Mucomplex Diary

A cyber security enthusiasm. Learning is my passion. Currently working as Security Consultant at Firmus sdn bhd. I had experience in the penetration testing and reverse engineering skills. I am doing penetration testing for the web penetration testing and vulnerability assessment on servers and other infrastructure.

View on GitHub

Journey to become offensive Security Expert 2

Date : 31 Oct 2019

Author: mucomplex

Hi guys, after a few weeks it is now the time to write Journey to become offensive security expert part two. I assume you have reached your limit about basic stuff either beginner level or intermediate level.

Now, I am betting you nowhere to go, you are almost lost your passion and feel boring into security. All kind of hacking technique on books seem familiar to you. New fast pace technology, IDS, IPS, WAF, AV almost like kill you. You will overload with all these (Android, Window, Linux) hardware testing, application reversing, exploitation, Web framework technology, programming language need to learn,(IDS, IPS, WAF, AV) bypass, and all kind of new tools and 0-day released every day. You cant keep it up. One word is “you are fucked up now” :D

Let me guide you, clear everything in your mind right now.No one can be hacking god and know everything, some of the knowledge you must let it go, because you can’t maintain it forever if you learn. You need to choose which area you are interested, for me (Web, Exploitation, Reversing, Programming), obviously I’m not good at networking and routing, at least I have something that I’m good at it. Since you do not have a broad knowledge, you need to create one hacking team or find one which may help you with what you are lack. Do I have one?..absolutely yes! 3l173Gh057 (elite ghost), and I’m proud of it.

2nd, with all the skill you learn, you must show to the community that you are good, but how?. Okay, let me explain, you must do your research, this is the hardest part which may consume your time, energy, and everything in your life to sit in front computer for hours. (Remember the time you take your OSCP, OSCE and etc with lack of sleep?. It same :D ).But now you are doing something without a Flag :D, no pointing to the right direction, no solution is given, and you are not giving up because you are confident with it. All of this hard work, you may either give to the community for free or with charge, It is all because you want to build a good profile. Other than that, you may work for money like a bug bounty program, give training, etc. Imagine, you get reward $10k from bug bounty program or find new 0-day and report as CVE. Someone will look at your profile and see you as a perfect guru for them :D.

3rd, It might be sad because this journey no one guide you anymore which path you should choose after this. But you are not alone because some people like you interact with each other, exchange knowledge, talk about everything on Reddit, StackOverflow that may interest you and bloom your self into a new interest. Learning process is never-ending unless you put a limit on it.