This thread is for the discussion and support of those anons who have accepted the Quest to become remote pentesters. I am OP, my email is OSCPanon at protonmail. You may contact me via email with any questions related to hacking professionally, or learning to do so.
Link to the last General thread: So what are you doing to further your Quest this weekend user? Here are some good resources and things you could start working on:
Free ebook downloads for several of the books I cover: b-ok.org/
Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.
Monetization section (updates soon):
Bug bounty site (hack large companies and websites for bounty rewards): hackerone.com
Hackerone also runs this site, which is for learning: hacker101.com/
If you are looking for the original PDF guide I posted, it has been added to the General post in a pastebin link. As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.
You got this anons!
ps. I'll be adding IRC chat info and guide for anonymous IRC use soon!
Oliver Howard
/RPG/ General will usually run every Saturday, for most the day. I had to push it back to a Tuesday Edition this week due to life events this past weekend. If we miss a Saturday, I'll try to post the thread within a few days. We will run weekly.
Aaron Wilson
cool, thanks. started messing around with the over the wire wargames.
note I am a little behind on emails. But I will always respond ASAP
thanks user
hands on? If you mean Physical Penetration Testing / Physical Security Assessment , then absolutely! Last thread we actually discussed this quite a bit. I sadly forgot to add the notes on that discussion to the OP post. I will go back and pull the info from that last thread and be sure to add it in the OP posts in the future. For now, here is an overview : redteamsecure.com/physical-penetration-testing/
Or maybe you meant you are already skilled in remote pentesting, which is great too. I'm sure we can have some discussions about more advanced pentesting tactics. Last thread we also discussed putting together some teams for online CTFs, and we would be glad to have someone already skilled.
I'll be adding info for upcoming CTFs soon, in the meantime, feel free to ask questions about more advanced tactics, or lend your knowledge.
Ayden Peterson
Physical. I haven't touched anything but a little bit of html or js in ages.
Bentley Cook
Very cool. Lockpicking and break-in? Or more social engineering? I know some great lockpickers and I have done quite a bit of social engineering myself. Need to work on my B&E though.
Defcon holds a Social Engineering competition each year which is really cool. Though it is over the phone / remote.
Trying to remember the name of the guy, but there was a very interesting court case years ago involving a guy working for CIA as a safe-cracker, which revealed some amazing stuff about their hacking program which included physical break-ins. If I can find it, I'll post it here.
Social engineering, but I'm decent at the break in portions. I need to brush on my safe-cracking and digital security systems though. I used to be decent with fingerprint locks but I think they've improved the tech in recent years by leaps and bounds.
Austin Green
OSCPanon! I was getting worried about you when you didn't show up on Sat. I searched warosu today on a lark and was pleasantly surprised to find this thread!
Hope everything is hunky-dory in your life now, just wanted to quickly pop in and let you know I'm staying the course and will have plenty more questions for you via email later in the week.
Gotta go run errands now, but for all the other anons I want to share another good blog resource I found for all things pentest-related: hackingarticles.in/
Very cool. Social Engineering is not my specialty at the moment, I have transitioned more to attacking software and networks, as well as exploit development. SE was a lot of fun though. It's very challenging and rewarding. Do you have any suggestions on resources/books for anons interested in Social Engineering who may not know how to go about learning to improve such a skill? Do you do any competitions or practice in any way?
gameanon! Good to hear from you. Glad to hear you are staying on course and making progress. Sorry I haven't gotten to my emails yet from the past week. I will get to them soon, but wanted to get this thread up first. Keep us posted and thanks for dropping in with a good resource too!
Isaac Lee
I used to do some unlicensed PI type work, so I got to hone my skills in a lot of hands on scenarios. My usual beat was tracking people who didn't want to be found, which usually meant persuading people who knew where they were to cough them up.
Elicitation is a pretty key skill. There's a drill that has two parts to hone it. The first part is looking at someone Sherlock Holmes style and trying to piece together anything you can figure out about them based on their physical appearance and mannerisms. The second part is eliciting as much of their life's story as you can get from them then matching it up to your assumptions. What you quickly learn is that some people you can read by looking at them but some you can't. In fact the point is to figure out which categories of people are going to be difficult targets for your skillset because you can't read them visually.
Angel Garcia
to everyone believing you can stay in your comfort zone and earn some neet bucks by doing > remote pentesting it's (very often) a meme. you'll just work as underpaid software tester. the only ones making money on this are the companies selling your labour and the ones not hiring real certified testers. a $ 3k online video class is teaching you nothing besides "metasploit for elementary school". i'd usually give a shit about that and say to myself everyone has to make his own mistakes but that stuff is dangerous because you can become trapped in the click worker zone. if you are interested in it sec go for it but don't think it'll be easy. i'm happy for op he is one of the rare exceptions.
Isaiah Thomas
OSCP doesn't allow metasploit on most the course-work and it is only allowed to be used on 1 of 5 targets on the exam. This course, unlike most others, is the only one that doesn't rely heavily on metasploit and actually forces you to learn how to do these things manually. You don't know what you are talking about, and your 'shoot from the hip' assessment has shown that.
Your assessment of the field and work available is just as poor. Please don't discourage people from pursuing a valuable and enjoyable career path without even doing your research user.
Very interesting. So what are some tactics when you find that a target is someone who doesn't trust people or open up to them easily? I am always curious about this, especially considering I would place myself into such a category.
Isaac Bell
imo pentesting is the most coveted job in software and the people i know who do it successfully are fucking insanely brilliant and there's no way some shlub could pick it up and run with it. the competition is literally the highest quality in the world in software.
Cameron Kelly
Some of that comes down to acting and some of it is situational, while the remainder comes down to smart choice of targets. The path of least resistance is typically not through some crazy paranoid person who shoots trespassers on sight.
Zachary Perry
lol fair point.
I agree on most your points here. I certainly think many people want to be penetration testers. Most everyone I met on the defensive side either has aspirations to go offense, or wishes they could/would.
I know some people here have asked why I am bothering to post this stuff here. They say that the people here are not capable, are too dumb to do the job. My first response for this is, very simply that I have been on Jow Forums for a long time, and at one point, those same people would have said that about me. My other point is that I feel that the type of people on Jow Forums, and /biz in particular (which is why I post /RPG/ here and not on /g) are the type of people who can do very well with hacking / pentesting. I wouldn't aggregate all this information, post it here, and I certainly wouldn't encourage people to spend time chasing it, if I didn't think anons were fully capable of doing so.