Redpill me on Cybersecurity

Holy shit kid this field is definitely not for you. Stay in school and spend less time here.

>Holy shit kid this field is definitely not for you.
Why would you say that? Because I don't want to get arrested for 5-10 years?
>Also implying I have any in depth knowledge in this field
If I did I wouldn't have made this thread

If you chose the right school (aka one that sets their courses and gets money from the NSA) you will pick and chose where you go. If you think it is easy money, or spend your time acting like a fucking faggot on Jow Forums, or don't put in effort on the side you will end up a level 1 ticket jockey.

I have a CS degree with a concentration in cyber security and computer networks. Should i be going after certs?

Im a decent programmer, what kind of things should i be making? A made some ciphers in a cryptography class and we were supposed to make a program that hashed a file or something but that got scrapped. Should i just do that and work on my own malware/ tools?

You should already have a lab with esxi or something similar to practice everything that is taught in classes in the real world and develop your abilities. New techniques and talks that come out should be replicated yourself.

I am not him but I guess because you seem gullible.

I don't think so. More like I just want to be careful

Give one example of what you said happening.

Just dont be a fucking retard, whoever you work for will tell you company policies.

Did you read my post at all or were you looking for someone to call a faggot. It appears from your reply that you had no reading comprehension at all in regards to my post.

From you reply, you won't make it. I answered your question and since you are expecting A+ level certs to carry you, you picked the wrong school. You will be a ticket jockey.

Ok pal, I plan on getting my master's degree but I'm trying to see how i can get in the field as early as possible. You dont have to be a dick and assume shit. What qualifications do you have that are so great. In my experience people who are rude for no reason have something to hide.

Go for your masters then, I went to an accredited school, picked and chose which internship I wanted, and then turned down job offers for one I wanted. I am currently a security engineer.
Do whatever the fuck you want.

Not necessarily so. CISSP does come in handy, but work experience makes the difference.

Sadly CISSP is becoming much more of an HR gate than anything else unless you are looking at real offerings that want real certs like OSCP. As soon as you can get a CISSP you want do, just gotta bite the bullet and do it because it is worth it in the long run.

>Sadly CISSP is becoming much more of an HR gate than anything else
Correct. It is the only reference HR whores have, or when automation scans your resume for it.

>looking at real offerings that want real certs like OSCP
I have OSCP and can recommend this above any other certification in the cybersecurity field. It gives a person a thorough understanding of how things can be secured. I wouldn't take OSCE since it seems overkill.

Is OSCP worth the price?

Yes, you learn in a practical way what cybersecurity truly is about. At least, I did learn a lot from it. Not just the security part, but also reporting your findings in a way that is understood by a large audience. The certification is valid for a lifetime, as long as you don't violate their rules.

Yes, I didn't even take the test but the knowledge helped me through interviews and got me a decent job.

How long does it take to complete?

>thinking you need a degree or certs to get a job in infosec

as an offensive researcher/pentester if you know what you're doing then most large companies won't care. if you're doing client or gov work then certs will be required so they know you aren't a fucking moron and they can check a box.

currently

Oscp is basically just giving you a rundown of the types of vulnerabilities and tools to find them

Osce is about making modifying and working with exploits.

Osee is about finding making and writing your own exploits.

If you want to just be a baboon that can find known vulnerabilities running tools I.e pentester you get oscp. If you want to work with actual lower level security you go for osee or osce. Given I wouldn't suggest osee unless you have a software development background. Sadly cyber security as a field is a bunch of people running tools a few made for vulnerabilities a handful are able to discover. So pick where you want to end up in that chain. As a someone who worked as a embedded systems dev for years before getting into security I can say a good dev will be bored out of his mind as a pentester. You aren't using a vast majority of your skillset as such I suggest going towards tool development or exploit development depending on your background and understanding. Hope this helps user.

The website says a prereq is the kali course, is that actually needed?

watch this video on how not to be a dumbass: youtube.com/watch?v=S8GPTvq1m-w

for work-related things, don't shit where you eat. it's pretty simple. if you stumble across something you aren't supposed to then just notify the sec guys so you can say "hey, don't think I was supposed to be able to access this. wanted to let you know in case it needs to be fixed"

That depends on you. I completed the PWK in 2 weeks; spending evenings and nights doing the exercises while working through the day. If you have experience as a pentester, take at least 60 days. No knowledge at all, 90 days, with a possible extension.

It is needed if you want to do the labs and exam. If you want to gain study points to uphold other certs like CISSP, CISM, or CISA, then do so.

This user gets it. A development background helps with these certs, but also with your career prospects.

bump

thanks

>and a TS/SCI
How are you getting away with only a Sec+ are you not contracted to meet NICE baselines or are you actually an IAT not an IAM?

Attached: Approved_Baselines.png (703x464, 15K)

CISSP is to see if you already know how to be compliant with goverment regulations, etc.
OSCP is to see if you understand what to harden in an environment (at least within a time period of you going through it)
Completely different purposes. If for some odd reason your job needs to know both it's easy enough to get both.

This and computer engineering is a fine degree to get if you want to do that

Certs are worthless
Vulnerability research is the only true security field
Running metasploit doesn't make you a "Pentester"
99% of the people in security are charlatans

I dunno dude, none of the operators or contractors I have worked with needed more than a Sec+ either.

I am currently studying kali so I can more easily do the OSCP when I have the dosh to sign up for it. Can you help me with two things?

1. no matter how i do it, my mac keeps reverting back to my hardware mac. How do i fix this? when i use TAILS it doesn't fuck up like this so why can't kali? i've tried using both macchanger wlan0 -a, macchanger -r-b wlan0, and ifconfig wlan0 ether 00:11:33:44:sf:ts and such, but i'm just fucking stumped as to what's causing me to revert
2. How do you violate the kali rules exactly? is it for white/gray hat only?

Can you do pentesting on just certs?

Do you take the device down before you change the mac?

Yeah, ifconfig wlan0 down and ifconfig wlan0 up.

This problem persisted through a reinstall so it's really scratching my head. I will start up, macchanger will automagically work, then when I connect to a network itll revert to hardware ip

Ok, two part question what chipset is your wifi card using? and do you have a skype or discord? If so send it

>third year uni
>individual project
>wifi hotspot expoitation
Anybody got a list of things I can do with this and roughly how to do them? Or weird interesting ones?
List so far is:
>MITM - protocol downgrade, ARP poisoning, KRACK attacks
>WEP, WPA, WPA2 cracking
>captive portal attack

Find 0day in the wireless driver for the router and root it with your auth packet

Happened both with my realtek and my ralink usb wifi card.

Problem originally started when I used a python script to change my mac and persisted through a full reinstall of kali, although I did the reinstall through kali lite using apt-get install kali-linux-full
And nah I quit using those when splc statted modding discord

To clarify

>install kali
>ifconfig wlan0 down /macchanger wlan0 -r / ifconfig wlan0 up
>works fine

>put it In a python script
>run it
>cannot connect to network
>forget connections
>reconnect
>revert to original mac without even telling me
>only notice when I check it all paranoid like

Did this persistent mac change make edits to /etc/network/interfaces ?

I dont think so. I opened up /ect/network/interfaces (plaintext), but all it says is

Source /ect/netowkr/interfaces.d/* (checked the interfaces.d file and its empty)

Then
#the look back network interface
Auto lo
Iface lo inet loopback

Also when I started up my kali, macchanger worked and it was a random mac. But when i connected to a network it reverted to the hardware mac

Bump

How fix so I can #haxtehwurld

This whole thread is cringe

I bet more than half of you can't even open a port in iptables off the top of your head

I was thinking about cybersecurity as well. All I know is that my prospects with engineering will likely be low, does cybersecurity have a good opportunity for advancement

threads like this make me feel like shit knowing ill never be able to do any of this. i just want a job doing easy computer shit, not take a bunch of classes.

>and a TS/SCI.
You could wipe your ass for a living and make $90k with a TS/SCI.