Read on Twitter
People seem to get very offended when they say "How do you do X?" and somebody responds "Google it".
This is specifically true in the infosec community, I'm going to explain why that response isn't just a snarky "aha" and actually explains a LOT about offensive security.
This is specifically true in the infosec community, I'm going to explain why that response isn't just a snarky "aha" and actually explains a LOT about offensive security.
Now - if you open your question with "I googled this, I did loads of research, I found out X and Y but I can't seem to figure out Z"
GOOD - QUESTION.
You might get another "try googling XYZ".
Why is telling people to Google not a snarky thing then?
GOOD - QUESTION.
You might get another "try googling XYZ".
Why is telling people to Google not a snarky thing then?
When you're speaking to a very experienced offensive security person, 9/10 the reason that person is 1337 as fuck is that they've mastered the art of self-research
Security is SUCH a wide topic, like, seriously, you not only need to know how things work but you REALLY gotta know
Security is SUCH a wide topic, like, seriously, you not only need to know how things work but you REALLY gotta know
You need to know the ins and the outs, you need to know the quirks, not "this should do X", the answer should be "this DOES do X because I tested it"
The best training courses teach you how to self-study and self research. There are so many different things you'll interface with
The best training courses teach you how to self-study and self research. There are so many different things you'll interface with
You'll be doing some recon, you'll find something, and you will have NEVER heard about it.
What do you do? Sit there confused? Go and sit another course specific to exploitation on that technology?
There might not be anybody who has ever encountered it before you, let alone..
What do you do? Sit there confused? Go and sit another course specific to exploitation on that technology?
There might not be anybody who has ever encountered it before you, let alone..
Let alone sat down and developed a course, or a guide, or even an article or a forum post.
For common tech - there are usually a lot of resources, and you can definitely get by on some training level.
But theres that 15-25% of stuff you'll hit and think "I never heard of that"
For common tech - there are usually a lot of resources, and you can definitely get by on some training level.
But theres that 15-25% of stuff you'll hit and think "I never heard of that"
Tech is constantly changing, new tech is sprung up and developed every single day, how do you think the pioneers of this industry figure out how to break it?
They research, they test, they study, and then they figure shit out.
They research, they test, they study, and then they figure shit out.
Once you get a bit of practice with self-study and research, your google-fu will grow exponentially.
Knowing the right terms to google is a skill NOBODY appreciates. Knowing how to structure your queries so that you find somebody else who found it/faced it first.
Knowing the right terms to google is a skill NOBODY appreciates. Knowing how to structure your queries so that you find somebody else who found it/faced it first.
A lot of the very talented and experienced offsec people are fully aware of this fact. Self study & research is the difference between a good pentester and a GREAT pentester.
When they tell you "google it" its for your own good. Eat your vegetables, persevere, you'll figure it.
When they tell you "google it" its for your own good. Eat your vegetables, persevere, you'll figure it.
If we just give you the answer straight up - we are doing you a disservice.
It may seem great in the beginning "YAY THIS IS EASY I JUST GET GIVEN EVERYTHING" - but it's junkfood.
You can't just take some intro courses and be a pentester, you need to practice self study
It may seem great in the beginning "YAY THIS IS EASY I JUST GET GIVEN EVERYTHING" - but it's junkfood.
You can't just take some intro courses and be a pentester, you need to practice self study
I think that is one reason why OSCP is so highly regarded.
It doesn't hold your hand - it drops you in the deep end and you have to figure that shit out.
It doesn't hold your hand - it drops you in the deep end and you have to figure that shit out.
