This is just a place for me to put my stuff because I can never remember the syntax… and that one cool config I had on that machine one time… And for projects.

Outside of work, when I have some of “spare” time, I like to do things that are interesting and profitable. Right now I'm working toward the OSCP. I'm following a path laid out for newbies in a book I read.

• A while I ago I passed the CompTIA Security+ certification exam (need terminology, concepts, etc.).
• I then worked on and passed the CompTIA PenTest+ certification exam (entry-level concepts and such for penetration testing).
• Most recently I passed the eJPT. I enjoyed this cert more than any other I've taken before. Lots of hands-on labs (less “book learning).
• Next, I have in mind TCM's PNPT, but first I need to get this nixWiki updated with my eJPT notes and then I need to play around some over at Hack the Box.

Do the Thing: A recommendation from Daniel Miessler's Unsupervised Learning NO. 336:

If you've been studying and planning to do something cool for a long time, stop it. Do the thing. You can still study after you're doing it, but don't let the studying trick you into thinking you're accomplishing something. You're not. It's a trick. Do the thing.

Thinking about using LaTeX for some writing I have on my back-burner. Learn by doing:

1. Go through a quick tutorial
2. Then use it for their writing projects you have in mind.

Resources:

• Cheat Sheet
• The Not So Short Introduction to LaTeX (or LaTeX in 139 minutes) by Tobias Oetiker (highly recommended book)
• A Quick Introduction to LaTeX by David Richeson
• Learn LaTeX in 30 minutes
• Wanna Learn LaTeX? by Luke Smith
• Luke Smith's Tutorial Playlist
• How to Install, Use and Extend LaTeX
• Making a Resume with some LaTeX Magic (Part 1)
• LaTeX Beginner's Guide by Stefan Kottwitz (PDF book)

This is my dumping ground (my “catch mechanism”) for stuff I want to do, read, research, etc. in the near future.

This guy has a good OSCP write-up with good, practical advice.

1. Bandit: Over the Wire
2. Good Pre-Enrollment Advise, Links & Projects (Buffer Overflows, Python Refresher, etc.)
3. VHL
4. HTB with Ippsec and The List
5. OSCP Prep & Notes by shreyaschavhan
6. OSCP tips and tricks by Unicorn Security

• Journey to OSCP – 10 Things You Need to Know
• A Detailed Guide on OSCP Preparation – From Newbie to OSCP
• How I Passed the OSCP on the First Try

Just to make note of some other INE learning paths that caught my eye…

• Penetration Testing Student
• Penetration Testing Student v2
• Penetration Testing Professional
• Advanced Penetration Testing
• Digital Forensics Professional

Some more ideas to get some practical, hands-on experience (instead of just books and flash cards).

Start with Starting Point:

• Starting Point shows you how to get started in the platform and all the basics you need to know to stay on top of your hacking game.
• Starting Point is a linear series of Boxes tailored to absolute beginners and features very easy exploit paths to not only introduce you to our platform but also break the ice into the realm of penetration testing.

Start Point is part of the HTB main platform (not the Academy).

• You need to set up an account to access it.
• However, you can work through Starting Point for free: ” You can enjoy Starting Point for free. A range of free Starting Point Machines will always be available. However, if you decide this is the place for you to learn and take your hacking skills to the next level, by subscribing to HTB you unlock not only more Starting Point Content but the entire HTB platform…“
• Each Tier comes with recommended Academy Modules (see recommendation below).

They highly recommend you supplement Starting Point with HTB Academy.

• Starting Point serves as a guided introduction to the Hack The Box Main Platform.
• HTB Academy is a learning platform that guides you through developing pentesting skills.

Supplement Starting Point with HTB Academy:

• Academy is like a “University for Hackers.”
• It offers step-by-step cybersecurity courses that cover information security theory and prepare you to participate in the main Hack The Box platform.
• HTB Academy is highly interactive and is intended to be a streamlined learning process that is simultaneously educational and fun.
• First HTB Academy Skill Path: Cracking into Hack the Box.
  • This path introduces core concepts necessary for anyone interested in a hands-on technical infosec role.
  • The modules also provide the essential prerequisite knowledge for joining the main Hack The Box platform.
  • This is also the content necessary for progressing through Starting Point.

And then supplement HTB Academy with Hacking Labs:

• Hack The Box’s Hacking Labs offer a fully interactive pentester training environment.
• You can exploit vulnerable machines at a variety of skill levels, from Easy to Insane difficulty.
• You can also track your progress and show off what you have accomplished with employers who are hiring pentesters.

At this time, the main Hack The Box platform and HTB Academy use separate accounts, so even you've already registered for Hack The Box, you'll need to make a separate account for Academy.

1. Register for HTB: $135.00/year
2. Register for HTB Academy: $490.00/year

Semi-helpful Blog Article: How to become a penetration tester

Daniel Miessler, UL #353 [2022-10-22 11:33AM]

“The most personal is the most creative” ~ Scorcese

If you really love something, create around it. Create about it. And if you really hate something, create around that… The point is, when you're looking to be creative, figure out what you like and don't like. Gravitate towards those for ideas. Ask yourself, “what should have been created instead of what exists?”.

”'What am I really sick of?' is where innovation begins.“ ~Jerry Seinfeld

Confused after JR Pentester [2022-09-23 8:17PM]

QUESTION: I've completed the JR Penetration Tester learning path in TryHackMe.Now I'm confused about what my next step should be… another path? start trying to crack boxes? prepare for the eJPT certification?

ANSWER 1: Do0gle121

Don't worry so much about “paths”. Start doing all the boxes you can by yourself without any help. Doing the boxes will teach you far more than answering a few questions. Go as far as you can until you find it impossible to move on, figure out where you're stuck and learn that specific area. Repeat process.

As an example - I said before that I find accessing boxes and getting the user flag fairly easy, but escalation is a problem for me. So I looked up guides specifically for escalation and now I'm far more confident in that area. I find in other boxes I'm not so clued up on command injection, so I go back and look over that guide again, also looking up Youtube videos for even more information. One thing to remember, no matter what you're doing - take notes, lots of notes.

Don't feel like you have to stick to any set path, it doesn't work that way. Once you have a basic skill set and a bit of knowledge (which you should after the JR path), just start hacking boxes all day.

Two of the easiest boxes to start with, if you haven't done them already, are Brooklyn 99 and Basic Pentesting. They both are very simple paths and require little technical know-how to complete.

ANSWER 2: TheMadHatter2048

I say go for your eJPT or maybe another one up. Also you can DEFINITELY start the offensive path !!! I did that one and I’m actually going to redo the AD room from JR Pentester since I’m at 98% technically lol , they redo these