WarLord

I will follow your Youtube videos. Thanks man! I am currently training for Web Application Pentesting and could use the videos above. Would you have the videos in MP4 format or do should I just download from Youtube? I like to have them offline also.

https://mytorrents.org/Pentester+academy

Am intrebat pentru ca citeam articole, in care s-a luat interviu de la resurse umane si manageri din Romania, si parerea lor a fost ca numa' proiectele de rahat ajung in Romania; adica alea pe care cei din strainatate nu vor sa le faca ca-s sub nivelul lor, si le trimit afara, gen outsourcing. Chiar eram curios de salar! Poate cei care cunoasteti salarile din Romania, in InfoSec, puteti sa postati cerintele pentru jobu' vostru, avand in vedere ca stiti salariile luate. Daca ne lasa admini' sa ne intindem mai mult pe threadu' asta, poate vorbim despre ce situatii ati intalnit. Probleme pe tema de InfoSec in Romania, se cauta CISSP, CEH, OSCP, etc.

Asa ca tot ziceai ca se castiga bine in InfoSec (si sper ca vorbeai de Romania), cam cat se castiga in Romania in InfoSec?

Asta inseamna locuri de munca...pentru doritori !

Step 1) Start reading! There are some go-to books that you can buy to help you learn the basics and essentials of penetration testing and bug hunting. Since bug bounties often include website targets, we’ll focus on getting you started with Web Hacking and later we’ll branch out. Note -> It's very important to focus on an area of hacking that is interesting & exciting to you. Focus on that one area and pick up new things as you go, but don’t try to be the “ultimate hacker” and learn everything. The greatest hackers on Bugcrowd have specialities and areas of interest, but they don’t know how to hack everything. Hacking is a lifelong journey of learning. Your two go-to books are the following: The Web Application Hacker’s Handbook256 This is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits. OWASP Testing Guide v4968 Highly suggested by Bugcrowd’s Jason Haddix For further reading: Penetration Testing102 The Hacker Playbook 2: Practical Guide to Penetration Testing75 And for our Mobile hacking friends: The Mobile Application Hacker’s Handbook50 iOS Application Security27 Step 2) Practice what you’re learning! While you’re learning it’s important to make sure that you’re also understanding and retaining what you learn. Practicing on vulnerable applications and systems is a great way to test your skills in simulated environments. These will give you an idea of what you’ll run up against in the real world. Hacksplaining1.1k This is a great site to learn a bit more about various web hacking techniques and how they’re done. It’s actually more of a practical walk-through. Super useful! Penetration Testing Practice Labs911 This site has a massive list of practice apps and systems for several hacking scenarios. Use this list to find new testing labs and sites to practice your skills. Step 3) Read tech write-ups and POCs (Proof of Concepts) from other hackers and watch tutorials on YouTube! Now that you’ve got a baseline understanding of how to find and exploit security vulnerabilities, it’s time to start checking out what other hackers are finding in the wild. Luckily the security community is quite generous with sharing knowledge and we’ve collected a list of write-ups & tutorials: Bug Bounty write-ups and POCs Collection of bug reports from successful bug bounty hunters. Bug Hunting Tutorials Our collection of great tutorials from the Bugcrowd community and beyond. /r/Netsec on Reddit236 Netsec on Reddit is almost exclusively tech writeups and POCs from other researchers. A fantastic resource. JackkTutorials on YouTube330 Jackk has created many tutorials that walk you through CSRF, XSS, SQL Injection, Target Discovery and much more. DEFCON Conference videos on YouTube118 Watch all of the talks from DEFCON over the years. Very useful resource. Hak5 on YouTube112 Hak5 typically focuses on hardware hacking, but in addition to that they also have the ‘Metasploit Minute’ show, HakTip: NMap and much more. Awesome-Infosec189 This is a curated list of helpful security resources that covers many different topics and areas. Step 3-A) Gather your arsenal of tools Tools don’t make the hacker, but they’re certainly helpful! Bugcrowd has curated an extensive list of tools that you can add to your bag of tricks: Bugcrowd Researcher Resources - Tools Step 4) Join the community! You’re joining a global community of over 29,000 hackers. Luckily many of these hackers are happy to share their knowledge with a fellow polite & curious researcher. Follow White-Hat Hackers on Twitter269 A list of bug bounty hunters that you should be following. Join the #Bugcrowd IRC channel103 to talk to over 100 security researchers Follow @Bugcrowd on Twitter62 to keep up with the latest infosec news Join the Bugcrowd Forum57 for more resources & to chat with other researchers Step 5) Start learning about bug bounties Okay, now you’re at the point where it’s almost time to start hunting for bounties. But first, let’s learn how bug bounties work and how to get started, just to make sure we maximize our chances of success. How to approach a target Advice from other bug hunters that will help you find more success when approaching a bug bounty. How to write a Great Vulnerability Report100 This will walk you through how to write a great vulnerability report. The better your report, the higher chance you will get a bounty! How to write a Proof of Concept65 Proof of Concepts show the customer how your bug is exploited and that it works. This is crucial to being rewarded successfully. How to Report a Bug51 Our walkthrough for reporting a bug via the Bugcrowd platform. Bug Bounty Disclosure Policy46 These are the rules of the road. It’s very important that you understand the bounty program’s bounty brief and disclosure policy. Read the Bounty Hunter's Methodology This is a presentation that @jhaddix gave at DEFCON last year and it's a super useful look at how successful bounty hunters find bugs. Check out the Github and watch the video88. How To Shot Web - Jason Haddix's talk from DEFCON23 Step 6) Get hacking! It’s time to start hacking! When you’re new and getting started, it’s probably best not to try hacking the most popular bug bounties out there. Trying to hack Tesla Motors, Facebook, Pinterest and others will likely end in frustration for beginners, as those companies are very popular and are more secure because they receive many bug reports. Go for the Kudos only programs297 Instead, focus on bug bounties that have likely been overlooked by others. These are often bug bounties that don’t pay rewards but instead offer kudos points on Bugcrowd. These ‘kudos points only’ programs297 are a fantastic way to get started with bug bounties and to show your skills to Bugcrowd. After you’ve submitted some valid bugs to Bugcrowd, even if they’re kudos rewards only, you will likely start receiving invites to private bounty programs. The private bounty programs are invitation only and restricted to a small number of people, which means less competition and a higher likelihood of successfully finding a bug. Step 7) Always Be Learning & Networking Like we mentioned earlier, hacking is a lifelong journey of learning. This is what makes this field so exciting! There are always new articles and presentations to learn from, interesting people to meet at conferences or local meetups, and new opportunities to pursue. Bug bounties are a fantastic way to enter the InfoSec community and build your career. Use bug bounties as a way to make extra money, improve your skills, meet new people, and even build out your resume. Remember, always act professional and treat people well. This is a small community and we like to take care of each other - you never know who you might meet!

Downloadu merge, dar nu le poti decripta!

Eventual companiile straine trec printr-o criza de a gasi "sclavi" pentru muncile lor, ca defapt asta ii Romania, o piata de desfacere de produse ieftine de calitate inferioara, si o piata a muncii pentru companiile care cauta forta de munca cat mai ieftina, ca sa isi reduca costurile, si sa isi urce profiturile, gen outsourcing. De fapt, asa se plang toti angajatorii romani, ca nu mai gasesc oameni pe care sa ii angajeze. Am citit cazuri de la brutarii, pana la IT, parca si ceva in domeniul cercetarilor! Poate cei care lucrati in Romania pe la Bucale, Cluj, etc, poate da-ti si exemple concrete si reale de la locul vostru de munca.

SecureWorks - Penetration Tester Sr./Principal - UK/EU Remote (de pe forumurile lui OffSec) SecureWorks - Penetration Tester Sr./Principal Location: Remote Based - UK preferred (EU considered) Schedule: Full-time SecureWorks is looking to hire a number of consultants to join their growing penetration team in the UK (EU location considered). The Penetration Testing Consultant supports the Security and Risk Consulting, Technical Testing team, by applying information security threat intelligence to identify and exploit vulnerabilities within our clients’ environments. A successful candidate will have experience in goal-based network/infrastructure penetration testing and post-exploit, and not only have experience in vulnerability/web scanning tools as penetration testing. Required area of focus: - Network penetration testing Additional desired areas of focus, one or more of the following: - Web application testing; Wireless penetration testing; Mobile application testing; Social engineering; Physical security; Red Teaming Role Responsibilities: - Conduct goal-based penetration testing and document findings for client remediation in the form of briefings and reports - Maintain working knowledge of advanced threat actor tactics, techniques and procedures, and emulate that TTP to assess vulnerability and risk - Perform proactive research to identify and understand new threats, vulnerabilities, and exploits - Document and present new testing techniques to internal and external teams - Manage testing engagements as the project lead, including coordinating multi-consultant engagement teams - Candidates must be located in Europe and willing to travel domestically and internationally up to 50%. We promote the use of a remote testing appliance to help reduce the amount of travel. Benefits: - Training: Generous, dedicated budget per person, which allows you to attend most training courses available on the market. - InfoSec community: SecureWorks’ employees and SecureWorks as a company want to be involved in the InfoSec community, and as such promote attendance to conferences. Just this year, our UK team attends Bsides London, Bsides Manchester, BlackHat/DefCon Las Vegas, 44CON and DerbyCon. Furthermore, financial incentives are in place to promote speaking to conferences or teaching classes. - WFH: This is a remote office position, so we want you to be comfortable. We provide a budget to get a decent chair, desk and any office supplies you require, along with two 24" monitors, keyboard, mouse and docking station (Dell equipment) to avoid bending over a small laptop screen. Requirements: - If you are reading this post, you are an OSCP holder and therefore likely have the technical skills we are looking for. You will join a global team of many OSCP holders (as it’s a job requirement to possess OSCP by the end of this year) to discuss your next attack vector. - 5+ years of total professional experience in information security or related field - 2+ years of experience performing or leading technical testing engagements/projects - Strong time management skills, self-directed, with the ability to meet verbal and written deadlines. - Strong technical communication skills, both written and verbal, with the ability to explain technical security concepts to executive stakeholders in business language. Certifications: - Required certifications must include one of the following: CHECK Team Member (CTM) or CHECK Team Lead (CTL); CREST Registered Tester (CRT) or Crest Certified Tester (CCT); TIGER Qualified Security Tester (QSTM); CREST Certified Simulated Attack Specialist (CCSAS); CREST Certified Simulated Attack Manager (CCSAM) - Required clearances: SC or DV with no restrictions - Desired certifications: OSCP; OSCE; GPEN; GWAPT; GXPN http://dell.referrals.selectminds.com/jobs/principal-consultant-penetration-testing-secureworks-90603?et=1U1rtRHJt

https://securityreactions.tumblr.com/

Done!? Cum?

I googled it and found it on several webpages. Here is one of them: http://uploaded.net/file/kwfpwc5s

Apar cam multe firme din astea de training in ultima vreme; se vede ca s-a inmultit cunostinta in lumea asta. Acuma toti ar profita de pe training-urile astea. Daca duci o hartie de la firma aia, tu crezi ca HR-u stie de firma aia? Mai greu! Si eu lucrez in IT. L-au concediat pe colegul dupa anul trecut, si am ramas numai eu. Am 3 din 4 siteuri/locatii pentru IT support, pana la sfarsitul lunii inchid din motive economice o locatie. Cand ii nevoie ori sunt la o locatie ori la alta. Nu prea stau dupa program, dar weekendul asta am proiect: Vineri, Sambata, Duminica sunt la firma, daca trebuie si peste noapte. Daca mai apare ceva in cursul anului, si trebuie sa fiu aici in weekend, asta e, ca doar is pe salar, si asta da oportunitate angajatorului sa abuzeze si sa te tina daca ii nevoie peste 40 de ore. Cred ca ii vorba si de firma unde nimeresti. Colegul meu lucra serile la servici, eu plecam dupa ora inchiderii, si acuma isi cauta loc de munca. Ori traiesti pentru a munci, ori muncesti pentru a trai; ceva tot trebuie sa muncesti, asa ca orice muncesti, trebuie sa iubesti!

Pentru cei interesati, cititi carti, sau vreti sa va imbogatiti biblioteca digitala: https://doc.lagout.ovh/

Pai daca ii foame de bani, cum sa nu se bage. Ii antreneaza si sponsorizeaza companiile straine, si ei nu se multumesc cu 8 ore si bani de rahat, si creaza cursuri si carti. Udemy ii plin de ei. Macar se baga, desi multa informatie ii repetata, macar isi lasa amprenta pe ceva. Cand merg la interviuri pentru pentesting, si ii intreaba angajatorul despre realizarile lor, si isi arata proiectele lor, sunt angajati mai usor, decat unu' care nu a facut nimic. Asa ca aviz celor care nu au experienta in domeniu, dar vor totusi sa aiba ceva "la activ", bagati-va pe carti si cursuri. Lucrati la un curs in ceva, o singura data, si vindeti produsu' de 100+ ori. E cea mai buna metoda de a face bani, mai ales daca ai produs bun, si investitia nu e decat timpul si cunostintele/expertiza voastra. Spor la treaba.

https://www.1and1.com/server-dedicated-tariff Am avut site-uri cu ei, dar nu servere dedicate. Nu am avut niciodata probleme cu site-urile sau emailurile si ii folosesc de vreo 7 ani.

Du-te tu pe udemy si spune-mi ce vrei, si iti spun daca il am sau nu.

Decryption key: !TSI7QEOaDqzx0rZdeYFGGkl_CijUPiE_2hrSntoeq0A https://mega.nz/#!6BRhQaRb

Revin cu uploadul la Advanced Ethical Hacking VTC.

Daca cautati ceva despre hacking, business, cold calling, cooking, electronics, how to..., microsoft, ccna, vmware 6, poate va pot ajuta eu. Nu va faceti prea mari sperante, dar puteti incerca oricum. Poate au facut si altii download.

Nu mai functioneaza metoda veche. S-a terminat cu downloadul. Vedeti ca mai sunt cate ceva pe torente. Sunt destule pe piratebay.

CCNA-ul expira in 3 ani. CCNP-ul in 2. Mai bine sa ai experienta, decat sa tot alergi dupa certificate. Eventual incepi cu CCNA/CCNP R&S, si apoi dai dupa Voice si Security. Si daca iti plateste cineva scoala, tot ii mult de lucru. Daca te bucuri sa ai job unde faci astea in fiecare zi, examenele sunt mai usoare. CCNA-ul nu si-a schimbat materialul pana in Octombrie 2014, si dupa aia au adaugat IPv6, dar materia tot la fel ii. CCNA-ul actual nu se va schimba cel putin vreo 5-10-15 ani, deci ai timp sa aprofundezi materia cu destula practica. Tehnologia trebuie sa se schimbe radical ca sa modifice chiar asa de mult OSI-ul lor. Pentru cei care se preocupa de asta, sa nu credeti ca sta acolo cineva, si tasteaza toate comenzile astea de la zero. Sunt deja templaturi gata facute pentru diferite situatii, unde numa' dai copy/paste si apoi modifici dupa nevoi. Daca vi se pare multa materie, impartit-o in bucati: "divide et impera". Spor la treaba.

Pentru cei interesati de niste training, inafara de Udemy si alte site-uri. Why does RouteHub exist? To make affordable, practical network training available to all network engineers How does RouteHub do this? The founder of RouteHub identified a need for practical training for network engineers. Prior to the inception of RouteHub, the only network training that was readily available focused on certifications. This type of training has value and its place, but he saw a need for training that would help network engineers quickly get a solution in place in real-life situations. He decided that the quickest way to provide this training to the most number of people possible would be to create training documents and videos, and distribute them over the internet. What is available? RouteHub provides practical training in areas such as: Core Network Services (Routing, Switching, IPv6, Multicast, QoS) Voice and Unified Communications Security (Firewall, VPN, UTM) Wireless Data Center (Virtualization, Tunneling) Small Business Starting Out Network Design Why RouteHub instead of other online Training Videos? Our training videos provide practical, real-world training, to help you devise and deploy solid networking solutions. We’re not here to help you answer a multiple-choice test. We’re here tell you what you need to do to get a network up and running, how to configure different technologies, and to help you really understand how it works. Who works at RouteHub? RouteHub was founded by Michel Thomatis, a network engineer with 15 years of experience. He has worked for several companies over the years, developing network solutions to meet the needs of the businesses. Over the years, Michel found that he really enjoyed teaching people interesting in networking how it all works, and decided to do that full time. He is committed to providing you the training you need to be a successful network engineer. http://routehub.net/training/ Spor la invatat!

Eu iau cam tot ce ii legat de hacking, cursuri pentru facultati si afaceri. Ar fi misto sa o punem de un database cu toate cursurile.