As I’m approching my due date (literally today), here is what I’ve done so far:
Done:
In progress:
- OverTheWire wargame: Natas (it was put on hold until finishing those first THM learning paths)
- HackTheBox: Lab & Academy introductory stuff
- CTU MOOC Introduction to security
- TryHackMe: Web Application Pentesting (probably won’t finish this year)
So, I mostly worked on TryHackMe stuff. I did some HTB things, but THM courses seem to be more to the point and less buggy. Also, the pet peeve of mine: HTB requires you to click on “Submit” button, pressing Enter is not enough, bleh.
I completed two easy HTB boxes, and it was humbling. I need to stop overthinking and just go with dumb things first. Like trying to use the same password for linux user as in CMS admin panel. Or spend more time just checking/opening files.
But overall it’s been fun. There are tons of tools&techniques to learn, and it’s more about checking off unknown unknowns than being a g0d-][ack3r. In the software testing community there is kinda a warlike dichotomy between exploratory and automation sides. In the pentest, it’s “duh? be and use both”.