/RPG/ Remote Pentester General - IRC Edition

[email protected]

bug bounties, freelance work, working for a pentesting firm. there are lots of options. check the archives for past /RPG/ threads, or email me, go to IRC, or show up in the next /RPG/ general threads, usually on Saturdays/Sundays, when we discuss general questions related to pentesting professionally.

For all anons who are brand-new to /RPG/, here are links to all the previously archived threads. There's some great Q&As and helpful resources included:

8/4/19 yuki.la/biz/15111033
7/28/19 yuki.la/biz/15009378
7/21/19 yuki.la/biz/14908749
7/14/19 yuki.la/biz/14784856
7/9/19 yuki.la/biz/14685592
6/29/19 yuki.la/biz/14460030
6/29/19 yuki.la/biz/14451088
6/22/19 yuki.la/biz/14291877
Original thread that inspired /RPG/:
6/9/19 yuki.la/biz/14246491#p14247207

Attached: 3e86bae1-cbcc-46bf-a4d5-ae588e1b5e66.jpg (700x540, 55K)

Here's the usual /RPG/ General Posts for those new:

This thread is for the discussion and support of those anons who have accepted the Quest to become remote pentesters. I am OP, my email is OSCPanon at protonmail. You may contact me via email with any questions related to hacking professionally, or learning to do so.

Link to original guide (Path to Pentest - user's Quest):
pastebin.com/vyhNRqj8

Link to the last General thread:
So what are you doing to further your Quest this weekend user? Here are some good resources and things you could start working on:

Free ebook downloads for several of the books I cover:
b-ok.org/

-Noob-friendly complete guide to OSCP content (with very helpful links):
abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html?m=1

-Another book recommendation and guide to the PWK training:
tulpa-security.com/2016/09/19/prep-guide-for-offsecs-pwk/

-IppSec (HtB walkthroughs):
youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA/videos

Learn Linux (free courses from Harvard, Dartmouth, Redhat):
edx.org/learn/linux

Learn Linux (Bandit - Over the Wire):
overthewire.org/wargames/bandit/

Learn Metasploit (free course from offensive security):
offensive-security.com/metasploit-unleashed/

Learn Python (free course & codeacademy. added youtube source):
learnpython.org/
codecademy.com/learn/learn-python
m.youtube.com/channel/UCCezIgC97PvUuR4_gbFUs5g (Corey Schafer channel)

Start creating your virtual lab with VirtualBox (Free):
virtualbox.org/

Free Windows VMs from Microsoft:
developer.microsoft.com/en-us/microsoft-edge/tools/vms/

Build your hacking OS (Kali & Parrot):
kali.org/downloads/
parrotsec.org/download.php

Vulnerable VMs to practice against:
vulnhub.com/

Vulnerable lab & CTF community:
hackthebox.eu/

free Burp Suite course (Burp Suite is the no.1 tool for web app testing):
hackademy.aetherlab.net/p/burp-suite

Other Resources (podcasts, tech reading, misc):
darknetdiaries.com/episode/36/ (great podcast. Ep.36 is about a pentest)
wheresmykeyboard.com/2016/07/hacking-sites-ctfs-wargames-practice-hacking-skills/ (collection of online CTF games)
ctf.infosecinstitute.com/ (CTFs for beginners)
more to come...
(Complete beginnger guide Network Pentest 2019)
youtube.com/watch?v=WnN6dbos5u8&feature=youtu.be

Link to Certification Info:
elearnsecurity.com/certification/ejpt/ (Junior Pentester Cert)
offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (OSCP - The ultimate goal of aspiring pentester)

Thanks to everyone who replied to my email with the guide. My protonmail inbox is now a beacon of hope. I really appreciate your warm regards, and your positivity proves to me this is going to be a worthwhile venture.

Monetization section (updates soon):

Bug bounty site (hack large companies and websites for bounty rewards):
hackerone.com

Hackerone also runs this site, which is for learning:
hacker101.com/

As always any questions are welcome, and I will answer them as soon as I can throughout the day. If you want to discuss other remote work opportunities in tech, outside of hacking, that is fine too. And anyone who wants to chime in with advice on such a topic is welcome to join in.

You got this anons!

New Announcements:

Telegram (I will use this group to announce when /RPG/ threads go up on /biz):
https://
t.me/joinchat/AAAAAFihisZbNDWUNip7Yg
(please create a new telegram account with a bullshit phone number before joining. You can get a burner number with an app called Burner App for IOS or Android.)

IRC chat server:
xrpcxysuvqqcg4hiwymrs2vefvvtkiby7gmp3veuiqbld74s3grjs2qd.onion

Thank you, I wish I was younger and found this.

No prob! It's never too late to switch careers! If you're starting from zero IT knowledge and studying at this full-time like me, you could probably do everything in 4 months. I think OSCPanon changed careers in 5 months while studying after work each day, but he had prior tech experience. To anyone reading this, you just gotta put in the time and effort, but you can do it!

Attached: be55fb3d9ee2e1ce726eb38b7028aee13a762fa4f1b0b1c2936f53bdec221195.gif (800x792, 607K)

Its not too late user. I'm an old user myself. I didn't start this path until I had a completely unrelated career and had sucessfully shit away over a decade of my life.

I generally tell people a one year goal is pretty good. I had some prior tech experience, but it was quite limited. I did everything in 4-5 months, while working full-time. Within about 1 month of obtaining OSCP, I got a remote gig. It's not easy, but it can be done.

If you are concerned about not having any IT related experience, I can give tips on how to leverage the experience in other fields you do have, as well as tips on how to land a decent IT job while you train, so that you can transition to pentesting quickly after getting your pentest certs. I believe I've also covered this some in past threads.

One year of free self-study definitely beats going back to school in my book.

Attached: 1562821292641.jpg (1200x1200, 342K)

Hey OSCP user. Good thread as always. Glad to see a quality thread on Jow Forums every once in a while.

What, in your words, is the most appealing thing about hacking/pentesting? How would you try and sell someone on this career?

can I do this with no prior work experience in my 30s lol

I actually did freelance webshit for a few years but quit to live on crypto, but that was years ago and I have 0 work or even personal references (i'm basically a hermit neet but self sustaining).

I'm a decent programmer already and know basic linux sysadmin shit. But I'm not going to sink time into learning this shit unless I see a real path to employment.

There are many things that are uniquely appealing.
Merit-based. When you hack something, either what you did works, and can be reproduced, or not. The proof is in the work. Nobody can argue with it if it is done right. There's no politics or nonsense. You do the job, you have provable results, people are happy.
Hours - Projects are results based. Nobody is making sure you are on the clock, or when you are. As long as the work gets completed, that is all that matters. No punching the clock.
Independence - No need to rely on a bunch of other people in the office or other team members. Most assignments can be accomplished by 1 or 2 testers. You can work solo pretty much all the time if you want.
Freedom of movement - You can live basically anywhere. If you work remote, you can move and keep your job. You can go on vacation and work from the hotel if you still need to get a few hours in. Nobody cares where you are.

I changed careers from something unrelated to this in my early to mid 30s, with no prior IT related experience. I got a shit IT job while I was studying and doing OSCP, and then when I got OSCP, I changed jobs to pentester in a month. You can do it. Your current knowledge would be a big boost too.

Can I still hack effectively on an Asia notebook? What kind of setup would you recommend?

Asus **

hacking doesn't require much in the way of hardware. You really just need to be able to run a VM with a light version of linux, usually Kali linux. I would suggest like 4GB ram minimum. 8GB preferred. 16GB ideal. Processor doesn't matter too much. I have an old system with kali installed directly (no vm) and it has an ancient i3, runs fine. Other than that, not much matters. Ram is probably the most important thing. If you have options, the more the better. I studied on a cheap notebook for a while. It was a total piece of shit. You should be fine.

If you want recommendations for buying a setup, that is a different story. I can provide recommendations based on your estimated desired spending range.

IT support engineer here. This job fucking sucks how do I become a vulnerability analyst/ security engineer??? I barely have IT experience since I just graduated with a math degree.

Vuln analyst? Get CompTIA certs. Start with CompTIA Security+ . After getting that, CASP should be easy, since its damn near the same info, but it qualifies you a lot higher. You could also get the CySA or a CeH if you want to do security analysis.

Security engineer, basically the same stuff I just listed, but add some powershell and patch management knowledge. Cause that is what you will be engineering.. how to get these damn patches pushed out to the whole network. It pays pretty damn well tho.

also, theres a ton of those jobs for the public sector. If you can get a public trust or low level security clearance, check out usajobs.gov or clearancejobs.com for postings. Theres so many cleared jobs they cant fill them all and will hire you with no experience, with just some qualifying CompTIA certs