You mean how y’all learn to teach people to become script kiddies.. these certs made the industry flood with skids using tools and methods they don’t really understand. Not to mention the course has so much out dated knowledges the binary exploration content is a joke .
Less "content," minimal teaching, and challenges that are often intentionally worded poorly to "make it harder." PWK is way more expensive than They Cyber Mentor, Try Hack Me, or Hack The Box... and you get so much less out of it. They really do expect you to teach it all to yourself. IDK why you need that.
"Try harder" how about you teach better! I regret signing up for the PWK. And there are roomers that people that sign up for the annual program get easier boxes on their exams, and they don't have as long of a cool down time in-between failures. #PayToWin
S1ren is my pen testing senpai. I missed her live sessions so I came here to learn stuff from her in her voice. She's so knowledgeable and her voice is calming. Hope we get to hear from you soon, S1ren!
Your clean consistent write-ups in wire side text show me what habits I need to build up now, as I am going to move towards proving grounds and OSCP in the near future. Thanks so much for your concise explanations. Have a great day!
It's faster starting with Nmap without any parameters just for a quick scan. Then use nmap -p- $IP to find all ports... with that result you can finally run nmap -sC -sV $IP -p {found-ports}
don't bother, just look at the syllabus for it, most of the exploit techniques they are teaching are long dead and useless to learn at this point. you can learn about stack overflows but how useful are they for todays environments? not all that useful. to get code execution from a stack overflow you still need things like DEP bypassing and ASLR bypassing and EMET bypassing to be able to have a useful exploit that works and is valuable. That will only become more and more rare making exploit development even more useless in the next 20-30 years or so. Exploits were a 90s and 2000s thing, they were big when things like ASLR and DEP where not around but after mitigations started to be implemented natively on software and hardware, exploits began to die and slowly we saw hackers favor attacks like phishing and brute forcing or other types of social engineering and malware deployment to breach targets. Exploits are dead man, it's a dying art.
Don't they cover DEP and ASLR bypassing or am I missing something? But also what else do you think is missing from the course? I've been following LiveOverflow and watching his exploit development videos, would love to hear your opinion about things like that