Almost there, but not quite yet

I’m having problems making the leap, that next step from scanning and enumerating to finding the vulnerabilities and exploiting them.  I’ve only been at this a month now, and I feel like I’m almost there but not quite yet.  I found the puzzle board, and found the pieces, but so far I haven’t been able to fit any of them together on my own.  I’ve studied multiple sources about how to hack, the methodology, what vulnerabilities look like, and how to find them.  I’ve struggled through running Burp Suite, Dirbuster/Gobuster, and Metasploit.  I’ve mostly talked about the success I’ve had on one-step challenges like at Shellterlabs, but not talked about my failures with hack-the-box or vulnhubs.

Doing this on limited time everyday is pretty difficult and there’s this image of the modern hacker out there as a rock-star personality.  Comes up with solutions instantly, talent comes naturally, genius type personality.  I’ve spoken to several guys and gals out there and they all had to work really hard to gain the knowledge they have, practiced many hours to get good at it, and maintain their skills, and often face the same struggles that us new people do just they figure it out faster because of experience.  People aren’t born rock-stars, they work hard at it, and become one if they want to.  When I first started, people would tell me that I’d get it quickly because I am smart, or that I have IT experience.  They told me I’d be ready for my OSCP in 6 months with my knowledge and experience.  I believe they overestimated my ability and the time I have versus the time it takes.  Hacking is hard and there isn’t any easy way around earning the abilities through practice and study.  Let’s dispel the myth that you can just pick up a computer and hack.

Post Author: InfoSecJon

Info Sec Professional, Pen-Testing noob

Leave a comment or suggestion!