[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
i work as a security consultant (computer hacker)
Images are sometimes not shown due to bandwidth/network limitations. Refreshing the page usually helps.

You are currently reading a thread in /g/ - Technology

Thread replies: 113
Thread images: 10
File: hacker computer.jpg (56 KB, 400x355) Image search: [iqdb] [SauceNao] [Google]
hacker computer.jpg
56 KB, 400x355
i work as a security consultant (computer hacker)

ask me anything
File: gm que.jpg (227 KB, 1491x599) Image search: [iqdb] [SauceNao] [Google]
gm que.jpg
227 KB, 1491x599

Best resources to learn the craft?
read about and understand the owasp top 10

practice those vulns using webgoat
How much Perl do you know?
none, although i use regexes very often

if i have to write a tool i either use python or F#
>doesn't know perl

We are done here.
Thread is dead, everyone fuck off
perl is only good for write once code

if you have to write a script to make a tool work then youre going to want to be able to change it later. perl sucks ass at that

i will admit that all the ciphertext-analysis programs ive written are perl
What exactly do you do? What's work like?

I'm interested in changing careers right now and I like getting into the nitty gritty low level stuff (but not to the point of actual hardware) and security sounds like the best field for that. But how's the job market, and I assume a CS degree is required to even be considered, right?
I have an EE degree - from what I can tell they care more about skills than credentials.

there's manual hacks and code reviews.
manual hacks are hacking mobile apps/websites in whatever way you can. my company provides me a shitlist of the most common that I have to be sure to look for - beyond that it's up to me how I decide to attack the app. After that is the report writing which is boring but is only 20-30% of time spent on it.

code reviews are like manual hacks except you can actually call out all their shitty crypto and authentication schemes. it's hard to analyze those things through a manual hack alone.

everything i work with is either mobile or webapp - i dont know anything about embedded security, sorry.

the market is amazing - at the owasp meetup i go to at the end of the meeting they ask if anyone is looking for a job because everyone is always hiring.
also if we don't have a job going on, everyone's job is just to learn more about security. they're okay with you cracking open a book or reading 2600 or something as long as it has to do with security and you are learning
how much do you get paid? how do you get into the field as a cs grad fresh out of college
>A hacker is someone who enjoys playful cleverness—not necessarily with computers. The programmers in the old MIT free software community of the 60s and 70s referred to themselves as hackers. Around 1980, journalists who discovered the hacker community mistakenly took the term to mean “security breaker.”

>Please don't spread this mistake. People who break security are “crackers.”

In June 2000, while visiting Korea, I did a fun hack that clearly illustrates the original and true meaning of the word "hacker".
I went to lunch with some GNU fans, and was sitting down to eat some tteokpaekki (*), when a waitress set down six chopsticks right in front of me. It occurred to me that perhaps these were meant for three people, but it was more amusing to imagine that I was supposed to use all six. I did not know any way to do that, so I realized that if I could come up with a way, it would be a hack. I started thinking. After a few seconds I had an idea.

First I used my left hand to put three chopsticks into my right hand. That was not so hard, though I had to figure out where to put them so that I could control them individually. Then I used my right hand to put the other three chopsticks into my left hand. That was hard, since I had to keep the three chopsticks already in my right hand from falling out. After a couple of tries I got it done.

Then I had to figure out how to use the six chopsticks. That was harder. I did not manage well with the left hand, but I succeeded in manipulating all three in the right hand. After a couple of minutes of practice and adjustment, I managed to pick up a piece of food using three sticks converging on it from three different directions, and put it in my mouth.
Speaking of computer security, we really need to make a page for it on the /g/ wiki.
It didn't become easy—for practical purposes, using two chopsticks is completely superior. But precisely because using three in one hand is hard and ordinarily never thought of, it has "hack value", as my lunch companions immediately recognized. Playfully doing something difficult, whether useful or not, that is hacking.

I later told the Korea story to a friend in Boston, who proceded to put four chopsticks in one hand and use them as two pairs—picking up two different pieces of food at once, one with each pair. He had topped my hack. Was his action, too, a hack? I think so. Is he therefore a hacker? That depends on how much he likes to hack.

The hacking community developed at MIT and some other universities in the 1960s and 1970s. Hacking included a wide range of activities, from writing software, to practical jokes, to exploring the roofs and tunnels of the MIT campus. Other activities, performed far from MIT and far from computers, also fit hackers' idea of what hacking means: for instance, I think the controversial 1950s "musical piece" by John Cage, 4'33" (****), is more of a hack than a musical composition. The palindromic three-part piece written by Guillaume de Machaut in the 1300s, "Ma Fin Est Mon Commencement", was also a good hack, even better because it also sounds good as music. Puck appreciated hack value.

It is hard to write a simple definition of something as varied as hacking, but I think what these activities have in common is playfulness, cleverness, and exploration. Thus, hacking means exploring the limits of what is possible, in a spirit of playful cleverness. Activities that display playful cleverness have "hack value".
nice copy pasta
Hackers typically had little respect for the silly rules that administrators like to impose, so they looked for ways around. For instance, when computers at MIT started to have "security" (that is, restrictions on what users could do), some hackers found clever ways to bypass the security, partly so they could use the computers freely, and partly just for the sake of cleverness (hacking does not need to be useful). However, only some hackers did this—many were occupied with other kinds of cleverness, such as placing some amusing object on top of MIT's great dome (**), finding a way to do a certain computation with only 5 instructions when the shortest known program required 6, writing a program to print numbers in roman numerals, or writing a program to understand questions in English.

Meanwhile, another group of hackers at MIT found a different solution to the problem of computer security: they designed the Incompatible Timesharing System without security "features". In the hacker's paradise, the glory days of the Artificial Intelligence Lab, there was no security breaking, because there was no security to break. It was there, in that environment, that I learned to be a hacker, though I had shown the inclination previously. We had plenty of other domains in which to be playfully clever, without building artificial security obstacles which then had to be overcome.

Yet when I say I am a hacker, people often think I am making a naughty admission, presenting myself specifically as a security breaker. How did this confusion develop?

Around 1980, when the news media took notice of hackers, they fixated on one narrow aspect of real hacking: the security breaking which some hackers occasionally did. They ignored all the rest of hacking, and took the term to mean breaking security, no more and no less.
The media have since spread that definition, disregarding our attempts to correct them. As a result, most people have a mistaken idea of what we hackers actually do and what we think.

You can help correct the misunderstanding simply by making a distinction between security breaking and hacking—by using the term "cracking" for security breaking. The people who do it are "crackers" (***). Some of them may also be hackers, just as some of them may be chess players or golfers; most of them are not.
Where can one buy black market infosec information like email lists?

What are some good bulletproof anonymous servers?
I can't code, but you sound like the real deal, why the hell are you wasting your time with a bunch of wannabes on 4chan right now?
What does that actually mean to you?

Describe SOP of a normal engagement.
Got to bed Andy.
What is the coolest piece of shellcode you've written?
What are they (the company hiring you) looking for when the put you on the job? Try to get the same job as you in a bank but have no idea what they'll ask or how to approach them
What certifications is everyone looking for right now?
is CISSP worth it?
File: 1249432104976.jpg (89 KB, 800x600) Image search: [iqdb] [SauceNao] [Google]
89 KB, 800x600
Ladies and gentlemen we have a web "hacker" here. He probably uses Acunetix and Nessus before calling it a day. Pleb.
File: 1402154909143.jpg (90 KB, 720x688) Image search: [iqdb] [SauceNao] [Google]
90 KB, 720x688
i am back, thought thread died

when i was intern i got paid 24/hr

now i get 80k/y usd

hacker has been used to describe computer crackers since before stallman was born

somewhere on tor. try to find some black hat seo people

because i love 4chan and will never stop love reading retarded posts on /g/

i will use website for example
-conference call with client and establish scope of testing. get some overview data on the website such as what techs it uses and get a few accounts setup for it. MOST IMPORTANT: find out if theyre having you test a production server or test server
-start hacking
--map out website with a proxy like burp or zap
--check for owasp top 10
--see if i can get shell on their webserver
--rip their website source code if i got shell
--pentest the source code if applicable

theres a lot to it; most manual hacks take about a week to do then 3 days for the report
i found out about them through a posting on /r/netsec
i did not have insider help

i dont have it anymore, but im gonna use a sql example. on microsoft sql servers theres a command called xp_exec that lets you do exactly the fuck you think it does. most new microsoft sql versions have this turned off by default - but you can turn it back on without ANY elevated privs. I turned it back on, ran xp_exec and added my own user account with admin access (their app was run as admin), and set up remote desktop and got onto their server through that

2600 retard detected

experience and proven knowledge is more important than certs

yeah everyone knows the best place is hackforums;; thats the best learning resource!!!
here are some other good resources i recommend

2600 magazine:

/r/netsec hurr reddit

also do any capture-the-flag challenges you can find. matasano's microcorruption, the stripe challenges, and the defcon qualifiers will all get you into the right mindset
so if i graduate with a cs degree spring2015, whats the best way to get a job?

will have a networking and sysadmin/security classes, the latter is not part of the cs program that i am taking as an elective (only sec class available)
also, if i torrent a SHIT TON, would that ever prevent me from getting a job with a company?
is open RSA encryption secure?
What laptop do you use and what os on it?
Talk to counselor
My sister just got a mac book how easy would it be to use metasploit to fuck with her?

get knowledged:
a baseline competency at my company involves absolute fresh people knowing the following
-knowing how to identify and exploit owasp top 10 (seriously these are fucking everywhere)
-being familiar with the different kinds of crypto (symmetric/asymmetric), cipher modes, and weak crypto schemes (and why theyre weak)
-knowledge of networking stuff like:
--how ipv4 works
--how dhcp works
--how tcp works
--http protocol
-----ie: what is the difference between http post and http get?

also you should probably know how to program


work laptop is a special dell setup that doesnt have a model number
--some fucking intel cpu that wont tell me its id
--16gb ram
--some fancy ass nvidia embedded gpu
--500gb ssd

home laptop is a thinkpad. if someone is going to try to attack your hardware youre fucked anyway imo

use 4096 bit rsa keys. don't trust elliptic curves yet - the math behind them is way too new

nobody cares that you torrent cartoon porn
As a programmer I think it's fascinating how you can do this. If I were to give you my IP address, do you think you'd be able to SSH into my server?
depends on router:

if youre using a normal shitty ipv4 home router you can kill her internet connection whenever you want

if your router is actually a hub (google it) then you can probably MITM all her traffic and modify pages as you please

you wont be able to attack her macbook directly unless it had some outdated software on it, had a vulnerable app running on it, or had a 0day
only if your password was a joke or if you were running outdated programs that had network access

someone could get past all that with 0days but people dont just blow those for no reason
What ThinkPad and OS

99% of hacking is because some retard did something really retarded. if you're even semi-conscious of security then youre probably immune from a vast majority of hackers out there

heres an example of what i usually deal with on a daily basis:
--ruby on rails app
--log in as standard user
--go to settings page
--change it to id=1
--admin's settings page shows up and i can edit it
--go back to home page
--mfw im logged in as admin because i visited admins settings page
Are you fucking serious? You deserve it if you're that stupid.
Trying to figure out what Thinkpad to get for CS class.
t440 - just got it a few months ago

windows 7 as installed os (bear with me)

almost all of my work is done through virtual machines - the host OS isnt used for literally anything

when i tried it out the t440 with linux i found the visualization to be much slower than with windows. i dont know why but since i dont care about defense im more than happy to use something like windows

ask someone else for recommendations - i almost never use my home laptop so im not really at privilege to recommend it
yes, thats probably the most extreme example i have off the top of my head.

regardless, if every web programmer at least knew about SQL injection, XSS, and CSRF, that would probably reduce the number of vulnerable sites by 80%. thats how common they are.
The real question is how do you get security experience when you're starting out? Or do they look for experience with other things that relate back to security? I'm just fishing for examples.
How often do you come across vulnerable PHP sites?
What's the most common vulnerability in older PHP sites?
this is what im trying to figure out, looked at the r/netsec job postings and everything is crazy as fuck
ive read over how they interview new people. they ask you in what ways youve taken security into consideration when you worked at company x or designed application y.

before this job, virtually all of my experience was with webgoat and capture-the-flag competitions

almost never. the big clients who we get most of our contracts from dont use php at all.

the biggest vuln in php (and most langs/frameworks) is not decoupling input from storage from output

dont put this in a fucking sql query:

when you receive _any_ kind of input from a user whether it be http post url, text fields, cc numbers, dropdown menu selections, you need to consider that data to be malicious. all input data should be sanitized so that you are absolutely sure that the data you put in your database isnt malicious..

when data is retrieved from your database, you sanitize it AGAIN to prevent malicious data from being sent to other users - you dont want an attacker to use your database to reflect attacks onto others

seriously if you just go through webgoat and have a good idea of how to do most of the exploits it talks about then you're golden for an entry position. webgoat is buggy as fuck so sometimes the way to proceed wont make sense so dont feel shame in googling
when sanitizing data, try your best to use whitelists, not blacklists. use google to find good regexes for what you need. owasp is a prime source.

oh and if you use regexes be sure to set a timeout on how long theyre able to run so someone doesnt try to DOS you with regex bombs

brb like 15m
bump, I'm working on something in php at the moment, and I already know about what you said, but thanks.
File: 10020_L.jpg (53 KB, 600x600) Image search: [iqdb] [SauceNao] [Google]
53 KB, 600x600
How do I become one? What certs do I need?

Working on CISSP and CEH.
He's already answered. Experience > certs.

also, >>42819715
Will very likely do my thesis about mobile and web application security. Any interesting developments lately? Any language I should focus on?
I know that you always have to stay on top of the latest in the world of security. What I want to know is how hard is it?

that was a vulnerability in server 2003 dude
thanks, im going to spend sometime on webgoat, idk that websec was such a big deal these days
yes and it still exists, it's just "disabled"

reading security subreddit; reading internal company mailing list; reading 2600

mobile security is a fucking joke - talking about how to secure sensitive data on mobile is always a crowd pleaser. the #1 solution right now is to use the user's 4 digit pin plus a hardware secret into pbkdf and encrypt with that - but it's still trivial to break it if you can brute force it with your own hardware. recent phones have tied the pbkdf input with a hardware secret so it's a bit harder to break now if you had to do it (i never have). no matter how good their crypto is, it will never save the user's data from a cold-boot attack either

if you want to focus on how bad security is then put a bunch of recently released web frameworks in a black bag and pick one at random - new stuff always has juicy exploits

another fun topic is webgl - boy i cant wait to run all that untrusted code in kernel mode!

if you want to focus on community unawareness, get a list of startups next time techcrunch does a startup fair and pentest each site. startup faggots are the worst security conscious people i have ever seen
Does your company hire physical security guys to, or only computer security? Have you ever done physical security or social engineering?
no problem - also webgoat will probably tell you you need to use a proxy. the one it recommends is terribly out of date. i suggest burp suite's free version
thx, your input is appreciated
my company does do physical security. it's usually called "red teaming". security people tend to love the physical side of things, the common mindset shared by virtually all sec people is a love of breaking things. my office keeps a set of community locks and lockpicks just for everyone to fuck around with.

ive never done red teaming/social engineering for work, but i have used it to get out of more than 1 ticket. most of the resources i have on this are internal, but you can probably find some good books on trust-building or reading body language on amazon
Defcon vs ShmooCon vs BlackHat

What's the real difference between them anyway? From what I can tell BlackHat tries to be more professional, while Defcon is closer to a big party. I have no idea about ShmooCon though.
ive never been to any of them, sorry

my probably-incorrect understanding is that blackhat has a bigger focus on workshops and professional networking, and defcon is more focused on the fun security fuckups and is a place for people to show off

i dont know anythingabout shmoocon either
can you post a list of recommended books on sec? or daily websites you use?

This will sound like a "marshviperX" question but,

where do people who talk about hacking hangout? IRC channels?

inb4 hack fourms
File: 1235340706737.gif (554 KB, 295x221) Image search: [iqdb] [SauceNao] [Google]
554 KB, 295x221
>reading 2600
lol learning what, how to crack wep?
How reaver works?
How some old fucking faggot started hacking on an apple II?
I'm a programmer who doesn't want to spend the rest of his life writing Microsoft Access database applications in C#. Where is a good place to start educating myself about pentesting?
also, so you just think webgoat + that top10, and just start applying for jobs?

im trying to think of books and other stuff i should be reading

do you know anyone who codes fuzzers at all?

also heres a good crypto overview: https://www.crypto101.io/ theyll be releasing the full book within a few months
owasp is the best source for generalist stuff. there are also exploits for individual frameworks/langs that you can get through google (your mileage may vary) or through dedicated sec books for those frameworks

i dont know of any security specific irc channels. the big crypto/sec channels on freenode are pretty trash as well. my hexchat is pretty much just weaboo shit on rizon right now

read the thread bruv.

the only time i use fuzzers is sql injection and xss attacks. people who have to audit custom protocols and file formats deal with them very often though

Are there any other good security communities?
also once you cover webgoat/top 10 in reasonable depth, almost all of the knowledge after that is specialized.

this isnt official but theres pretty much 4 fields of hacking
-native programs
-java/C# programs

each has different tricks and methodologies, choose one and google it to fuck. sometimes you get good results by just googling "network hacking technical". adding a technical keyword is important so you dont get skiddie shit

if you have no idea what to do next try to find an owasp/2600/security meetup in your area and do some serious networking

can you explain a little bit more about how you use VMs? you said that you use a host os to run the VM and i'm not sure what you do from there . . . do you run kali linux? or what?
believe it or not - reddit is probably your best resource for finding other hacking communities

/r/netsec has a very nice sidebar with links to other subreddits

i honestly dont know of any other sec communities other than that because they tend to hide themselves or dont publicly advertise very much. maybe try making a post asking about this on /r/asknetsec
i never used kali linux because i wanted to set up stuff on my own and had company resources to draw off of. since you're starting absolutely fresh and have no idea of what kinds of tools you need, you could use kali linux to help in that department. you should go through each tool kali provides and learn what it does, what it exploits, how it works, etc.

VMs are used to completely isolate anything that goes wrong during the auditing process. The last company i worked for had a community hard drive that had a few dozen VM images on it, each image with programs and such installed for different kinds of penetration tests. one for webapps, one for native, one for android, one for ios, etc.

basically you use the VM to separate your testing environment from your personal environment - like not accidentally autocompleting your credit card on a website youre pentesting. thanks firefox.
Where do you normally work from anyway? Is there just a company building that you go to do all your work from or is it more free allowing you to work from other places?
I have my OSCP and Network+ but am still in college, so I don't know how much weight it pulls. What certifications should I get?
If I put an ad on craigslist and say "hello I am [anon] and your computer may be at risk" and then make a report on their stuff after using Kali how much money could I make by "protecting" people's small business websites from being not targeted?
about half the company works remote (from home)

theres a few people who work remotely in a state that doesn't even have a company office. people who work remote are fun hating killjoys who give me shit for shitposting on the company security mailing list.

all the cool kids come in to work. we usually do shots on friday because yeah its friday. sometimes the girls in marketing buy ice cream and throw the office an ice cream party.

c-f the thread smartie pants. tldr: nobody cares about certs since theyre just rubberstamp bullshit that doesnt show that people are actually capable of pentesting. having "i hacked my friends bitcoin site" on your resume will carry infinitely more weight than a bunch of certs

depends on your presentation i guess. if youre charging them anything significant they may be able to hold you liable if you half assed the job though and they get hacked for real. in addition, most people are very scared of the idea of meeting a "hacker" in person. ive found thats its almost impossible to get people to meet up with me irl if i introduce myself as a hacker online, but people seem okay with it when i only use the H word when introducing myself in person. try to avoid using the word hacker as much as possible because it makes you look like a tool
cooool that makes a lot of sense

did you pick websec or did you just get that webgoat experience and thats the job you got hired for?

also, how long have you been doing this
How much do you get paid anon
How big of a problem are skiddies? I've heard they're the most common "hacker". If I wanted to protect my computer or websites, should I just look at the most common pentesting software are guard against that?
i had zero experience with webgoat but had experience with a cryptography CTF that matasano ran awhile back. i only picked websec because i saw the ad and thought "why not im probably not going to get a response from them anyways"

read thread

this covers 95% of all exploits:
-sql injection
-broken auth (see >>42819569
-attacking outdated software that has had vulns announced
-misconfiguration (admin panel is publicly viewable, etc)
-shitty admin passwords

if someone is targeting your website specifically, you will probably be fucked unless someone experienced has looked through it for you

So I should just say Internet Security Contractor or something like that and wear nice clothing to give and air of confidence if I meet them in person. Theoretically couldn't I do this all remotely and have them pay a different account not using my actual name? I have a pseudonym I use for different things.

P.S. how would I write a report or make it look relatively official?
if you want to be a SUPER HACKER then start thinking like one dofus

call up a security consulting company, tell them youre interested, sit through their elevator pitch, ask them for an example report

for extra social engineering points, set up your own website with company name/email to link them when they ask you who you represent
What is the proper way to report your findings to to to the company? I know you do a report, but what exactly goes into the report, do you present it?
i ask client if they want daily reports of business critical findings because youre probably gonna find some of those

report basically goes like this
-vulnerability name
-exploitability of vulnerability (how much shit does it reck)
-easy of exploitation of vulnerability (does it require a skiddie or a super hacker)
-explanation of how the vulnerability works and why it's dangerous
-explanation of how they can remedy and fix their shit
-screenshots as proof of their incompetence

CVSS score is a nice thing to include too

if youve ever done a big lab report just do it like that with a table of contents and shit and a summary

idk how well this would work for small businesses because they dont control the vulnerable code. theres not much you can pentest on some business's static wordpress site
Got any fun stories?
3 years ago there was a bank based out of certain second world country that did ACH transfers over its internal network in plaintext and unauthenticated. their network was connected by ethernet hubs so you could MITM any device on the network using ARP spoofing. it would have been trivial for an attacker to enter their network and start transferring large sums of money to external banks

the ruby story i posted earlier is pretty good too
What do you look for in a company to work for? Why did you join your current company instead of anyone else?
are you from peru?
it was late winter a few years ago and i saw a posting for interns at a sec company (this was during college)

i figured id put an app in just for the fuck of it without expecting much to come out of it

they were the only place out of the ones i applies for that actually gave me an interview - got in and did their summer internship program

i was very happy with the office culture and the work i was receiving as an intern was interesting, challenging, and even educational

when i graduated i accepted their fulltime offer and have worked there ever since

even if i was from peru i probably wouldnt confirm it to you
could you give us the name of your company since its pretty big?
Christ, were the people so poor and uneducated that the banks just thought "hey nobody will ever try to hack us anyways?"
no - the only thing ill say is that my company has a posting in that /r/netsec job thread

the security consulting industry is surprisingly small - there are only a few dozen companies i can think of in the entire industry that offer these kinds of services. there are many more jobs working the security shift for single companies

the worst part is how resistant they are to fixing these problems. I even remember bringing up the issue in my daily call with them and they tried to write it off as "no realistic attacker will ever have access to our internal systems". it took me a few days before i could actually convince them it was worth fixing
do you go to any sec conferences at all?
i go to local meetups of which there are plenty. i would need a visa to attend most conferences so it's not worth bothering with unless official business
There's so little security industry because most of the skilled people don't want to deal with the bullshit, bureaucracy, and idiocy of their employers/contractors. Like your short story about the bank.
yeah for sure - consulting is absolutely grueling work but it's nice not having to pentest the same site every day. i have a friend who does security at akamai and basically he just tosses his feet up and watches netflix all day waiting for something to do.
Ever been a mischievous bastard?
im a huge pussy so no

the closest ive ever gotten is doing passive scans on my school's website to see if i could spoof a professor's login
Log onto vendor demo site.

Look at page nice and really dont care.

Look at source. Oh hidden link. Turn on burp to reveal all hidden links and forms (usually only do this after I go through the app once for quick recon)

Vendor link to another vendor. Oh, login page to a monitoring service and #the full user/pass are in the url params#??

Could have restarted their dbs.
admit it, you were only able to hack them because they didnt have one of these gems on their landing page
File: explodingvan.gif (352 KB, 240x184) Image search: [iqdb] [SauceNao] [Google]
352 KB, 240x184
>80k a year

Entry level sec analysts make 10k more so I know you're full of shit.

Also hackforums? You sound 12.
Come back to gee in a few years and maybe you'll have some experience to back up your BS claims.
File: 1325381166551.png (120 KB, 550x375) Image search: [iqdb] [SauceNao] [Google]
120 KB, 550x375

looks like the threads over guys!
found a local sec company with job postings D:

i'm going to give them a call on monday, see if i can talk to them or pester them a bit
good luck - worst case scenario is they give you a long list of books to read before you're worthy of initiation but that's not too terrible
i still have 2 semesters of school left, that might not actually be a bad thing
File: 1395007011840.jpg (49 KB, 649x638) Image search: [iqdb] [SauceNao] [Google]
49 KB, 649x638
thx anon, your a cool guy

This is a lot to read holy shit
this guy is incredibly basic and outdated, yet he's making $80k/yr...
what is he missing and do you have resources for it?
Thread replies: 113
Thread images: 10
Thread DB ID: 3084

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at wtabusse@gmail.com with the post's information.