I live with anxiety and depression. I'm a suicide survivor. When things get hard, those thoughts flood back in. And many days are a struggle.
You aren't alone. You can make it. And you are stronger for enduring it.
That's the tweet.
Compromised a domain tonight in the craziest of ways.
VNC Server with no authentication -> LastPass vault open in browser -> main DA account in LastPass vault -> $$$
Course update - Working on the automation script for you all to run in your lab environments so you aren't spending days trying to build it out manually. Need to add around 5-10 more users, add them to appropriate groups, create and modify ACL & add Kerberoasting. Then testing!
It's time to look beyond Offensive Security in this industry. Training diversity matters when building diverse teams, and that applies to any field.
If you're a hiring manager, take note of some of these alternatives you may see on resumes and accept them. A thread 🧵
Cybersecurity can absolutely be entry level - the industry just needs to train you to do it and stop pawning off ownership of the field on everyone else.
It's time to reinvent the wheel on cybersecurity hiring.
Never stop hustling. People recognize hard work, and in this field being recognized is half the battle. Everyone's path is different, but one thing should always remain the same - make it impossible to be ignored.
Here's my hustle. What has yours been?
A year ago my yearly wage was my VA check - $24,000. This year it'll be closer to $150,000. Why do I say this? Because a guy with big dreams and ambitions and little IT experience figured this out, and so can you.
So how did I do it? (1/7)
Thinking about creating a start-to-finish series on Youtube for various pentest engagements. We'll use fictional environments or random apps from Github that are self-hosted, but include everything from fictional client contact, testing, and reporting.
Would that interest you?
Well fam, we did it. Tomorrow I officially start as a Security Engineer. It's been a long, hard road, and I have so many of you to thank for your love and support through it all. And to
@thecybermentor
, for letting me intern and teaching me WAP - web app pentesting. Thank you all
Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators.
We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate.
We all too often see folks bragging about their successes - found a bug, earned a certificate, etc. We never see failures. So when a person fails, they feel like they can't cut it. So let's do something about it.
I failed eJPT my first time. Your turn.
Reminder that my FREE Powershell for Pentesters course is live on Youtube at . We've had a ton of great feedback so far, and I would love to hear from you too.
Just accepted 700 new connection requests on LinkedIn using this command since they don't have a select all option.
var x = document.querySelectorAll('button.artdeco-button--secondary'); for (var i=0 ; i<x.length; i++) x[i].click();
Take that,
@LinkedIn
Obligatory we did it picture. Look forward to a written review in the next day or two. Thank you all so much for your amazing support the last many months. I truly appreciate all of you.
May I introduce you to Dork Dump. Dork Dump is a Google Dork File Finder, scraping Google search results for file extensions connected to a domain, and downloading them locally. Check it out here.
Since
@mttaggart
and
@HuskyHacksMK
are over here making moves, I'll jump on it too.
From now until next Sunday at 11:59PM est, you can get Movement, Pivoting, and Persistence for a dollar.
Discount Code - OK_FINE_I_WILL_TOO
👇
OSCP is the new bachelor's degree. Everyone has it and that diminishes the value of it.
This is why alternative training opportunities and certifications are so important. There has to be a way to stand out from the crowd when the crowd is all the same person.
Security compliance will never be taken seriously until consequences are serious. Imagine the impact on cybersecurity if credit card companies blacklisted a company like T-Mobile for breaching 40 million accounts.
Happy holidays! I'm giving away 1,000 free Movement, Pivoting, and Persistence course vouchers and 1,000 PowerShell for Pentesters course vouchers over on Udemy for Christmas. Get them below with the following links.
Since some folks expressed interest, I put the Powershell for Pentesters course up on Udemy. It's $9.99 with the discount below, and good for a few days. Please keep in mind this is free on Youtube, and buying it on Udemy is simply supporting my effort.
PowerShell for Pentesters goes LIVE at 4pm EST (less than 20 minutes). Catch the premiere below, at which point the rest of the videos will go live as well. I hope you all enjoy!!!
It's not quite a million dollars like
@thecybermentor
, but we've given away $25,000 in MP&P courses in the last couple of days, which is twice as much as I've pocketed since I released it.
Just don't tell my wife. 👀
OffSec offers penetration testing services for a limited number of clients each year.
Learn more about what we do, review a sample report, and find out if we're right for your organization.
Now booking for dates in 2022:
If you haven't already, would you consider subscribing to my Youtube? It's stupid difficult to break the algorithm on the platform, and I would love to keep producing videos and content. Make sure to check out my new PowerShell course too! Thanks!
I turned down a job offer this week that came with a 40% pay increase. Why would I do something that crazy?
Some things are more important to me than money. Like work-life balance that doesn't place a strain on my family, and knowing I'm valued where I am.
I learn by seeing. Maybe you're the same. And there's nothing wrong with it. Don't fall for elitist mentalities that suggest you have to figure this all out on your own.
Use that walkthrough. Ask for help. We all learn differently. Don't worry about what others say think.
It's beyond crazy that I can help other people get a job, stream and teach people five days a week, create content, labs, and more, but not a single company I have applied to will take a chance on me because I lack 3 to 5 years of experience.
Free until I turn it off. Maybe in 10 minutes, maybe in 10 days. People complaining that they missed out will be shamed forever.
Coupon code FREESIRPLEASE
If you're a demonstrative learner like me, it's ok. Some people need to see the solution to understand the problem.
Know that you aren't alone. There are people in this field like you, and you can make it.
I did a thing. Here are my thoughts on Pentester Academy's Attacking and Defending Active Directory course and Certified Red Team Professional exam.
@SecurityTube
Don't forget that Powershell for Pentesters is live on Youtube and 100% free. Get started here and learn some of the ways I enumerate and take over client domains in real environments.
I got mine. Have you scheduled yours yet?
Test your ability to conduct initial recon, enumeration, gaining footholds, moving across network boundaries, and more at
New article up with my favorite internal attack, and probably the least known - escalating users when the relayed account isn't actually an administrator.
CVE-2020-28351 The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validati...
Thinking about taking on a small group of 2-3 people for individualized mentoring, in an almost bootcamp type format. Something like 6-12 weeks. Give assignments, offer guidance and mentor towards an individualized goal for each. Thoughts?
Unfortunate to see
@ine
moving towards in-browser based Kali machines in their lab environments. The amount of knowledge and experience students gain having to maintain their own distribution is a skill necessary to employers, and this strips that need away from students.
@cybersecmeg
While I am employed, those I regularly chat with are still stuck behind the experience issue - can't get a job without experience, and can't get the experience without the job.
We need to reinvent the hiring wheel in this field. It's beyond broken.
It's the weekend. Get a jump start on learning with my free content.
Persistence via WSL2 -
Powershell for Pentesters -
CVE Hunting -
Create Your Own Python Series Videos -