CEH & Comptia Pentest+

I’m currently studing for the comptia security+ exam

In few months from now I will have the opportunity to attend a 4 months preparation course for CEH without paying (very cool!), and for sure i will do it! But i will not try to get the CEH exam because of the price of the voucher a little too high for my pocket. 🙂

now, the question:

-I read that ceh and pentest+ are similar certifications, but i did not find much that dig deep on program differences and maybe a clarification on this can be useful for others.

can any of you that have tried both or know someone that have tell me if

the study of the CEH program could put me in a position to face the (cheaper) comptia pentest + exam instead?

thank you very much

What is the best bootcamp (in person) for PenTest+?

enter image description here I am a full-stack developer, I don’t know much about cert, but I am very much interested in getting my first PenTest+ certification.

What is the best bootcamp (in person) for PenTest+ ?

I found this site : https://www.infosecinstitute.com/ They offered training and exam pass guarantee for $ 5000.

I’m opening to any suggestion that might be a bit more affordable for me.

How to setup an online pentest lab? [closed]

I’m just wondering that can I build an online pentest lab? I have only company’s PC and I don’t want to buy another one for my personal stuff so I’ve looked for VPS and creating a lab on VPS makes sense to me. I’m planning to create 3 servers. One machine for Kali Linux and the other two machines will be victims. So is that a good idea or not? Also, I’ve searched ready to use labs but couldn’t find it. So if there’s any ready to use platforms, that’s fine too.

What can a victim company do when it’s hard to differentiate between a Physical Pentest from a Criminal Physical Penetration

Hypothetical Situation:

The company Blue hires the company Red to do a Red Team engagement on Blue. Here, I’ll be discussing only the physical part of the engagement, not social and cyber.

Red successfully infiltrates Blue and gives detailed reports of what was done in the engagement. Example part of the report:

... In building A:  At door A101, we picked the lock. Techniques used in picking: Raking, Bump Key. At door A102, we picked the lock. Techniques used in picking: Raking. ... 

The report includes details of techniques used to exploit and infiltrate.

A week after the engagement is done, Blue is attacked by real criminals and had their data exfiltrated from building A. They didn’t have camera footage of every door exploited. Installation of the doors and locks in building A are confirmed to be proper and most likely picked. However, those doors/locks have also been reported to be picked by Red during their engagement the week before.

The problem:

The locks being tested have been picked and exploited by both Red and the criminals. Forensics evidence would likely show traces of both or just Red‘s engagement. Since red team engagements are to simulate real criminals as accurately as possible, it’s hard to differentiate between evidence left by Red and those left by the criminals.

Blue is highly confident that those locks were picked by the criminals, and let’s assume they’re correct about that. Blue wishes to investigate how exactly the criminals got in and track down those criminals. Additionally, Blue also wants to claim insurance for those locks being picked. (I’ve heard we can get insurance from the lock manufacturer if the locks are picked and we take damage from that)


How can forensic evident on the locks be used in court (for insurance) and investigation? How should Blue use said forensic evidence to claim their insurance and track down the criminals when it’s hard to distinguish between marks left by Red and the criminals?

Most Methodical Approach to a Manual Web App Pentest

You’ve completed your manual crawl, automated crawl, and automated scans for all of the endpoints in one application (assume one host.) Now, you have to manually test all of the endpoints in the web application.

What is the best systemic approach to conquering this task? What do experienced application security engineers do to perform this efficiently and with proper coverage? What software do you use to keep track of ongoing progress?

The best method I can think of: put all of the URLs, de-duplicated by parameters, into a spreadsheet. All of the other columns will be as possible vulnerabilities. Then, for each URL, manually test for each vulnerability. However, this seems tedious and prone to error.

Issue with Vitrualbox for Pentest

I did a training on web application hacking at India and now professor asking to ssh to attack machine and do hacking. Now my question is, I am using Kali Linux at home and using with Virtual box. Professor allows OpenVPN to connect. So if I connect via open VPN to his platform with my Windows machine, shall I able to use Kali? Does NAT will do take care VPN related issue when I attack from Kali?

I am new to hackathon. So once I ssh to attack machine, can i use kali over openvpn?