Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #81  
Old 22 January 2016, 11:00
Dre Dre is offline
Registered User
 
Join Date: Sep 2007
Location: Las Vegas
Posts: 8
Thank you!

Thank you all for taking the time to answer my questions. I cant thank you enough. This information is gold to me, lots to think about and your insight is priceless.

Beers are on me if y'all ever come through town!

Thanks again!!!!
Reply With Quote
  #82  
Old 14 March 2016, 18:33
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,310
UPDATE

I'm going through the OSCP now. It is hella fun and extremely practical. A lot has changed in the last two years since I started this thread. While certs like the CEH, GCIH, and GPEN are good, the OSCP certification should really be the go-to for penetration testers (hackers). It's so good that it will likely be my last technical certification before I return back to managerial ones (CISSP, CISM, et al.).
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #83  
Old 12 May 2016, 06:18
HighDragLowSpeed's Avatar
HighDragLowSpeed HighDragLowSpeed is offline
Been There Done That
 
Join Date: Dec 2006
Location: Only Place For Me
Posts: 5,013
Thought I would share this with you all, pay what you want Pen-Testing training, you can get up to 9 courses if you pay more than average currently ~$14.

https://androidheadlinesdeals.com/sa...-hacker-bundle

Plus proceeds go to Save to Children. Got this through work. I cant personally vouch for the training but a good basic overview at this pricing may be right for some of you (or help you know if being a pentester is for you).
__________________
"I know of no country in which there is so little independence of mind and real freedom of discussion as in America." - de Tocqueville, 19th century

God made machine language; all the rest is the work of man.
Reply With Quote
  #84  
Old 12 May 2016, 11:35
Atrax's Avatar
Atrax Atrax is offline
Confirmed User
 
Join Date: Sep 2005
Location: CONUS
Posts: 343
Great deals, thanks for posting. Has anyone used this site before? Just want to ask before I register/pay.
Reply With Quote
  #85  
Old 16 May 2016, 22:33
mixedwell mixedwell is offline
Registered User
 
Join Date: May 2016
Location: Washington DC
Posts: 1
Smile Different side of cyber offense

I work for a defense contractor and have spent the last 5 years on a different side of offense.

While working on government contracts, I reverse engineer software to find vulnerabilities and develop exploits, write payloads for said exploits (ROP chains, first stage payloads, etc), and even write remote access tools to support anything the customer needs.

I think I generally get a bit more in the weeds than the pentesters but it's there's some overlap.
If anyone's interested I'd be happy to help anyone wanting to get into this type of work.

It's fairly technical but is pretty rewarding once you get into it. I write almost entirely in Python, C, Assembly, and ROP chains.
Reply With Quote
  #86  
Old 16 May 2016, 22:43
MountainBum's Avatar
MountainBum MountainBum is offline
Vivat Fraternitatis
 
Join Date: Apr 2004
Location: Australia
Posts: 718
Quote:
Originally Posted by mixedwell View Post
I work for a defense contractor and have spent the last 5 years on a different side of offense.

While working on government contracts, I reverse engineer software to find vulnerabilities and develop exploits, write payloads for said exploits (ROP chains, first stage payloads, etc), and even write remote access tools to support anything the customer needs.

I think I generally get a bit more in the weeds than the pentesters but it's there's some overlap.
If anyone's interested I'd be happy to help anyone wanting to get into this type of work.

It's fairly technical but is pretty rewarding once you get into it. I write almost entirely in Python, C, Assembly, and ROP chains.
There's several here who've developed, worked, and managed the "different" side of offense, from the rear to beyond forward. Now please post an intro as directed in your registration welcome e-mail.
Reply With Quote
  #87  
Old 17 May 2016, 18:28
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,310
Quote:
Originally Posted by mixedwell View Post
I think I generally get a bit more in the weeds than the pentesters but it's there's some overlap.
Apples and Oranges. Reverse Engineers and Penetration Testers are as closely aligned as a therapists and ER doctors.

Quote:
Originally Posted by mixedwell View Post
If anyone's interested I'd be happy to help anyone wanting to get into this type of work.
This site is chock full of professionals in each dicipline, in all areas of federal, financial, and commercial industries (military is given).

Welcome to SOCNET, we probably already know you
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #88  
Old 17 May 2016, 18:33
Stretch Stretch is offline
The atomic zit
 
Join Date: Dec 2008
Location: Capital of the Old North State
Posts: 2,702
CV,

Has mixedwell made a proper introduction?

S
Reply With Quote
  #89  
Old 17 May 2016, 18:35
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,310
Quote:
Originally Posted by Stretch View Post
CV,

Has mixedwell made a proper introduction?

S
Nope. Mountainbum warned him, so I assume the black rotary-wing aircraft will be inbound soon.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #90  
Old 17 May 2016, 18:45
Stretch Stretch is offline
The atomic zit
 
Join Date: Dec 2008
Location: Capital of the Old North State
Posts: 2,702
I will keep my head low, I don't want it chopped off or sucked into the back wash...
Reply With Quote
  #91  
Old 17 May 2016, 22:14
usmc_3m's Avatar
usmc_3m usmc_3m is offline
Confirmed User
 
Join Date: Jun 2013
Location: PR of Kali
Posts: 823
I will wait for the intro before I add my $0.02.
__________________
"He who does not punish evil commands that it be done." -- Leonardo Da Vinci
Reply With Quote
  #92  
Old 17 May 2016, 22:34
Silverbullet's Avatar
Silverbullet Silverbullet is offline
Administrator
 
Join Date: Aug 2000
Location: Bunker
Posts: 14,241
Quote:
Originally Posted by CV View Post
Nope. Mountainbum warned him, so I assume the black rotary-wing aircraft will be inbound soon.
Or we know he hasn't logged in again and hasn't yet seen the reminder to post an introduction.
Reply With Quote
  #93  
Old 20 May 2016, 09:45
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 11,974
Quote:
Originally Posted by mixedwell View Post
I work for a defense contractor and have spent the last 5 years on a different side of offense.

While working on government contracts, I reverse engineer software to find vulnerabilities and develop exploits, write payloads for said exploits (ROP chains, first stage payloads, etc), and even write remote access tools to support anything the customer needs.

I think I generally get a bit more in the weeds than the pentesters but it's there's some overlap.
If anyone's interested I'd be happy to help anyone wanting to get into this type of work.

It's fairly technical but is pretty rewarding once you get into it. I write almost entirely in Python, C, Assembly, and ROP chains.
So, you work for a Vupen type company? Awesome... how about instead, notifying the software mfgs of the vulnerabilities so that the entire world can be safer from cybercrime, and not helping the government violate the Bill of Rights some more?
Reply With Quote
  #94  
Old 20 May 2016, 15:23
NYwood914 NYwood914 is offline
Confirmed User
 
Join Date: Mar 2016
Location: Westchester, New York
Posts: 167
Amen Poly! Glad to see you posting again!
Reply With Quote
  #95  
Old 26 July 2016, 09:43
Golden Tiger's Avatar
Golden Tiger Golden Tiger is offline
Confirmed User
 
Join Date: Oct 2004
Location: NC
Posts: 381
Resurrecting this thread to say thanks for all the contributions to it. Just landed my first security gig at a major energy company after a couple years of study laying groundwork and its almost entirely because i followed the advice here and in other threads. Thanks for all of it gents.
__________________
"Keep a sharp knife, shiny boots and be on time." - James E. Williams
Reply With Quote
  #96  
Old 26 July 2016, 10:39
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,310
Thumbs up

Quote:
Originally Posted by Golden Tiger View Post
Resurrecting this thread to say thanks for all the contributions to it. Just landed my first security gig at a major energy company after a couple years of study laying groundwork and its almost entirely because i followed the advice here and in other threads. Thanks for all of it gents.
Good job. Now, pass it forward and help someone else out.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #97  
Old 26 July 2016, 13:40
Golden Tiger's Avatar
Golden Tiger Golden Tiger is offline
Confirmed User
 
Join Date: Oct 2004
Location: NC
Posts: 381
Quote:
Originally Posted by CV View Post
Good job. Now, pass it forward and help someone else out.

Aye aye. Already have this and others bookmarked and ready to go if I come across anyone else wanting advice. Truly great stuff here.
__________________
"Keep a sharp knife, shiny boots and be on time." - James E. Williams
Reply With Quote
  #98  
Old 13 November 2017, 12:38
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,310
Life has been busy, but I know a lot of folks who have been asking for more information. There are some core certifications that any IT Security pro should look to have. I can't edit the original post, but here's a good update that somewhat overlaps with what I've already said throughout. I guess you could consider this a 4Q 2017 update

CompTIA Security+: This is considered an entry-level certification, but it provides a really solid foundation that will build into other areas. If you are green to the field, start here. If you have no prior IT knowledge, look at their A+ and Network+ certifications (not required to pass Security+ though).

Certified Information Systems Security Professional (CISSP): Recognized all over the world, this certification has somewhat become the de facto standard in cyber security. It has a lot more weight in DoD/Govt. as well.

Certified Ethical Hacker (CEH): Entry-level 'hacker' certification that is very valuable in terms of be recognized. From a functional point of view, it's actually pretty good in that it teaches methodology. It won't make you a hacker, but it will set you on the path.

GIAC Penetration Tester (GPEN): Next level up. Good cert that takes CEH to the next level. It's expensive, which sucks, so you most likely won't get this one unless your employer pays.

eLearnSecurity Certified Professional Penetration Tester (eCPPT): This one is not as well known overall, but folks that manage offensive teams know about it. Generally, I put this on par with GPEN, but maybe one notch above. The price is affordable, too. I recommend this one prior to working on OSCP.

Offensive Security Certified Professional (OSCP): This is quickly becoming the standard for any offensive type of work. I can't recommend it highly enough. It's a practical exam, not multiple-choice. Most teams are requiring this one as a minimum these days.

I have functional experience with incident response, GRC, reverse engineering and more, but my background is more geared towards threat and vulnerability management. I can help with specific answers regarding training in these areas, but this post would get very long. We also have some great folks on SOCNET that can delve deeper into those areas, too.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #99  
Old 15 November 2017, 08:08
Polypro's Avatar
Polypro Polypro is offline
BTDT
 
Join Date: Oct 1999
Location: A Noisy Bar In Avalon
Posts: 11,974
Quote:
Originally Posted by Polypro View Post
So, you work for a Vupen type company? Awesome... how about instead, notifying the software mfgs of the vulnerabilities so that the entire world can be safer from cybercrime, and not helping the government violate the Bill of Rights some more?

...And the Chickens have come home to roost, LOL. "Keep these vulnerabilities secret and stockpile them boys, they'll never end up in the hands of the assholes".
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 16:58.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Socnet.com All Rights Reserved
SOCNET