No I think I’m just adjusting to being back ;_;

awesome!! I would have expected so after last year 8)

fuuuuuck

where are you guys from

The Earth.

you ever press the up arrow in a terminal and press enter and forget you ran exist in another shell so now you exit the terminal you WANTED to keep

bro

default answer ✅

this is like the seventh time today

https://tenor.com/view/falcon-sam-wilson-outta-line-but-gif-22091662

u need to slow down then

no

dont be too hasty

can't

never

grats on the wins 🙂 🙂 🙂

you need to keep it up every year

undefeated champion

try vaseline on ur fingers 🙏

what is defcon?

meetup for geeks and shi

ik the US version of defcon

You know about control r btw?

Too hard!! But I might join a team next year to try something new. And also run a contest possibly

Si

It’s the convention in Vegas that just ended last weekend

i also use zsh so recursive hist search is kinda like just part of typing

pretty convenient

wat m8

wouldn't that just go faster

Def Con, is the US version of Def Con?

i mean, it's not wrong

That reminds of Yungblud on Nevermind the Buzzcocks...

defcon is the american version of blackhat

blackhat is also the american version of defcon

Nuuu it’s the after party of blackhat USA

faster with better friction which would prevent misinput 🤨

Sticky though :< bleh

well that just might be a bonus to some particular human beings

This 86% humidity is bad enough as it is

The less corpo version

sounds like florida bruh

I had to turn away when DualD was stripping on the scav hunt table 🙈

I fully believe in you

😄

Featherz, are you still doing electronics stuff for work?

Kinda. I’m testing software right now. Things keep changing. That RF is on hold

any body made VDP?

Like started one?

I'm still aggressively trying to learn electrical engineering

I don’t think I can properly learn it unless I go to formal schooling

Is that how you learn best?

But from what my friend talks to me about, he’s got the EE, I have the gist of it. I want to learn FPGA properly though

my homie is out there getting a masters

Yeah ;_;

Nah, I don't have the luxury of being formally taught

but from what i’ve seen, my personal suggestion would be to definitely try and get formally taught

THM is actually formal enough. It has a method and I can take notes properly. That’s all I need. But it’s nice to have a mentor

Oi Oi Oi anyboday done VDP

Tbf I'm doing pretty good without, I have all the maths foundations and access to all the material I need. After all, it's the 21st century. The internet is (sort of) great?

Just ask your question directly

We seen the first time, nobody answered.

So I'm going to assume no.

the math part is exceptionally hard from my experience

lol thanks for replying

Gave +1 Rep to @sick lance (current: #1 - 2637)

Done i am out!

calculus II III and IV? i think

goes really deep into math

that could be better question for #quiet-conversation cuzbit gets burried here

I was thinking of knocking out a bachelors in comp sci as a fast track just to be a resume filler… but finding the time is hard. Though they did reject my calculus from years ago, so I took an accredited course and passed it in less than a week so they can stop saying I don’t have it lol

I only passed up to calculus 2. Never tried higher

wow

hi

now rinse and repeat. You found the world's exploit.

Complex numbers mostly, for impedance
Probably some integration and differentiation but that's nbd really

sup trymph

how u doin?

ok

Done

Only reason I’m doing it is I already have the job… just not the bachelors :/ which is a resume auto reject issue

what exactly would u want ee for?

RF design and matching

broken system in a broken world

Digital is easy

i think you can learn that without a college ! So you’re good

most of the ppl in this server have jobs or are in uni

right?

Try electrical engineer simulator xd

probably not

No job

just playing CTF in THM lol

self employed ✅

nice

Their question was fine in here, doing things like this is just a minor term of mini-modding.

mostly bounties but same thing at the end of the day, why do you ask

yeah...i just said it gets burried very fast

i just want to help nothing else