Go for it! Don't let your dreams be dreams! With a lot of hard work and dedication, you got this!

Thank you!

Glad it was helpful! Best of luck on your journey!

where can iget resourcesa / curriculum or list of material what i need to learn to become penetration/cybersecurity tester ?

Happy to hear that!

Glad it was helpful! Best of luck, you got this!

Glad it was helpful!

Yep, I watched it, and it was a fantastically detailed and level headed review in my opinion. Thanks for making this and your channel in general.

Thanks for these comments. Greatly appreciated!

Awesome, thank you!

Thanks!

Best of luck!

Glad it was helpful! Best of luck!

@@PinkDraconian thanks again i was successfull in passing end of 2023 my CPTS exam, thanks for content and overview of this exam helped me. \o/

@@JuanBotes Congratulations! What a feat! 🎉

Thank you! 😃 Where are you from?

Spain

What do you think about the PNPT?

Good to hear that I'm not the only one

It doesn't matter if HTB Academy is enough or not. You need the right skill to pass. For that, HTB Academy helps.

The course covers everything you need. Be sure to take great notes, because the exam is really hard. It definitely helps to put your course training into practice by taking the Dante prolab for example!

@@PinkDraconian thank you and appreciate the tips! Great content. Bravo!

Thanks for sharing! That's insane. Definitely do not pay for OSCP then! It's a waste of money!

Yes, definitely. The CPTS course was more than enough for me to pass OSCP without issues!

@@PinkDraconian Thanks!

My pleasure!

I always use GitBook

thank you for answer, you think is better than obsidian?@@PinkDraconian

Fully agree there. Hopefully the competition of the last couple of years will spark innovation!

Thank you!

I haven't done any binary exploitation in the last year, so I wouldn't know!

Yes, correct. The Dante lab is very similar, the exam is just harder. But Dante is great prep

​@@PinkDraconian Great then I've a lot of work before taking the exam then, thanks for the answer

@@vinnvi Best of luck! You got this!

Yes, CPTS is really really difficult. If I were you, I'd take the course, but not the exam

If you want to get into bug bounty, check out the CBBH exam!

How did the PNTP exam go? I'm currently studying for it.

@@galloe passed it

Go for it, with a lot of work, you'll make it!

Glad you like them!

That should 100% be plenty!

Thanks and best of luck! You got this!

Thank you! Cheers!

I haven't taken the Portswigger exam yet myself, but I've heard great things about it. I think that's the way to go

@@PinkDraconiancheers man appreciate it

I would definitely go for CPTS. If you pass CPTS and a company asks for OSCP, just tell them that you're happy to take OSCP in oyur first week on the job, as long as they sponsor it!

I think the CPTS course is definitely a great next step

Best of luck!

Hope I helped you make an informed decision. Let me know how it goes! That's very true. Although I think there are many ways of proving your value within 15 seconds: - CVEs on good projects - "Hacked Microsoft" (Bug bounty with cool companies) ...

I haven't completed Dante or Offshore, so I wouldn't know. I heard it's harder than Dante and easier than Offshore

@@PinkDraconian ahh sounds like it might be just at my level then! thanks for the reply

Haven't taken it. Should I?

@@PinkDraconian The cyber mentor's PNPT cert has very good feedback. Would love to know from you as you already have both CPTS and OSCP😀

That is an amazing deal indeed! I think that for CPTS the boxes won't really help too much. It's all about the networks and AD for me.

Exactly, amazing stuff!

Exactly. Also with Firewall vendors, they clearly only target businesses, whereas OSCP is needed to even get a job

I haven't yet done that one. Should I?

@@PinkDraconian I think so, it seemed pretty good. But I am no expert...

@@The_Dark_Cats but you are a certified bug bounty hunter!

It took me about 3 months to finish the course

Im 10 months in and i got 64%, but i have homework from school. It depends on your skill level that you start CPTS with but I it can be done in about 6 months💪

yah definitely it varies from person to person. However the most important thing is to study efficiently regardless of the time it takes @@Frenzaahh

​@@PinkDraconian Were you giving full time for the course? I'm starting the path, but I'm also doing a full time job with that. So I'm not sure how much time it'll take.

@@joelchristian4078 I did the entire course outside of work hours.

It's the penetration tester path on the academy

Yeah, I'm doing that rn. Do you think that is enough to pass oscp + tcm ethical hacking course and tj nulls list? Would you have any other recommendations?

Always! It's nice to interact with everyone!

That is awesome!

Congratulations 🎊 And Goodluck

If you can manage to study the academy daily and solve all weekly HTB machines, then within a year or two you'll be ready for a job tbh That's exactly what I did at least!

I subscribed to your channel. I like the way you communicate concepts, it’s very unique. Thanks for the great content

Haha exactly!

You should probably be comfortably doing easy boxes on HTB

Burp cert= hardest cert on Earth

​@chihoangcao6622 not if you wait for black Friday and take it multiple times in a row for $8/attempt 😂

Challenge accepted

wait today is Black Friday? @@AlecMaly

I totally agree with you. I never did any course to get where I'm at, I just played hundreds of CTFs, pwned 100s of boxes and did bug bounty and became a great hacker because of that. But I also acknowlegde that not everybody learns in the same way, so who knows, maybe there are people for whom such a course is incredibly valuable

Glad it was helpful! If you're able to get both, for sure go for it. I wouldn't pay for both out of pocket tho 😅

@@PinkDraconian Why wouldnt you pay for both out of pocket? The OSCP helps in landing a job, and the CTPS is cheap compared. I have the benefit of working at a college, so I get the Academy for 8 a month, after that the cert is only 200, so thats nothing compared to OSCP.

@@cyberlocc I personally find it not worth the money,but hey, that's just my personal opinion

Ma francais n'est pas tres bien 😅 Donc je vais continuer en anglais! I haven't taken the TCM academy courses myself, so I cannot say whether or not they're useful. I think they definitely hold value, but are in a space between OSCP and CPTS. OSCP is "easy(er)" and very very well regarded in the world. CPTS is very very difficult and doesn't have much recognition, but for the people that do know it, it holds a lot of value. As far as I see, the TCM courses lie somewhere in between where they are reasonable to complete and have some recognition.

Yea, I think your plan is very sound tho! Best of luck!

Not necessarily, any knowledge is a bonus tho

Exactly, fully agree!

Thanks!

Hahaha 😂

Never even heard of it 😅

What do you recommend for a purple team certification?

Thanks for responding.

Is possible for you to be a mentor to me. Someone to whom I can speak to when I’m faced with a challenge?

Best of luck! It's hard but very rewarding!

I cannot answer that question for you

When you complete the exam, it tells you how many other people have completed it. When I did the exam, it was only 70 other people.

I don't really have enough knowledge to give you input on that, sorry!

Thank you for watching and best of luck in your certification path!

I haven't done any yet. I think Dante is a bit easier than CPTS and Zephyr is the same level

Haha! I believe in you, you'll get those goals completed in no time!

I think that's a great way of approaching this!

Yea, that's what I hate about certs...

Yes.

Anything you do that's hacking related will help you. The academy is great

Love it. Great learning materials imo

@@PinkDraconian thanks for the response, looking to get into this field properly but so many places to start 😫 not sure if I wanna do a+ and all that or just immediately go to google cybersec course

@@sambrismo8981 Anything you do in the world of hacking benefits you. There's no right or wrong path, just a lot of hard work. If you put in the effort, you'll get there

Haven't done pnpt

That's very true

Haven't taken it. Do you recommend it?

The lab will be the same lab, so you can solve the things you already solved by doing them again

@@PinkDraconian i hope so ...again great video thanks a lot

When you get your certificate, it says which number you were

Nice , watting my reviews @@PinkDraconian

I think money talks and that's why they rush courses...

Thanks!

What's that?

@@PinkDraconian I bet you know it if you said on Twitter this is gonna be ur next cert :D

@@mateuszhaba2456 ah haha, never realised that's the acronym

@@PinkDraconian 😂

I'm comparing the CPTS exam vs the OSCP exam, not the OSCP exam vs HTB labs

Thank you!

I'll check it out! Maybe that can be my next cert

​@@PinkDraconianworking on CBBH and the port swigger exam now. Was the web aspect of CPTS difficult?

@@lukeempty3386 No the web aspect of CPTS was really basic

@@PinkDraconian wonder if the cbbh will be too. Heard the burpsuite practitioner is pretty tough. Would like to see more webapp certs You don't have a discord server right?

@@lukeempty3386 the CBBH is not very basic web aspect, its HTB version of OSWE. Its a Cert Based on Web Pentesting, both Offsec and HTB have certs dedicated to Web Pentesting thats why the CTPS and OSCP are basic in that area, because they have completely diffrent certs for that area.

These certificates are often compared, because they claim similar things

Hahaha, that's exactly how I feel as well

I already have 2 videos on Nuclei! - kzfaq.info/get/bejne/oMidebyqya-7iHk.html - kzfaq.info/get/bejne/m92AY9uHtb2RgJ8.html

No 😅

Right on the tee there 😅

That's a valid concern. I think it is quite susceptible to cheating, but I also think cheating the OSCP is trivial if you want to

@@PinkDraconian Yes I noticed that as while I was studying for it I had a few people ask me for my report when I completed my OSCP in the hopes they would get the same exam.

@@gimmegaming5345 I actually had the exact same exam as my colleague who did it a couple of months before me

@@PinkDraconian I don't work in a Pen testing field. I'm a principal security engineer so only did it for personal learning. Maybe I would have noticed this also if I knew anyone who completed it.

I would love to see some stats from Offsec on pass ratios

Yes you can, it's a great challenge!

I'm not sure about that

You do not need a piece of paper for work. You need skills for work. And this certificate is a piece of paper that should prove skills, which at this point, I don't think it adequately does. I know it is tough to hear, but if someone doesn't have the skills needed to get the OSCP certification, then I would not trust them with performing an adequate job on a penetration test. The things you find and don't find during a test can have great consequences for the development teams behind applications, and for the safety of everyone on the internet. We need to make sure that we keep quality high.

I can agree with you in the first part, because is just a piece of paper, but is a paper that companies want. But you are wrong about the last part, because not being able to hack 6 boxes in only 24 hours without any tools doesn't mean you cant be trusted or stupid. The OSCP is based on CTFs, unreal things like rabbit holes, texts hidden on photos and more. where in real life you can use any tools you want and will have the time to do your work. In the OSCP you are looking into an one way only entry. At the moment I'm doing a Web PT for a multinational client, in the first few hours I had a RCE(root), DOM xss, No Rate Limitations leading to Dos, Tokens for Shopify and more stuff. I had Pwned more than 5 different US Federal agencies, Atlassain, CVE for TP-Link, have gifts from Google themself for my work on their products, same goes for Bugcrowd, Pinterest, TripAdvisor, with more than 100 valid reports on companies that big where are not only being tested everyday by thousand of people but millions are spend to keep them secure. Pwned a few goverment servers, And I sound like someone that cant be trusted it because fail the oscp? I don't think so, I was able to do all this because these were a real PT. Where I could do whatever I wanted in days of work, testing applications/devices with real problems, not rabbit holes. What you will learn the most in the OSCP is PE that's all, and once you get that, you can PE on at least 95% of most clients servers. @@PinkDraconian

As I said in my video: There are many ways of getting the experience needed: CVE's, CTFs, Bug Bounty, ...; You clearly have the experience needed. My earlier statement was geared towards people who don't have the other stuff. I think OSCP is terrible, I don't like it at all, but we need to have a way of deciding who's skilled enough and who isn't. You clearly are skilled enough!

@@PinkDraconian Yes, now we are in the same page my bad I didn't put out my background first. But yeah are right and as you said people need a way to know who's valid.

I'm sorry, but that is definitely not the case. The OSCP exam is a beginner exam, so for a senior penetration tester like me, it was easy. I'd have been concerned with my skills if I didn't find it easy.

@@PinkDraconian senior pentester? How old are you ? Im very curious at what age did you start learning cybersec? P.S this is my first video from your channel It's very well done!

@@defkrogeldiz3197 Hi, I'm 23 years old. I started in cybersecurity at 16.

​@@PinkDraconianu landed your job at 16nive man

@@daljeetbhati8353 Haha no, that's when I started hacking, not working

So much easier. Like worlds of difference

@@PinkDraconian God, that's crazy.

Oh yes, my apologies!

Is it that bad? Well, I'm a hacker, not an audio engineer 😅

@@PinkDraconian well im also not a audio engineer neither am i a hacker🤫🫠 but just lower ur mic gain and should be fine or just put the mic further from ur mouth! Trust me btw lov the vids man

@@remy2885 Thanks, Ill give that a go 🙏

@@PinkDraconian cool btw could u do a vid on evilnginx2 or 3 whatever and also how to run it locally or like full demo!

@@remy2885 I'll look into it, just need to make sure I don't draw the attention of wannabe scammers.

Apparently I'm someone in infosec who calls it cybersecurity then 😅

No, people call it cybersecurity among other things