|
Now that my CISSP is out of the way and I've had a couple weeks to breathe, I'm looking for the next thing I want to tackle. I come from a Windows sysadmin background and have little development experience. I'm already working as an Analyst at a very large company with a not-very-mature security team so I don't need to mess with Network+ or Security+, but I'm not getting any real direction or guidance from my management on where they'd like me to focus to advance in my career here. Since my company has recently rescinded their offer to send us Security folks to any real training, I'm looking for things I can putter around with on my own. OSCP looks very interesting to me but it's not an area I've done a lot with aside from the basics. I found this write-up that looks very helpful: http://www.abatchy.com/search/label/OSCP%20Prep Anyone here who has been through it - what are your thoughts on OSCP and do you have any recommendations on how I approach it?
|
#
?
Apr 26, 2017 20:27
|
|
|
|
| # ? Apr 24, 2024 06:59 |
|
|
If you can, just watch the prof messer youtube vids for sec+ and you'll probably pass no problem.
|
|
#
?
Apr 26, 2017 21:10
|
|
|
Speaking of Sec+ mine just expired today!
|
|
#
?
Apr 26, 2017 21:42
|
|
|
MrBigglesworth posted:Speaking of Sec+ mine just expired today! Have you been hacked yet? Fallen victim to war ballooning?
|
|
#
?
Apr 27, 2017 01:20
|
|
|
I'm gonna phish a bunch of companies using a link that simply reports back when it's clicked, then report those addresses on a website so other hackers know who's vulnerable. I'll do this for exactly two days and then sell my expert inside knowledge of War Phishing to CompTIA. Then all you suckers will have to deal with learning War Phishing for your S+ exams.
|
|
#
?
Apr 27, 2017 02:04
|
|
|
Judge Schnoopy posted:I'm gonna phish a bunch of companies using a link that simply reports back when it's clicked, then report those addresses on a website so other hackers know who's vulnerable. I'll do this for exactly two days and then sell my expert inside knowledge of War Phishing to CompTIA. If we can get 3 or 4 people to attend the same CompTIA workshop, getting topics added to the required body of knowledge is entirely possible.
|
|
#
?
Apr 27, 2017 03:20
|
|
|
I'm going to use warchalk signs to trick security experts into believing that there are juicy networks to exploit, but while they're distracted with the Honeypot, I'll steal their identities. Warchalkphishing will be on the next exam.
|
|
#
?
Apr 27, 2017 03:52
|
|
|
I remember feeling proud when I got my Sec+. 
|
|
#
?
Apr 27, 2017 18:24
|
|
|
Japanese Dating Sim posted:I remember feeling proud when I got my Sec+. I remember feeling proud when I got my A+. I still carry my original card in my wallet as a memory of simpler and happier times.
|
|
#
?
Apr 27, 2017 18:37
|
|
|
OSU_Matthew posted:I wasn't planning on doing the Sec+, but I'm starting to mess around with Kali Linux and metasploit for my company to do just some sort of basic passive vulnerability review of our network configuration and I wouldn't mind getting grounded with some fundamentals that I may not have picked up on otherwise. I got the security+ by pretty much just watching the Prof Messer videos. A lot of it is just common sense stuff, and memorizing a few tables basically. The only thing I personally found useful was going over crytographic keys which gave me a better understanding of the subject. Otherwise maybe just pick up a cheap sybex book on it and dont worry to much. Speaking of worry, I have to renew my CCNA soon and I haven't done much networking work day to day in a while. Hopefully I can pick it all up again relatively quickly, and I see frame relay is off the syllabus now.
|
|
#
?
Apr 27, 2017 21:18
|
|
|
Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time. Anyone have any tips or anything to be wary of?
|
|
#
?
Apr 28, 2017 06:35
|
|
|
OSU_Matthew posted:I wasn't planning on doing the Sec+, but I'm starting to mess around with Kali Linux and metasploit for my company to do just some sort of basic passive vulnerability review of our network configuration and I wouldn't mind getting grounded with some fundamentals that I may not have picked up on otherwise. If you're already doing that, then you've already left Sec+ in the dust. There is no technical or implementation related material on this test.
|
|
#
?
Apr 28, 2017 07:58
|
|
|
Kazinsal posted:Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time. Sadly my best advice is don't take the CCNA data center exams. Most of the actually useful material is on the first test and already covered in the route/switch track. The second exam is highly Cisco product focused in a frustrating way. Questions about port counts or licensing or specific features that vary across the product line where you would normally just check a data sheet. And some stuff like the Cisco 1000v is all but dead, but still on the test. I sell and deploy UCS and I still think the CCNA DC was a waste of my time.
|
|
#
?
Apr 28, 2017 12:47
|
|
|
skooma512 posted:If you're already doing that, then you've already left Sec+ in the dust. There is no technical or implementation related material on this test. Thanks! I kind of got the impression that it's basically the same as Net+ from a few practice tests I took and passed with 100%. Since my employer is offering to pay for it I'll probably just knock it out got the sake of having it and keeping the cert ball rolling. Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile.
|
|
#
?
Apr 28, 2017 13:01
|
|
|
OSU_Matthew posted:Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile. Not necessarily basic, but check out the OSCP.
|
|
#
?
Apr 28, 2017 13:07
|
|
|
OSU_Matthew posted:Besides practical experience, is there any good basic certification or training for pentesting that you guys would recommend? I was looking at paid courses on stack social, but I'm leery of them being worthwhile. Check out https://www.elearnsecurity.com/course/ . They have Pentest Student and Pentest Professional certifications which would be pretty decent stepping stones to OSCP they even have a similar lab environment but by all accounts not quite as difficult. Also worth looking at https://pentesterlab.com/ . It's more specifically for web app hacking, but it covers a lot of modern material and attacks.
|
|
#
?
Apr 28, 2017 14:45
|
|
|
Kazinsal posted:Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time. Jesus christ you dumb bastard! No seriously, these tests are brutal. YOU WILL FAIL THE FIRST ONE. The official guides will not do or show ANYTHING about what image management with the kickstart and boot options/sequences are. I dug up my post history and found this link here from what I posted in the past, you MUST know the information in these pages OR YOU WILL FAIL. https://forums.somethingawful.com/showthread.php?threadid=3521165&userid=76442&perpage=40&pagenumber=5#post457575426
|
|
#
?
Apr 28, 2017 15:50
|
|
|
I'm not sure if this belongs here, but I have a question about Cybertraining 365. It's offering a certificate program for "ethical hacking" for about $45, and it's a field im looking to get into, but I can't find any information about CT365 other than stuff from their own website and a couple advertisements on other tech sites. They claim to have over 1600 reviews, but I can't seem to find them, and all of their individual programs have maybe 1 to 20 reviews rating them between 3 and 5 out of 5 stars. $45 isn't a lot, but I am looking for certificate programs that will be strong on a resume so I can find something entry-level. I'm also looking to not get scammed out of my money, as I don't have a lot to start out with. Any information regarding CT365 or other starting certificate programs for programming would be appreciated.
|
|
#
?
Apr 28, 2017 16:08
|
|
|
Kazinsal posted:Ordered the CCNA Datacenter books today, hoping to crank those exams out in a couple months' time. Unless your company is paying for you to do this exam, don't do it. Stick with the routing & switching track, but dear god don't punish yourself with this one.
|
|
#
?
Apr 28, 2017 17:00
|
|
|
Oh boy am I ever glad work's paying for these  Thanks for the help guys.
|
|
#
?
Apr 28, 2017 17:24
|
|
|
Kazinsal posted:Oh boy am I ever glad work's paying for these I used the Lammle book for the first test and didn't have any problems, fwiw. It's mostly the same material as the route switch tests except with a Nexus focus.
|
|
#
?
Apr 28, 2017 17:54
|
|
|
Outside of going to school for it (I'm about to finish my bachelors in physics already), what is a good avenue for getting involved in IT at an entry-level position? Are there certifications or classes that can be taken?
|
|
#
?
May 2, 2017 19:11
|
|
|
Buy a book for the Network+ exam. You'll learn real quick if IT work is up your alley, and it will be good for landing interviews at entry-level positions. e: to this point, I had a friend of a friend talk to me about getting into IT. He was really psyched about working with computers. I handed him my N+ book and told them to give it a look-through, and a month later followed up asking how it was going. He said he read the first few chapters over and over again because he just wasn't getting it or retaining any of the information. On the one hand I didn't want to scare him out of a career path, but on the other hand there are a lot more complicated things you'll have to learn than the first few chapters of N+. It's not for everyone. Judge Schnoopy fucked around with this message at 19:21 on May 2, 2017 |
|
#
?
May 2, 2017 19:14
|
|
|
Verisimilidude posted:Outside of going to school for it (I'm about to finish my bachelors in physics already), what is a good avenue for getting involved in IT at an entry-level position? Are there certifications or classes that can be taken? You could also find an MSP and work tier 1, most of the time they will hire a warm body to fill a seat, that's how I got my start. You could do this while studying for an easy cert like Net+ or A+ MF_James fucked around with this message at 19:19 on May 2, 2017 |
|
#
?
May 2, 2017 19:16
|
|
|
Judge Schnoopy posted:Buy a book for the Network+ exam. You'll learn real quick if IT work is up your alley, and it will be good for landing interviews at entry-level positions. Are there any books you'd suggest for this? I already have some minor professional experience with networks and computer security, so I'd be interested in learning more.
|
|
#
?
May 2, 2017 21:21
|
|
|
Either Mike Meyers or Todd Lammle's Network+ books are fine and should get you what you need. There's also these videos which are pretty good, too.
|
|
#
?
May 3, 2017 18:56
|
|
|
Holy balls, I hope the next revision of the Cisco curriculum doesn't use Flash. I hate Flash. Chrome hates Flash. No one likes Flash. Insisting that the exams use it for those matching questions is just a sure-fire way of people not doing them. Less customer service questions too "What do you do in this situation? [Ever answer is something you'd do in that situation]"  Edit: Oh yeah, less Java too. Gotta have you launch Packet Tracer to figure out something to answer in the exam! Jimbot fucked around with this message at 21:39 on May 3, 2017 |
|
#
?
May 3, 2017 21:31
|
|
|
Turns out the Network+ is a lower cert than the Security+, so my S+ wasn't renewed when I passed my N+. I probably should've put more than 30 seconds of research into this considering the entire reason I took N+ was because I didn't want everything to expire. Oh well. Now that I am no longer security certified my networks are now at risk for being war ballooned.
|
|
#
?
May 4, 2017 18:30
|
|
|
I think balloon/dronekilling is more of an FAA or Fish & Wildlife activity, depending on what you're employing as a kill vehicle.
|
|
#
?
May 4, 2017 19:00
|
|
|
Potato Salad posted:I think balloon/dronekilling is more of an FAA or Fish & Wildlife activity, depending on what you're employing as a kill vehicle. My kill vehicle is a buffalo
|
|
#
?
May 4, 2017 19:08
|
|
|
Renegret posted:Turns out the Network+ is a lower cert than the Security+, so my S+ wasn't renewed when I passed my N+. They'll run faster though, now that you're N+.
|
|
#
?
May 4, 2017 19:14
|
|
|
It's been 3 weeks to the day since my endorsements were submitted and I just got an e-mail from ISC2. I was excited, but it's just an automated update that my endorsement is still being processed and to plan on waiting the entire 6 weeks.
|
|
#
?
May 4, 2017 19:48
|
|
|
Solaron posted:It's been 3 weeks to the day since my endorsements were submitted and I just got an e-mail from ISC2. I was excited, but it's just an automated update that my endorsement is still being processed and to plan on waiting the entire 6 weeks.
|
|
#
?
May 4, 2017 23:19
|
|
|
Going to be going to WGU in July for BSIT - Security track (the CCNA one). I have an AS in Computer Science that should transfer. I know a few guys posted in here about a year ago that it was a good track, any regrets from anyone? I'm working at a tech company in QA right now and have a lot of downtime at work where I could knock this stuff out quick. Also, they introduced a new Cybersecurity and Information Assurance BS that tracks into their Masters program. Any thoughts on this program instead? https://www.wgu.edu/online_it_degrees/cybersecurity_information_assurance_bachelor_degree Certs Earned:
|
|
#
?
May 5, 2017 01:50
|
|
|
Any Canadians ever go through WGU? I'll need a degree in the next 5-10 years but I'm not american. The certs you get are a plus.
|
|
#
?
May 5, 2017 02:54
|
|
|
I'm 4 classes from finishing the security track and it was good. The easy bullshit classes will take a few days so you can cruise through credits. I've tried convincing friends to give wgu a shot or at least look them up and none are even remotely interested, one choosing instead to give up two nights a week at a local community college on a 4 year track towards an associate's. I just don't understand the stigma.
|
|
#
?
May 5, 2017 02:59
|
|
|
So I've passed the SSCP ISC^2 test a month ago. I had a distant coworker who is a CISSP say that he'll endorse me but after sending him two emails with no endorsement, I'm wondering what the gently caress?!? What should one do? I don't think I know anyone else with a CISSP or SSCP, and I want this cert so I can move on from my current position.
|
|
#
?
May 5, 2017 03:01
|
|
|
FCKGW posted:Going to be going to WGU in July for BSIT - Security track (the CCNA one). I have an AS in Computer Science that should transfer. That's good but certifications complement your education. What are the classes in the curriculum?
|
|
#
?
May 5, 2017 03:31
|
|
|
Tab8715 posted:That's good but certifications complement your education. What are the classes in the curriculum? They're at the link on the site. Program goes live in June I believe. Program Guide PDF
|
|
#
?
May 5, 2017 03:53
|
|
|
|
| # ? Apr 24, 2024 06:59 |
|
|
Yeast Confection posted:Any Canadians ever go through WGU? I'll need a degree in the next 5-10 years but I'm not american. The certs you get are a plus. I did, I went through the BS IT Security degree. Graduated about a year and a half ago. There isn't really an issue other than any of the grants and financial aid programs don't really apply. Feel free to shoot me a PM if you have any questions.
|
|
#
?
May 5, 2017 06:32
|
|
