Видео

Will this content ever be available on-demand? If you guys put out a course, I'd happily pay for it

My dads friend works with sam as a part time firefighter and recommended this video. Was great thanks! I am getting my Masters in Cybersecurity Analytics and looking at starting the HackTheBox CPTS certification training path this month since the OSCP is so expensive.

Thanks Spencer for another amazing and educational video!

Please provide a link to the courses or workshops.

Thanks team, enjoy your insights 👍

It's nice seeing content that goes beyond 'how to break into infosec' and actually helps us on the front lines slapping the keyboard and working with stakeholders. Not that I am some grizzled vet, just saying I appreciate the deeper content.

As someone who follows chess and CyberThreatPOV, I really thought I was about to watch a chess strategy video lol

nice overview. i remember in the mid 90's how simple it was to spook emails. Ah the good old days..

where is CISSP ?

Thanks Typer and Spenser for the tools. What do you think about Purple knight ?

Have recently subscribed to this channel, and really like the one-on-one chats between experts in their various fields. Especially when discussing some of the issues you see on jobs and where you see customers failing over and over, and how you would improve things from a Red and Blue Team perspective. Lots of useful things in these videos, so thank you and keep up the great work.

Great content thank you for uploading!

What note taking applications do you guys use? Do you have something different for building your report during a pentest vs something to use while studying/practicing pentesting? I've heard a lot of popular options like Obsidian and Notion but it'd be nice to hear the opinion of actual pen testers. This channel is an absolute gold mine BTW! Every episode has helped me tremendously as a new pentester/new to cyber, so thank you!

I seem to have been stuffed with tons of credentials. I have no idea how I got them, don't know if I'm using them, but I know they are there. I've looked at them... There are too many for me to look at all of them. should I be concerned?

Great episode! Looking forward to the flipper zero episode!!

Ejpt sucks. The fact that it doesn’t have a renewal track means you constantly would have to take it every three years to renew. The pricing is fine but C for the horrible renewal. Even if you don’t get other certs you should have the ability to upgrade by taking a higher cert from them

Just an FYI, if you renew your SANs cert they provide you updated materials and lab files. I know the recert fee is expensive but not $9K (~$450) so I still hope this helps someone know they can get new materials. I agree it's be nice to know timing of new courses. They do show courses in beta I believe. "Your certification renewal includes an updated set of course books, audio files, and any relevant lab files." There are certain licenses and hardware it looks like which aren't included. You can request physical books or get the digital version.

Did you guys' place CPTS in the same position as Pentest+? I think that is really unfair considering the amount of hands-on knowledge you need to pass the CPTS. CPTS really deserves to be on the A tier. That's just my opinion...

Great stuff guys!

Ejpt over Cpts... Ummm..

COOL!

I have the CPTS and it should definitely be S tier. But I can understand at the time this video was uploaded it might’ve not been known how great it is

I’ve never done actual pentesting, I’ve only done Bug Bounties. But I would think in a pentest, the limited time is a big deficiency. The top bug bounty hunters that hack apps like Google or Yahoo have months of deep diving into the applications and they figure out unique ways to hack applications. Another issue with Pentesting is once you get RCE then I would think the motivation to find other bugs die down. You’ve already proved a big impact bug, so there’s no need to look for CSRF or XSS. But in Bug Bounty, each bugs makes you money so after finding an RCE, as a bug hunter, I would go deeper into finding as many bugs as I can. Because where there’s smoke there’s fire.

Great episode thanks for the upload

Awesome guide

I think what makes OSCP A tier and not S tier is the training. Yes, it has the name recognition, but if you were to put one person through the PWK and another through TCM training, and don't bother with testing, the TCM student would perform better at the job.

When I first heard this as a Podcast, I thought you were saying "Pink" Castle. Makes a lot more sense now!

Just started python, this episode hurts though.. not sure I could ever do all that on top of doing my CPST

SANS is just a big rip off 😢

Aye!! Loved the podcast. Thank you gentleman for your insight. As a Security Operations Engineer trying to break into the pentesting field and holding eJPT, CRTP, PNTP, CRTO, and gunning for OSCP in 2024, I had a big, goofy smile on my face by the end of it. Darrius, how did the GCPN certification treat you? I just found this channel today, but I skimmed through the videos and didn't see a "I'm sorry, I messed up" post about it 😆Also CPTS seems to be taking the industry by storm now. I've heard nothing but great things about it recently to the point where I'm contemplating purchasing it after OSCP. It would be fantastic to get a firsthand review from your team if someone has the time to pursue it this year.

Thanks for this. Noted for future certs. :)

Bro this will be helpful for my future certs. very informative based on real pen testers. please upload more videos like this, like HTB certs such as CBBH, CDSA

www.securit360.com/threat-intel-newsletter/

so, fuzzing.

Would love to see some more. Not too many great certs or clear paths for webapp pentesting got the cbbh and burpsuite practioner lined up but thats it

www.securit360.com/threat-intel-newsletter/

www.securit360.com/threat-intel-newsletter/

www.securit360.com/threat-intel-newsletter/

Learn how to prevent social engineering attacks -> ruclips.net/video/rB5dkpqc1rU/видео.html

More cybersecurity hot takes here -> ruclips.net/video/1mny7KF6oNE/видео.html

⚫ Weekly Threat Intel Newsletter securit360.com/threat-intel-newsletter/

⚫ Weekly Threat Intel Newsletter securit360.com/threat-intel-newsletter/

⚫ Weekly Threat Intel Newsletter securit360.com/threat-intel-newsletter/

⚫ Weekly Threat Intel Newsletter securit360.com/threat-intel-newsletter/

⚫ Weekly Threat Intel Newsletter - securit360.com/threat-intel-newsletter

Good to see @SamErde

Good job guys !!!!❤

7:50 I like how you mentioned the Sweet32 attack Tyler. I'm currently practicing DNS enum and host discovery (namp, sublist3r, etc) and I see cryptographically weak ciphers a surprising amount of times, but rarely are MITMA's ever inscope on hackerone. But the both of you are right...exploited in the wild...probably never XD. Would either of you know a cyber security mentor or any resources other than youtube or TCM security when it comes to learning about DNS enum and other OSINT skills that will aid in attempting to bypass CloudFlare or nginx? How difficult is it these days to get the IP's of the origin server? (im doing bug bounties exclusively at the moment)

😏 "promo sm"