i work as a security consultant (computer hacker)
ask me anything
>>42815541
Best resources to learn the craft?
>>42815570
OWASP
read about and understand the owasp top 10
practice those vulns using webgoat
>>42815541
How much Perl do you know?
>>42815597
none, although i use regexes very often
if i have to write a tool i either use python or F#
>>42815620
>doesn't know perl
We are done here.
Thread is dead, everyone fuck off
>>42815640
perl is only good for write once code
if you have to write a script to make a tool work then youre going to want to be able to change it later. perl sucks ass at that
i will admit that all the ciphertext-analysis programs ive written are perl
What exactly do you do? What's work like?
I'm interested in changing careers right now and I like getting into the nitty gritty low level stuff (but not to the point of actual hardware) and security sounds like the best field for that. But how's the job market, and I assume a CS degree is required to even be considered, right?
>>42815675
I have an EE degree - from what I can tell they care more about skills than credentials.
there's manual hacks and code reviews.
manual hacks are hacking mobile apps/websites in whatever way you can. my company provides me a shitlist of the most common that I have to be sure to look for - beyond that it's up to me how I decide to attack the app. After that is the report writing which is boring but is only 20-30% of time spent on it.
code reviews are like manual hacks except you can actually call out all their shitty crypto and authentication schemes. it's hard to analyze those things through a manual hack alone.
everything i work with is either mobile or webapp - i dont know anything about embedded security, sorry.
the market is amazing - at the owasp meetup i go to at the end of the meeting they ask if anyone is looking for a job because everyone is always hiring.
>>42815764
also if we don't have a job going on, everyone's job is just to learn more about security. they're okay with you cracking open a book or reading 2600 or something as long as it has to do with security and you are learning
how much do you get paid? how do you get into the field as a cs grad fresh out of college
>https://www.gnu.org/philosophy/words-to-avoid.html#Hacker
>A hacker is someone who enjoys playful cleverness—not necessarily with computers. The programmers in the old MIT free software community of the 60s and 70s referred to themselves as hackers. Around 1980, journalists who discovered the hacker community mistakenly took the term to mean “security breaker.”
>Please don't spread this mistake. People who break security are “crackers.”
In June 2000, while visiting Korea, I did a fun hack that clearly illustrates the original and true meaning of the word "hacker".
I went to lunch with some GNU fans, and was sitting down to eat some tteokpaekki (*), when a waitress set down six chopsticks right in front of me. It occurred to me that perhaps these were meant for three people, but it was more amusing to imagine that I was supposed to use all six. I did not know any way to do that, so I realized that if I could come up with a way, it would be a hack. I started thinking. After a few seconds I had an idea.
First I used my left hand to put three chopsticks into my right hand. That was not so hard, though I had to figure out where to put them so that I could control them individually. Then I used my right hand to put the other three chopsticks into my left hand. That was hard, since I had to keep the three chopsticks already in my right hand from falling out. After a couple of tries I got it done.
Then I had to figure out how to use the six chopsticks. That was harder. I did not manage well with the left hand, but I succeeded in manipulating all three in the right hand. After a couple of minutes of practice and adjustment, I managed to pick up a piece of food using three sticks converging on it from three different directions, and put it in my mouth.
Speaking of computer security, we really need to make a page for it on the /g/ wiki.
>>42817794
It didn't become easy—for practical purposes, using two chopsticks is completely superior. But precisely because using three in one hand is hard and ordinarily never thought of, it has "hack value", as my lunch companions immediately recognized. Playfully doing something difficult, whether useful or not, that is hacking.
I later told the Korea story to a friend in Boston, who proceded to put four chopsticks in one hand and use them as two pairs—picking up two different pieces of food at once, one with each pair. He had topped my hack. Was his action, too, a hack? I think so. Is he therefore a hacker? That depends on how much he likes to hack.
The hacking community developed at MIT and some other universities in the 1960s and 1970s. Hacking included a wide range of activities, from writing software, to practical jokes, to exploring the roofs and tunnels of the MIT campus. Other activities, performed far from MIT and far from computers, also fit hackers' idea of what hacking means: for instance, I think the controversial 1950s "musical piece" by John Cage, 4'33" (****), is more of a hack than a musical composition. The palindromic three-part piece written by Guillaume de Machaut in the 1300s, "Ma Fin Est Mon Commencement", was also a good hack, even better because it also sounds good as music. Puck appreciated hack value.
It is hard to write a simple definition of something as varied as hacking, but I think what these activities have in common is playfulness, cleverness, and exploration. Thus, hacking means exploring the limits of what is possible, in a spirit of playful cleverness. Activities that display playful cleverness have "hack value".
>>42817794
nice copy pasta
>>42817822
Hackers typically had little respect for the silly rules that administrators like to impose, so they looked for ways around. For instance, when computers at MIT started to have "security" (that is, restrictions on what users could do), some hackers found clever ways to bypass the security, partly so they could use the computers freely, and partly just for the sake of cleverness (hacking does not need to be useful). However, only some hackers did this—many were occupied with other kinds of cleverness, such as placing some amusing object on top of MIT's great dome (**), finding a way to do a certain computation with only 5 instructions when the shortest known program required 6, writing a program to print numbers in roman numerals, or writing a program to understand questions in English.
Meanwhile, another group of hackers at MIT found a different solution to the problem of computer security: they designed the Incompatible Timesharing System without security "features". In the hacker's paradise, the glory days of the Artificial Intelligence Lab, there was no security breaking, because there was no security to break. It was there, in that environment, that I learned to be a hacker, though I had shown the inclination previously. We had plenty of other domains in which to be playfully clever, without building artificial security obstacles which then had to be overcome.
Yet when I say I am a hacker, people often think I am making a naughty admission, presenting myself specifically as a security breaker. How did this confusion develop?
Around 1980, when the news media took notice of hackers, they fixated on one narrow aspect of real hacking: the security breaking which some hackers occasionally did. They ignored all the rest of hacking, and took the term to mean breaking security, no more and no less.
>>42817839
The media have since spread that definition, disregarding our attempts to correct them. As a result, most people have a mistaken idea of what we hackers actually do and what we think.
You can help correct the misunderstanding simply by making a distinction between security breaking and hacking—by using the term "cracking" for security breaking. The people who do it are "crackers" (***). Some of them may also be hackers, just as some of them may be chess players or golfers; most of them are not.
Where can one buy black market infosec information like email lists?
What are some good bulletproof anonymous servers?
I can't code, but you sound like the real deal, why the hell are you wasting your time with a bunch of wannabes on 4chan right now?
>>42815541
What does that actually mean to you?
Describe SOP of a normal engagement.
Got to bed Andy.
>>42815541
What is the coolest piece of shellcode you've written?
What are they (the company hiring you) looking for when the put you on the job? Try to get the same job as you in a bank but have no idea what they'll ask or how to approach them
What certifications is everyone looking for right now?
is CISSP worth it?
>>42815581
>owasp
Ladies and gentlemen we have a web "hacker" here. He probably uses Acunetix and Nessus before calling it a day. Pleb.
i am back, thought thread died
>>42817715
when i was intern i got paid 24/hr
now i get 80k/y usd
>>42817794
hacker has been used to describe computer crackers since before stallman was born
>>42817855
somewhere on tor. try to find some black hat seo people
>>42817885
because i love 4chan and will never stop love reading retarded posts on /g/
>>42817921
i will use website for example
-conference call with client and establish scope of testing. get some overview data on the website such as what techs it uses and get a few accounts setup for it. MOST IMPORTANT: find out if theyre having you test a production server or test server
-start hacking
--map out website with a proxy like burp or zap
--check for owasp top 10
--see if i can get shell on their webserver
--rip their website source code if i got shell
--pentest the source code if applicable
theres a lot to it; most manual hacks take about a week to do then 3 days for the report
>>42817995
i found out about them through a posting on /r/netsec
i did not have insider help
>>42817947
i dont have it anymore, but im gonna use a sql example. on microsoft sql servers theres a command called xp_exec that lets you do exactly the fuck you think it does. most new microsoft sql versions have this turned off by default - but you can turn it back on without ANY elevated privs. I turned it back on, ran xp_exec and added my own user account with admin access (their app was run as admin), and set up remote desktop and got onto their server through that
>>42818117
2600 retard detected
>>42818107
>>42818093
experience and proven knowledge is more important than certs
>>42818117
yeah everyone knows the best place is hackforums;; thats the best learning resource!!!
here are some other good resources i recommend
2600 magazine:
http://www.2600.com/
/r/netsec hurr reddit
also do any capture-the-flag challenges you can find. matasano's microcorruption, the stripe challenges, and the defcon qualifiers will all get you into the right mindset
>>42819306
so if i graduate with a cs degree spring2015, whats the best way to get a job?
will have a networking and sysadmin/security classes, the latter is not part of the cs program that i am taking as an elective (only sec class available)
also, if i torrent a SHIT TON, would that ever prevent me from getting a job with a company?
is open RSA encryption secure?
What laptop do you use and what os on it?
>>42819397
Talk to counselor
>>42815541
My sister just got a mac book how easy would it be to use metasploit to fuck with her?
>>42819397
get knowledged:
a baseline competency at my company involves absolute fresh people knowing the following
-knowing how to identify and exploit owasp top 10 (seriously these are fucking everywhere)
-being familiar with the different kinds of crypto (symmetric/asymmetric), cipher modes, and weak crypto schemes (and why theyre weak)
-knowledge of networking stuff like:
--how ipv4 works
--how dhcp works
--how tcp works
--http protocol
-----ie: what is the difference between http post and http get?
also you should probably know how to program
http://www.reddit.com/r/netsec/comments/29kq7v/rnetsecs_q3_2014_information_security_hiring/
>>42819456
work laptop is a special dell setup that doesnt have a model number
--some fucking intel cpu that wont tell me its id
--16gb ram
--some fancy ass nvidia embedded gpu
--500gb ssd
home laptop is a thinkpad. if someone is going to try to attack your hardware youre fucked anyway imo
>>42819445
use 4096 bit rsa keys. don't trust elliptic curves yet - the math behind them is way too new
>>42819411
nobody cares that you torrent cartoon porn
>>42819266
As a programmer I think it's fascinating how you can do this. If I were to give you my IP address, do you think you'd be able to SSH into my server?
>>42819486
depends on router:
if youre using a normal shitty ipv4 home router you can kill her internet connection whenever you want
if your router is actually a hub (google it) then you can probably MITM all her traffic and modify pages as you please
you wont be able to attack her macbook directly unless it had some outdated software on it, had a vulnerable app running on it, or had a 0day
>>42819503
only if your password was a joke or if you were running outdated programs that had network access
someone could get past all that with 0days but people dont just blow those for no reason
>>42819487
What ThinkPad and OS
>>42819533
addendum:
99% of hacking is because some retard did something really retarded. if you're even semi-conscious of security then youre probably immune from a vast majority of hackers out there
heres an example of what i usually deal with on a daily basis:
--ruby on rails app
--log in as standard user
--go to settings page
--website.com/settings/?id=435352
--change it to id=1
--admin's settings page shows up and i can edit it
--go back to home page
--mfw im logged in as admin because i visited admins settings page
>>42819569
Are you fucking serious? You deserve it if you're that stupid.
>>42819487
Trying to figure out what Thinkpad to get for CS class.
>>42819557
t440 - just got it a few months ago
windows 7 as installed os (bear with me)
almost all of my work is done through virtual machines - the host OS isnt used for literally anything
when i tried it out the t440 with linux i found the visualization to be much slower than with windows. i dont know why but since i dont care about defense im more than happy to use something like windows
ask someone else for recommendations - i almost never use my home laptop so im not really at privilege to recommend it
>>42819585
yes, thats probably the most extreme example i have off the top of my head.
regardless, if every web programmer at least knew about SQL injection, XSS, and CSRF, that would probably reduce the number of vulnerable sites by 80%. thats how common they are.
The real question is how do you get security experience when you're starting out? Or do they look for experience with other things that relate back to security? I'm just fishing for examples.
>>42819631
How often do you come across vulnerable PHP sites?
What's the most common vulnerability in older PHP sites?
>>42819667
this is what im trying to figure out, looked at the r/netsec job postings and everything is crazy as fuck
>>42819667
ive read over how they interview new people. they ask you in what ways youve taken security into consideration when you worked at company x or designed application y.
before this job, virtually all of my experience was with webgoat and capture-the-flag competitions
>>42819679
almost never. the big clients who we get most of our contracts from dont use php at all.
the biggest vuln in php (and most langs/frameworks) is not decoupling input from storage from output
dont put this in a fucking sql query:$_GET['param'];
when you receive _any_ kind of input from a user whether it be http post url, text fields, cc numbers, dropdown menu selections, you need to consider that data to be malicious. all input data should be sanitized so that you are absolutely sure that the data you put in your database isnt malicious..
when data is retrieved from your database, you sanitize it AGAIN to prevent malicious data from being sent to other users - you dont want an attacker to use your database to reflect attacks onto others
>>42819707
seriously if you just go through webgoat and have a good idea of how to do most of the exploits it talks about then you're golden for an entry position. webgoat is buggy as fuck so sometimes the way to proceed wont make sense so dont feel shame in googling
>>42819715
when sanitizing data, try your best to use whitelists, not blacklists. use google to find good regexes for what you need. owasp is a prime source.
oh and if you use regexes be sure to set a timeout on how long theyre able to run so someone doesnt try to DOS you with regex bombs
brb like 15m
>>42819715
bump, I'm working on something in php at the moment, and I already know about what you said, but thanks.
>>42815541
How do I become one? What certs do I need?
Working on CISSP and CEH.
>>42819780
He's already answered. Experience > certs.
also, >>42819715
>>42815541
Will very likely do my thesis about mobile and web application security. Any interesting developments lately? Any language I should focus on?
I know that you always have to stay on top of the latest in the world of security. What I want to know is how hard is it?
>>42819306
>xp_exec
that was a vulnerability in server 2003 dude
>>42819715
thanks, im going to spend sometime on webgoat, idk that websec was such a big deal these days
>>42819823
yes and it still exists, it's just "disabled"
>>42819821
reading security subreddit; reading internal company mailing list; reading 2600
>>42819816
mobile security is a fucking joke - talking about how to secure sensitive data on mobile is always a crowd pleaser. the #1 solution right now is to use the user's 4 digit pin plus a hardware secret into pbkdf and encrypt with that - but it's still trivial to break it if you can brute force it with your own hardware. recent phones have tied the pbkdf input with a hardware secret so it's a bit harder to break now if you had to do it (i never have). no matter how good their crypto is, it will never save the user's data from a cold-boot attack either
if you want to focus on how bad security is then put a bunch of recently released web frameworks in a black bag and pick one at random - new stuff always has juicy exploits
another fun topic is webgl - boy i cant wait to run all that untrusted code in kernel mode!
if you want to focus on community unawareness, get a list of startups next time techcrunch does a startup fair and pentest each site. startup faggots are the worst security conscious people i have ever seen
Does your company hire physical security guys to, or only computer security? Have you ever done physical security or social engineering?
>>42819930
no problem - also webgoat will probably tell you you need to use a proxy. the one it recommends is terribly out of date. i suggest burp suite's free version
>>42819968
thx, your input is appreciated
>>42819999
my company does do physical security. it's usually called "red teaming". security people tend to love the physical side of things, the common mindset shared by virtually all sec people is a love of breaking things. my office keeps a set of community locks and lockpicks just for everyone to fuck around with.
ive never done red teaming/social engineering for work, but i have used it to get out of more than 1 ticket. most of the resources i have on this are internal, but you can probably find some good books on trust-building or reading body language on amazon
Defcon vs ShmooCon vs BlackHat
What's the real difference between them anyway? From what I can tell BlackHat tries to be more professional, while Defcon is closer to a big party. I have no idea about ShmooCon though.
>>42820041
ive never been to any of them, sorry
my probably-incorrect understanding is that blackhat has a bigger focus on workshops and professional networking, and defcon is more focused on the fun security fuckups and is a place for people to show off
i dont know anythingabout shmoocon either
>>42820001
can you post a list of recommended books on sec? or daily websites you use?
>>42815541
This will sound like a "marshviperX" question but,
where do people who talk about hacking hangout? IRC channels?
inb4 hack fourms
>>42815815
>reading 2600
lol learning what, how to crack wep?
How reaver works?
How some old fucking faggot started hacking on an apple II?
>>42815541
I'm a programmer who doesn't want to spend the rest of his life writing Microsoft Access database applications in C#. Where is a good place to start educating myself about pentesting?
also, so you just think webgoat + that top10, and just start applying for jobs?
im trying to think of books and other stuff i should be reading
do you know anyone who codes fuzzers at all?
>>42820075
>>42819968
also heres a good crypto overview: https://www.crypto101.io/ theyll be releasing the full book within a few months
owasp is the best source for generalist stuff. there are also exploits for individual frameworks/langs that you can get through google (your mileage may vary) or through dedicated sec books for those frameworks
>>42820092
i dont know of any security specific irc channels. the big crypto/sec channels on freenode are pretty trash as well. my hexchat is pretty much just weaboo shit on rizon right now
>>42820108
read the thread bruv.
>>42820124
the only time i use fuzzers is sql injection and xss attacks. people who have to audit custom protocols and file formats deal with them very often though
>>42820146
Are there any other good security communities?
>>42820124
also once you cover webgoat/top 10 in reasonable depth, almost all of the knowledge after that is specialized.
this isnt official but theres pretty much 4 fields of hacking
-network
-website
-native programs
-java/C# programs
each has different tricks and methodologies, choose one and google it to fuck. sometimes you get good results by just googling "network hacking technical". adding a technical keyword is important so you dont get skiddie shit
if you have no idea what to do next try to find an owasp/2600/security meetup in your area and do some serious networking
>>42820175
thanks!
can you explain a little bit more about how you use VMs? you said that you use a host os to run the VM and i'm not sure what you do from there . . . do you run kali linux? or what?
>>42820170
believe it or not - reddit is probably your best resource for finding other hacking communities
/r/netsec has a very nice sidebar with links to other subreddits
i honestly dont know of any other sec communities other than that because they tend to hide themselves or dont publicly advertise very much. maybe try making a post asking about this on /r/asknetsec
>>42820208
i never used kali linux because i wanted to set up stuff on my own and had company resources to draw off of. since you're starting absolutely fresh and have no idea of what kinds of tools you need, you could use kali linux to help in that department. you should go through each tool kali provides and learn what it does, what it exploits, how it works, etc.
VMs are used to completely isolate anything that goes wrong during the auditing process. The last company i worked for had a community hard drive that had a few dozen VM images on it, each image with programs and such installed for different kinds of penetration tests. one for webapps, one for native, one for android, one for ios, etc.
basically you use the VM to separate your testing environment from your personal environment - like not accidentally autocompleting your credit card on a website youre pentesting. thanks firefox.
Where do you normally work from anyway? Is there just a company building that you go to do all your work from or is it more free allowing you to work from other places?
I have my OSCP and Network+ but am still in college, so I don't know how much weight it pulls. What certifications should I get?
If I put an ad on craigslist and say "hello I am [anon] and your computer may be at risk" and then make a report on their stuff after using Kali how much money could I make by "protecting" people's small business websites from being not targeted?
>>42820296
about half the company works remote (from home)
theres a few people who work remotely in a state that doesn't even have a company office. people who work remote are fun hating killjoys who give me shit for shitposting on the company security mailing list.
all the cool kids come in to work. we usually do shots on friday because yeah its friday. sometimes the girls in marketing buy ice cream and throw the office an ice cream party.
>>42820305
c-f the thread smartie pants. tldr: nobody cares about certs since theyre just rubberstamp bullshit that doesnt show that people are actually capable of pentesting. having "i hacked my friends bitcoin site" on your resume will carry infinitely more weight than a bunch of certs
>>42820309
depends on your presentation i guess. if youre charging them anything significant they may be able to hold you liable if you half assed the job though and they get hacked for real. in addition, most people are very scared of the idea of meeting a "hacker" in person. ive found thats its almost impossible to get people to meet up with me irl if i introduce myself as a hacker online, but people seem okay with it when i only use the H word when introducing myself in person. try to avoid using the word hacker as much as possible because it makes you look like a tool
>>42820261
cooool that makes a lot of sense
did you pick websec or did you just get that webgoat experience and thats the job you got hired for?
also, how long have you been doing this
How much do you get paid anon
How big of a problem are skiddies? I've heard they're the most common "hacker". If I wanted to protect my computer or websites, should I just look at the most common pentesting software are guard against that?
>>42820348
i had zero experience with webgoat but had experience with a cryptography CTF that matasano ran awhile back. i only picked websec because i saw the ad and thought "why not im probably not going to get a response from them anyways"
>>42820349
read thread
>>42820351
this covers 95% of all exploits:
-sql injection
-xss
-csrf
-broken auth (see >>42819569
-attacking outdated software that has had vulns announced
-misconfiguration (admin panel is publicly viewable, etc)
-shitty admin passwords
if someone is targeting your website specifically, you will probably be fucked unless someone experienced has looked through it for you
>>42820343
>>42820343
So I should just say Internet Security Contractor or something like that and wear nice clothing to give and air of confidence if I meet them in person. Theoretically couldn't I do this all remotely and have them pay a different account not using my actual name? I have a pseudonym I use for different things.
P.S. how would I write a report or make it look relatively official?
>>42820418
if you want to be a SUPER HACKER then start thinking like one dofus
call up a security consulting company, tell them youre interested, sit through their elevator pitch, ask them for an example report
for extra social engineering points, set up your own website with company name/email to link them when they ask you who you represent
What is the proper way to report your findings to to to the company? I know you do a report, but what exactly goes into the report, do you present it?
>>42820451
i ask client if they want daily reports of business critical findings because youre probably gonna find some of those
report basically goes like this
-vulnerability name
-exploitability of vulnerability (how much shit does it reck)
-easy of exploitation of vulnerability (does it require a skiddie or a super hacker)
-explanation of how the vulnerability works and why it's dangerous
-explanation of how they can remedy and fix their shit
-screenshots as proof of their incompetence
CVSS score is a nice thing to include too
if youve ever done a big lab report just do it like that with a table of contents and shit and a summary
idk how well this would work for small businesses because they dont control the vulnerable code. theres not much you can pentest on some business's static wordpress site
Got any fun stories?
>>42820627
3 years ago there was a bank based out of certain second world country that did ACH transfers over its internal network in plaintext and unauthenticated. their network was connected by ethernet hubs so you could MITM any device on the network using ARP spoofing. it would have been trivial for an attacker to enter their network and start transferring large sums of money to external banks
the ruby story i posted earlier is pretty good too
What do you look for in a company to work for? Why did you join your current company instead of anyone else?
>>42819266
are you from peru?
>>42820800
it was late winter a few years ago and i saw a posting for interns at a sec company (this was during college)
i figured id put an app in just for the fuck of it without expecting much to come out of it
they were the only place out of the ones i applies for that actually gave me an interview - got in and did their summer internship program
i was very happy with the office culture and the work i was receiving as an intern was interesting, challenging, and even educational
when i graduated i accepted their fulltime offer and have worked there ever since
>>42820826
even if i was from peru i probably wouldnt confirm it to you
>>42820841
could you give us the name of your company since its pretty big?
>>42820649
Christ, were the people so poor and uneducated that the banks just thought "hey nobody will ever try to hack us anyways?"
>>42820855
no - the only thing ill say is that my company has a posting in that /r/netsec job thread
the security consulting industry is surprisingly small - there are only a few dozen companies i can think of in the entire industry that offer these kinds of services. there are many more jobs working the security shift for single companies
>>42820867
the worst part is how resistant they are to fixing these problems. I even remember bringing up the issue in my daily call with them and they tried to write it off as "no realistic attacker will ever have access to our internal systems". it took me a few days before i could actually convince them it was worth fixing
>>42820893
do you go to any sec conferences at all?
>>42820904
i go to local meetups of which there are plenty. i would need a visa to attend most conferences so it's not worth bothering with unless official business
>>42820893
There's so little security industry because most of the skilled people don't want to deal with the bullshit, bureaucracy, and idiocy of their employers/contractors. Like your short story about the bank.
>>42820941
yeah for sure - consulting is absolutely grueling work but it's nice not having to pentest the same site every day. i have a friend who does security at akamai and basically he just tosses his feet up and watches netflix all day waiting for something to do.
Ever been a mischievous bastard?
>>42821120
im a huge pussy so no
the closest ive ever gotten is doing passive scans on my school's website to see if i could spoof a professor's login
Log onto vendor demo site.
Look at page nice and really dont care.
Look at source. Oh hidden link. Turn on burp to reveal all hidden links and forms (usually only do this after I go through the app once for quick recon)
Vendor link to another vendor. Oh, login page to a monitoring service and #the full user/pass are in the url params#??
Could have restarted their dbs.
>>42821245
admit it, you were only able to hack them because they didnt have one of these gems on their landing page
>>42819266
>80k a year
Entry level sec analysts make 10k more so I know you're full of shit.
Also hackforums? You sound 12.
Come back to gee in a few years and maybe you'll have some experience to back up your BS claims.
>>42821275
Okay.
looks like the threads over guys!
found a local sec company with job postings D:
i'm going to give them a call on monday, see if i can talk to them or pester them a bit
>>42821451
good luck - worst case scenario is they give you a long list of books to read before you're worthy of initiation but that's not too terrible
>>42821492
i still have 2 semesters of school left, that might not actually be a bad thing
>>42815570
http://www.reddit.com/r/netsec/wiki/start
>>42821573
thx anon, your a cool guy
>>42821573
This is a lot to read holy shit
this guy is incredibly basic and outdated, yet he's making $80k/yr...
>>42821881
what is he missing and do you have resources for it?
