what do you want to do professionally in 2024? i would like to keep working toward a career in leadership, as one day i'd like to move into a CISO role. going to work on keeping my technical skills sharp, but also beginning to hone my people-leading and strategic skills.

"The pessimist criticizes, the optimist creates." -James Clear

I am giving away 1 seat each for our upcoming bootcamps. Azure Cloud Attacks (CARTP) - 3rd Feb (9:00 AM ET) Active Directory Attacks (CRTP) - 4th Feb (9:00 AM ET) Please Reply, Like and Repost to participate. The winners will be announced on Friday 2nd Feb 2024.

"The reason people get good ideas in the shower is because it's the only time during the day when most people are away from screens long enough to think clearly. The lesson is not to take more showers, but rather to make more time to think." -James Clear

You don’t FIND exploits. You build them. You FIND vulnerabilities and exploit them. As an exploit developer that has failed to exploit lots of bugs that look good, the distinction is important 😭

"Never outsource what you enjoy." -James Clear

"How to connect with others: Share with someone who wants to listen or listen to someone who wants to share." -James Clear

"The strategy required to find a great opportunity (lots of saying yes and exploring widely) is different from the strategy required to make the most of a great opportunity (lots of saying no and remaining focused)." -James Clear

All of the red team courses these days, I do wonder if people are being set up for failure. It’s rarely, if ever, an entry level job and continues to become more and more about development/research as the rate at which EDR and other defensive techniques iterate is much quicker

Agree with Justin. Generally, there is a misconception if I get the cert then I should get the job. Training should supplement an existing experience and enable you to think further and develop yourself not to replace experience or used as a promotion tool.

After a really long time only focused on manual web security stuff, almost everything has started to feel like a QA checklist. There are definitely people doing novel research and dropping crazy bugs, but I think a lot of the big stepping stones require people to build really

"Ideas that are hoarded help no one. Success follows generosity." -James Clear

created a BSky acct - we'll see how it goes. Same username as here.

RWXstoned there is also this list i have saved a while ago where the diff between wininet and winhttp is explained: wininet + proxy -> needs a valid domain user’s token. wininet + SYSTEM -> Bad wininet + service -> bad wininet -> harder to implement verification wininet -> socks4

i will be engaging in orange cat behavior today. no, i will not elaborate.