Jr Pentest interview next week
YuckTheFankees
Member Posts: 1,281 ■■■■■□□□□□
I received a call back today for a Jr Pentesting gig, there's a quick 20 minute phone interview sometime early next week. I know a senior pentester at the company, so that definitely helped me getting in an interview..now it's up to me to close the deal..
This weekend I plan to ( I have the next 5 days off, so I can get a good amount of studying done)
* download metasplotable and find vulnerabilities...then write small reports about my findings
* Possibly buy the eCPPT course because it takes over a week to get signed up for OSCP
* go over BASH and possibly python
I'm not getting my hopes up but it's still cool to be given the chance for an interview.
This weekend I plan to ( I have the next 5 days off, so I can get a good amount of studying done)
* download metasplotable and find vulnerabilities...then write small reports about my findings
* Possibly buy the eCPPT course because it takes over a week to get signed up for OSCP
* go over BASH and possibly python
I'm not getting my hopes up but it's still cool to be given the chance for an interview.
Comments
-
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□Good luck!!!!!Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
N2IT Inactive Imported Users Posts: 7,483 ■■■■■■■■■■That's what you want that's going to be sweet!
Good luck! -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□Thanks everyone, I'm definitely nervous but I'm hoping my drive/motivation and personality will make up for the lack of experience.
-
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□I hope you don't mind me asking but what is your experience?Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□1 year of Linux/Networking + 3-4 months of Computer Forensic + 4 years of Finance
Do you recommend the eCPPT course? -
docrice Member Posts: 1,706 ■■■■■■■■■■Enthusiasm and motivation is a big part in the hiring factor for an infosec position, on my opinion. You need applicable skills as well, of course, but if you can show that you have sufficient drive, it might get you in the door permanently.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
-
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□I cannot recommend the eCPPT course because I haven't completed the course or read through all the material. But I think that this course has been good so far. You might need to find some extra resources to help you study.
I'm not trying to be difficult or anything but I feel that any course can help someone with a future job. I don't want to tell you that I think you should take the course and then you be disappointed in it. I would honestly feel bad because I felt like I helped you wasted your money.Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□Its no problem.Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□So I just bought the eCPPT course..this will definitely help prepare for the interview. The labs are pretty cool .
-
onesaint Member Posts: 801Awesome to hear. I really hope it goes well and kudos on the preparation.Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□YuckTheFankees wrote: »So I just bought the eCPPT course..this will definitely help prepare for the interview. The labs are pretty cool .
Awesome! Maybe we can help each other out. Did you get the 30 day or 30 hour Hera lab?
I haven't done any lab time yet.Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□Sounds good. I bought the 30 day lab for Hera and Coliseum. I'm going through the network and web application security 1st, then I'll move to the C++/ASM modules.
-
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□I wanted to get the Coliseum but I didn't have money for it. I think that you have a good plan there, especially since you have the job interview soon.Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□That's what I'm thinking. The job description mentioned "knowledge of web application security", and I've heard eCPPT best material is in the web application section...so it was an easy choice for me. I have probably spent about 8 hours in the course and I'm getting pretty comfortable with Burp Suite.
-
rogue2shadow Member Posts: 1,501 ■■■■■■■■□□I'm actually running through it myself in that order (net/web/sys) as additional preparation for the OSCP exam (my web skills are weak to be honest). Thus far, the material and videos are proving to be top notch.
I would also recommend these books if this job is purely a web application pentest job or to further fortify your web skills:
Amazon.com: The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (9781118026472): Dafydd Stuttard, Marcus Pinto: Books
Amazon.com: HACKING EXPOSED WEB APPLICATIONS, 3rd Edition (9780071740647): Joel Scambray, Vincent Liu, Caleb Sima: Books (somewhat dated but will keep you in the flow of things)
Good luck on the interview!! -
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□Good looking out rouge2shadow!
YucktheFankees
I like the burpsuite but I found it a little difficult to get around at first. Do you feel that the material is overwhelming?Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□@rogue2shadow,
I'm sorry I was a little confused, are you taking the eCPPT course right now or OSCP? I'm a little weak in the web app department so your book recommendations do help . Thank you.
@JLC,
I'm not finding the material overwhelming yet but I'm definitely using other sources..googling a lot for additional material and looking for youtube/security tube videos on subjects I can't grasp fully. I definitely need to learn HTML/Javascript/PHP, or at least be able to interpret the language better. -
rogue2shadow Member Posts: 1,501 ■■■■■■■■□□@YuckTheFankees
Anytime! I already ran through some lab time with offsec but I quickly realized I needed to beef up my web/advanced systems skills in order to do well in the final exam. I will make an attempt later this year but for now I'm going through eCPPT Pro with Collesium (went through Hera last month). -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□I'm definitely planning on OSCP after eCPPT. How does the OSCP compare to eCPPT in your opinion?
-
docrice Member Posts: 1,706 ■■■■■■■■■■Regardless of whether you pass / fail the interview, it would be enlightening to all of us to hear what the experience was like, minus any revealing details about the specifics of the organization you're interviewing with, of course. Your other experience with the forensics internship would also be very valuable to hear about.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
-
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□I have already started writing my review for the internship, but that's on the back-burners until after the interviews. I will also provide my thoughts on the interview process, it should be interesting.
-
veritas_libertas Member Posts: 5,746 ■■■■■■■■■■Exciting. I hope you are able to nab that job. Let us know how it goes
-
the_Grinch Member Posts: 4,165 ■■■■■■■■■■Congrats on the interview. If it truly is a Junior Pentesting job, I wouldn't worry too much you'll do just fine. I interviewed for a similar spot and was offered the job. It consisted of two phone interviews, the first being a panel where they just went over my resume and ask me to describe various things on it. The second was a phone interview with the CTO where he asked various IT related questions (ports, acronyms, you get my meaning). Also, gave me some general IT scenarios to see if I could think on my feet. Finally, I was flown out to their offices to meet with the team I would work with. They allowed me to sit with one team member for an hour and just ask questions about what the job was like. Also, I then set with the CFO and another panel to get into the personality stuff. This was a traveling position, but for at least the first 90 days I would be in the office sitting with different team members and learning the ropes. I often find that with positions like these you get two types, ones who just say junior level, but actually want you to know everything. On the flip side, you get the ones who want the IT experience and the customer support experience in turn they will train you up on their tools along with how they like things done. Given your drive and you're posts, I suspect you will do just fine and will get the job if you want it.WIP:
PHP
Kotlin
Intro to Discrete Math
Programming Languages
Work stuff -
contentpros Member Posts: 115 ■■■■□□□□□□Burp can be confusing when you first start with it but hang in there once you get comfortable it is an amazing tool. If you haven't already checked out "The Web Application Hackers Handbook" (2nd or 3rd edition) I highly recommend picking it up. The author is the creator of Burp and there are some great burp specific examples in the books. You can probably find them used for pretty cheap and they are worth every penny. It is required reading for all of our staff and developers!
HTH
~CP