I'm learning pentesting for fun. I'm mainly active on hackthebox.eu. I might get my OSCP one day, for fun as well. I do still think the certificate comes in handy despite the fact that I'm applying for web developer positions at the moment. I'm happy I'm learning this though, I'm already noticing that I develop differently, because the little I've learned about pentesting taught me that true cyber criminals are hungry to break into your systems, and they only need one shot, one small misconfiguration and they're in. Or at least, that's how it works on hackthebox ^^
I'm also doing some OSINT (open-source intelligence) by simply giving myself assignments. The assignments on hackthebox.eu were not all that great and OSINT is one of the few disciplines that you can do in the real world without permission, since it's all about accessing public data.
I flip back and forth between the 2 disciplines. I don't know why it attracts me. It just does. I also notice that learning this stuff is completely different from programming. And to an extent it's one of the few ways that gives me the feeling that I'm "living and moving around" in cyberspace as opposed to "constructing" (i.e. programming) in cyberspace. I guess typing cd and ls on a lot of Linux and Windows practice boxes give that effect. And the cool thing is, you learn a lot quicker about all kinds of services. For example, I never knew about rsyslog, logger or the mqtt protocol (Linux boxes). I never knew about Kerberos, Active Directory and smb (Windows boxes).
I'm happy I did some master courses in cyber security beforehand. While I'm really new to a lot of things, I've gained a lot of what psychologist call crystalized intelligence in this area. So it's all quite easy(ish) to understand. Things get harder when I have to reverse engineer binaries or debug in x64 assembly. It's still doable though.
I am also learning pentesting, for the cert and to have some methodology in my job ( somewhere between devops/compliance/security). First week into PWK course, I used hackthebox and thecybermentor's practical pentesting course to build up confidence to attempt getting that long wanted OSCP title.
I've heard that OSCP is a lot more CVE based than hackthebox. It apparently also has a lot more rabbit holes compared to hackthebox. I haven't checked out thecybermentor yet, but a friend of mine has and he seemed to like it as well.
It is more about identifying CVEs and exploits than HTB is, but there is still a good amount of finding misconfigurations, like HTB has. OSCP helps you build a methodology and a mindset for pentesting, and finding CVEs with existing exploits makes that a little easier than HTB, where you are not under time pressure. HTB would be my goto to prep for OSCP, I wish I'd found it before.
I'm also doing some OSINT (open-source intelligence) by simply giving myself assignments. The assignments on hackthebox.eu were not all that great and OSINT is one of the few disciplines that you can do in the real world without permission, since it's all about accessing public data.
I flip back and forth between the 2 disciplines. I don't know why it attracts me. It just does. I also notice that learning this stuff is completely different from programming. And to an extent it's one of the few ways that gives me the feeling that I'm "living and moving around" in cyberspace as opposed to "constructing" (i.e. programming) in cyberspace. I guess typing cd and ls on a lot of Linux and Windows practice boxes give that effect. And the cool thing is, you learn a lot quicker about all kinds of services. For example, I never knew about rsyslog, logger or the mqtt protocol (Linux boxes). I never knew about Kerberos, Active Directory and smb (Windows boxes).
I'm happy I did some master courses in cyber security beforehand. While I'm really new to a lot of things, I've gained a lot of what psychologist call crystalized intelligence in this area. So it's all quite easy(ish) to understand. Things get harder when I have to reverse engineer binaries or debug in x64 assembly. It's still doable though.