@sparkla said:
@TazWake I guess we agree on most parts although we’re largely going off-topic here.
Yeah and I am sorry to everyone for taking this off on a tangent.
OT START:
As food for thought: You should not undermine your own value, that does also undermine other people’s value.
Very good point. It certainly wasn’t my intent so I will rethink how I express myself.
I really don’t like people that are like “Hey I’m not a programmer, but… I’ve thrown this script / website / younameit together and it’s working better than that stuff of you so-called programmers” -
For me this is certainly not the case. I very, very rarely have a good solution to boxes and it is nearly always monstrous amounts of error - thats why walkthroughs are essential for me. Completing a box is a single step on the journey for my learning. Yes I can wait until the box retires but by that point my own mistakes & thinking is a distant memory.
One should not undermine the value of the other and both should not be compared.
Totally agree - in my case it is the value of others which gives me any hope
You may not be a fit for a pen-tester at this point, but I doubt that after 2 weeks of working as pen-tester you’d still have a huge amount of issues and were completely non-fitting for the job.
So dont get me wrong. If you hired me as a junior pentester I would grow into the role, but then most people could. I’ve done lots of “pentester” courses and I know the principles but there is significantly more to that - including an exploratory mindset.
My point is not that I could never be a pentester - it is probably more that I know dozens of superb pentesters who are ranked Hacker at best here, my HTB rank doesn’t reflect anything in the real world.
I’d be interested, after you said that couple of times, why you think that? What basic or advanced skill do you lack?
Well, I suck at AD exploitation and binary reversing but I am not sure that is the point. There is an element in that I am ok at reusing other people’s exploitation techniques but struggle a bit to create original exploitation.
I agree that the badge alone won’t land you a job, but it might land you an interview. Yet having that badge in your portfolio along with the rest: demo work, recommendations of previous employes, certifications, diploma, … and just some regular good old writing, accounting and math skills, like you said before, it makes a difference, it shows some hands-on experience on the matter security.
This is 100% something I agree with. But thats also why I think the badge is effectively meaningless. If hiring managers are using that as the only entry point, then yeah, turning this into OSCP type badge makes sense. In reality its one thing in a big package. If the person has all those other things then I wouldnt care if they bought the rank or not.
OT END:
Yeah - again, sorry for going on tangents but it does interest me!