/RPG/ Remote Pentester General - Sunday Edition

You're doing gods work op spreading this Intel to biz neets

Read your previos post. Starting to learn linux now. What linux distro do you reccomend to learn first?

Dont worry about distros too much bro they're all basically the same, but kali or just download the tools and put them on ubuntu

pls respond OP

Currently working through the junior pen testing cert . Slides are a little dry but still good content.

The telegram channel doesn’t work or it is coded?

I love these threads. Just bought some books on pentesting but I’m a alazy NEET so keep posting them and I’ll get around to it when I’m not waging. Thanks for doing this user.

Attached: CE03EBDC-50CD-4685-9FF5-D1250E57E324.jpg (540x680, 61K)

that sounds like too long. my guess is that guy is a total brainlet. I was working full time when I did OSCP. I did some initial study during a period of a few months with no job, but rly, 2-3 years sounds like way too long if you are truly on task...

likely. I'm watching VIDT and LINK. LINK is a long-term interesting one. VIDT may be nice sooner. Other than that, I'm not interested in many shitcoins. Mostly top 5.

I got it in 4-5 months

np

I will get instructions up ASAP on connecting to the onion

ty

if you are never touched linux, I would start with linux mint, or ubuntu. I started with mint.

also this

sorry been busy working on the chat server

It should work. We had a lot of people join last week, but I did notice it seemed like nobody was seeing the announcements today. I will take a look at it and see if it is fucked up.

sounds good user

And to all, sorry I ran into some issues with the server today during testing, so it is not ready to go live. I'm really trying to get it done tonight. I found a pretty bad vuln in the software I used the first time and I scrapped it to get something more secure. Testing now.

Attached: daisy-taylor4014.jpg (2559x1706, 933K)

I should add for the timeframe question... I did it in 4-5 months but I was really hungry. I think if you don't know anything really starting out, that 1 year is a good goal.

Gameanon here!
Keep up the good work everyone. Since I'm starting from close to zero IT knowledge, I prioritized learning networking fundamentals such as the OSI model and CIDR notation before trying to dive into learning specific pentesting tools. It's really helping to put the different exploit technique walkthroughs I've seen in perspective. Also reading Georgia Weidman's book for a full overview of pentesting methodology. Highly recommend the Cyber Mentor's vids for entry level topics so far if anyone is at the same noob level as me: youtu.be/pmvkJISXw9g

romulan tiddies

>damn she’s cute
>such pretty feet
>let me see over here what site this is from
>....
FUCK

gotta keep this bumped for later

I actually went out and found myself a $20 used netbook, put a ssd and more ram in it, and then installed Lubuntu. It's been a fun little side project, and it's forcing me to get comfortable with linux outside of a VM environment. Plus, a part of me loves reviving old tech. Just an idea for ya.

thanks user. I'm just about done with the 2nd setup. Will post the onion tonight.

good stuff

thanks user

Awesome thread! I saw the guide a while back and started learning Linux today. Got it set up on my laptop and going through some guides. Hope these generals pop up more often.
Cheers OP!

Attached: 1560543981454.png (657x527, 45K)

WE'RE ALL GOING TO MAKE IT, BRAHS

Attached: YfvBjRK.jpg (1198x753, 361K)

How much do you make doing this OP?

$150k/year

np

I will certainly try to get them posted more often. It's been a real busy month, and this week I've been working on getting the IRC up instead of posting generals.

we're all going to make it

Also, the IRC is up and functional, with SSL and an onion address. It's ready for live testing. I'll drop the address in a minute. Gotta have a couple beers after all that server config.

>I'm watching VIDT and LINK. LINK is a long-term interesting one.
kek absolute brainlet

xrpcxysuvqqcg4hiwymrs2vefvvtkiby7gmp3veuiqbld74s3grjs2qd.onion

in order to connect via tor:

get on linux, you should already have a linux vm or linux box if you have been following the guide.

open a terminal and run
sudo apt-get install tor hexchat

now in terminal run
sudo nano /etc/tor/torrc

scroll down to the line that reads :
#SOCKSPort 9050 # Default: Bind to localhost:9050 for local connections

delete the #

now push ctrl+x to save and exit

now in terminal, run
sudo service tor start

now tor is running

now open hexchat. now the first time, you need to connect to a server to be able to access the preferences tab. connect to any of the default servers listed, doesn't matter which one.

once connected, on the top bar click Settings and then Preferences

in preferences click Network Setup on the left

scroll down to proxy server and input the following:

hostname: 127.0.0.1
port: 9050
type: socks5
use proxy for: all connections

ok close that to accept changes

ok now click Hexchat at the top bar and click network list

click Add
name the server. doesn't matter what. I called mine RPG-IRC

click edit
paste the onion address in the box

look down and click the checkboxes next to use SSL and accept invalid SSL certs (I'm using a self-signed cert during the test phase, I'll change it later.) The SSL is more about encrypting your comms than verifying the server, but I will update the cert in the future with a CA.

You should be done. Close the box and then select the server name and click Connect on the bottom right.

When you get in the channel, register your nickname with:
/msg NickServ REGISTER nickname password [email protected]

then /join #RPG

I'm still working on the channel list and crap like that, but you can come in and hang out and help me test it out.

I might be a brainlet. But I think LINK will do well in the future as more companies use it and it actually generates adoption. But I'm not all in.

I'll look out for the IRC then. It's fucked up that generals barely survive on biz anymore. Man just to make at least 100k and have a fucking house or apartment would literally be my dream, that's what inspired me to follow the guide. And to have a remote position? pls gib. I am going to grind to make it happen.
I wanna give my dog a nice yard ;_;

IRC is up:
xrpcxysuvqqcg4hiwymrs2vefvvtkiby7gmp3veuiqbld74s3grjs2qd.onion

also, having a yard for my dog was a big motivation to get a new house and get out of the apartment lol.

damn, congrats user
that really gives me hope! Hope you and your dog are happy now. Thanks ill save the link!

can't complain

Attached: 23589028359.jpg (225x225, 7K)

In general, it takes about 1000 hours of doing something to truly master it. Keyword, master it.

nice irc is up, need more anons in here!

Where are you located user? I currently live in NYC doing cyber sec for a very large respected bank. If you are somewhere nearby would like to meet up and talk to you.

lol sorry user. closest you can get is the IRC. as much as I would enjoy that.

yeah we do need more anons in the IRC! its only been up briefly tho, and based on the telegram activity from last week on announcement views, I think we will have a decent amount of participation.

sounds about right

Attached: sure-pal.jpg (225x225, 6K)

BASED pentester user

Hey, YOUNG user here. How young? Young. I've already watched bits and pieces of kali linux tutorials, are those good to start with? These threads are super helpful btw!!! What can I expect to make from remote pentesting alone?

If anyone was trying to get into the IRC server, or was recently kicked out, I have fixed the issue. If you still have trouble getting in, please let me know.

that is a great place to start. I always say you can expect to make at least 100k+

This thread still alive?
Security is a great field to get into. Been doing pentests and red team engagements for about 6 years now. There are endless opportunities. Lots of different directions to take. Application and cloud security are big ones now.

Pay is great, coworkers are also autistic, get to pick on Boomer network admins all day. Love itttt

OP has some great links he's provided. I highly encourage all neets with half a brain to dive into this.

I'd also include Jow Forumsnetsec for a good resource. Ya, ya, ya Reddit is for fags, I agree, but it's honestly a great place to read about the latest happenings in the field.

great stuff user. Thanks for jumping in. If you feel like kickin it ole school, check out the IRC that just went up today.

And I agree with all your points about the on-job stuff. coworker autists are the best

aspiring security user wondering what the remote/freelance job market is like? not even looking for high income - just wondering if there's jobs beyond doing bug bounties

i'm currently studying pentesting because networking and computer security / theory is the most interesting stuff to me, but in terms of jobs it seems like they usually go to teams of people and companies and there isn't much of a market for freelance

any guidance as to what to look for, study specifically, or whether there's a similar line of work which would lend towards freelance?

Attached: 1502971619414.png (400x444, 29K)

I've been watching some oscp videos and thinking about going through with this but it doesn't seem like there's enough job demand for people new to it. I have IT experience years ago and help manage a crypto network, is this enough to qualify for the experience requirements?

To do the VMs what do I really need? Should I get an used laptop, install kali on it and then run VMs on that? Right now I've got desktop with Windows and a school laptop with Mint. Can I not use my deskstop to run a VM of both Kali and the attacked VM?

Freelance work is hard unless you've already established yourself and can prove it through cve's, tools you've written, etc. Some of the tests and exercises you perform can impact operations and cause downtime for the organization. Working for a big company with all kinds of insurance and we'll vetted testing procedures is a lot more appealing to the client.

Short answer, yes. Just need to have the intelligence and drive to accomplish your goals. I've worked with folks that had no security experience before the current job and within a year they are a god at their particular job.
I'd say explore a lot of different specialities I'm the field. Find what interests you most and expand on it. Wireless, application, physical access, social engineering, etc. It has a lot to do with the current background and what you enjoy. It should come to you naturally as you get more experience and exposure.

Yes you can just use the desktop and run multiple VMs. That's the best way to test stuff imo. Have both windows open. Execute something, look back to the other vm. No result, try something else. There's no harm in having it all run off a separate laptop, just not needed in most cases.

Guys, be sure to join the IRC. Why not help each other out vs struggling individually.

this. only 7 anons have joined the IRC thus far

Interesting way to recruit military/intelligence personal. Who is funding this program? GCHQ or EUMS?

Oh didn't looked at when the thread was originally posted.
Hi NSA user

does this work for people outside outside US? can I really get in as an eastern European?

freelance is tough beyond bug bounties, unless you are really good and companies will farm stuff out to you. I'll get back to you on this with some additional resources.

that is plenty of experience. also, there are a lot more jobs for offsec than you would think, and it is growing.

yes you can run both kali and victim vms on your windows desktop. should be np. email me if you have issues and I can help with how to set the hardware reqs

this user knows his stuff. thanks for answering questions while I was away. cheers

I'm sure the IRC will continue to grow. Sunday night premier was less than ideal.

kek. I told you guys before, I am building a hacker army to defend us from our future AI overlords. Also, we're all gonna make it

Attached: 1561845217302.jpg (1500x2275, 515K)

this does work outside the US. As far as Eastern Europe goes... I mean if you couldn't get a decent job doing it, it seems like that is a pretty chill place to be a blackhat. Not that I am encouraging that, just an observation.