Poor Man Guide to Offensive Studies under RM100 strictly .MY
Disclaimer, this post is a personal view of the writer and the opinions here in no way reflect the opinions of my past, present, or future: clients, employers, or associates. Standard disclaimers apply.
So it's the end of 2022. The world have entered into the endemic stage and jobs are picking up and there's never ending testing in the IT Security Scene. Government can change, new tech stack and gizmos but one thing that won't change is the malice intended generated by the human brains.
For Noobies, it's quite challenging for them to enter the IT security world. The questions that I received is "where to start? Should I subscribe the O*S courses or the T*M courses or the C*H courses? .How much should i spend etcx3. I've started to play CTF and HTB boxes but why am I still suck after looking at those videos. "
When I perform interviewed directly even those who have cert they couldn`t explain what's the different between reverse, bind, rebind shell. And sure there's probably a lot of tools and writings over the net. Some are relevant but mostly not.
For example , if we talk about Metasploit itself, there's 420,000 videos on youtube. More then what a normal human being can consume in their lifetime.
But if you asked them how to tailor and utilize payload/generic/custom , they would probably say 'Huh?' in confusion.
But some are quite sincere , they wanted to start somewhere but the cost is astronomically high and the current state of application/network complexity is not a joke.
But hey, Malaysia is actually a very good country to kickstart your training/learning at a very cheap price. While corruption and terrible law enforcement are things that the world despises, we don't see that it will change soon, so you might as well utilize it. With corruption comes a great opportunity. P/S: Kicking the Ladder by Ha Joon Chang .
If you wanted to kickstart your AD k, cloud studies, instead of spending ***** USD, you could opt for...:
So you want to practice Real World Privilege Escalation, Session Hijacking, and other enterprise-level intrusions. Instead of spending **** USD, you could opt for..."
You EDR/AV Evasion works with Windows Defender but not other products? You could practice it for 10 years with :
Need a dedicated Linux box? No Problem:
So our untrusted and yet cheap spending is around: RM75.90 . You can spend the rest on Coke or Redbull. Worried about your health and mental state later.
Noted: I'm sure no company would endorse such practise , but this is good personal capex. And if things don't work out the way you want. You can always blame yourself for being cheap and not smart.