Very interesting. As someone who's currently starting in Cybersec, I'd want to know your opinions on a few things. I've been watching your videos and you've caused me to debate, but it doesn't harm my path too far. It'd mean a lot to me if you responded and considered each of these points separately. There's a truckload of them, I apologise if it might be too much, but I'm really interested in your points of view. - Is my mentality good? I've been trying to fit in basically all aspects of cybersecurity in my training, to be honest. One of my key mentalities is that hacking is not solely digitalised, and has many diverse vectors. It's more of a mentality rather than a simple, static field. Stuff like physical pentesting, hardware pentesting, and social engineering are areas I've tried touching upon despite having a high focus on security misconfigurations and pentesting. I've actually been learning Cybersec in duality with Dark Psychology/manipulation, to perfect social engineering and what i'd been calling "human hacking". I feel like I'm aiming to be more of a jack-of-all trades than just a single thing, and I'm not sure if I'm targetting too many things. Is this overexerting myself, or should I try to hone my skills and focus on one thing? Is it technically advantageous to do all of this, because all topics are interconnected in some way or another? - Even though it is technically another field, do you think learning psychology on the side would be advantageous to becoming a more versatile red-teamer through using stronger phising techniques? Manipulating targets in my opinion is much better and more sophisticated than simple impersonation and lightly tweaked spam. Do you also think this? - How successful would you think a red-teamer or security engineer/configurator be in terms of job roles? I've been weighing both of them as alternates to just a pentester, and I feel like I do gravitate more so to red-teaming due to the attitudes I mentioned above. I feel it might be worth pursuing that, but I'm not sure. What's your thoughts on these two? - What are your thoughts on OSINT/Open Source Intelligence? Do you think its a good field to try specialising in and practise? It falls hand-in-hand with social engineering and is needed to build a good portfolio on who to attack/manipulate in a company and what figures to impersonate; knowing more about the target is essential to hacking it. Do you think this'd be something worth pursuing and practising? - What are your thoughts on the Privilege Escalation and Command N Control (C2) sides of pentesting? Do you think these are still valid to learn for the role of a read-teamer or successful security analyst/auditor? I believe they might be, since spear phising and deployed malware is only for initial access. These kind of clear up what to do post-exploitation, and that's important for a real security breach/attack; practising persistence, controlling multiple points, and escalating privileges to move laterally and find a stronger foothold. - A penetration testing youtuber I've watched who has some experience in malware analysis has taught me in a stream (paraphrased) "you don't need to know how to build massive exploits and do all things fancy in a security field. Rather than writing code, you should focus on knowing how to read code and identify insecurities. Chances are you won't be hired by google or amazon, and you'll be up against a company's self-made website or web/service application at most". How far do you agree/disagree with this statement, and how would you correct it? - I have a personal thought here to your argument that penetration testing is useless, and I'd want to see your opinion on it; "Digital penetration testing is still a useful subject to start with because it teaches a lot of fundamentals about devices and operating systems from an offensive security point of view. Even if most ways used in penetration testing labs are outdated and phased out, they introduce you to many fundamental concepts of a device that act like building blocks, like server infrastructure, operating system infrastructure, attack vectors and data exfiltration. Besides that, Privilege Escalation and C2 tactics are also quite vital in my opinion to understand for any cybersec job role. I see penetration testing more as a first stepping stone, rather than a waste of time." How far do you agree? - What's your opinion on the resources "Hack The Box", "TryHackMe" and "Offsec"? Are they good resources to begin with, or do you recommend any other sites which can do better at tutoring on cyber security? What kind of certification resources would you suggest for job opportunities? - Do you have any interactive web resources and tactics which you could give me to set me on the path of being a more successful malware analyst? I know you've offered some things to another person in this comment section, but I don't believe I have everything I need from my current online learning resources specifically to succeed in this. What books, as well as online courses and practical examples would you suggest I study and do? And do you know of any good youtubers to use as inspiration? - I've seen a comment from you on another post already, but I'd like to address it in broader detail and maybe have a video from you on this? What do you think on ChatGPT's effect on not only the malware analysis field, but on the field of cybersec as a whole? I feel like penetration testers are less impacted by this than malware analysts and exploit crafters; an AI with unconstrained access to plaintext can analyse source code very quickly, and with enough samples and development for it, should be able to supply fixes after identifying it and even write generated responses. How good will it be at screening the configurations and network details of an entire organisation, however? Shouldn't it take more effort for an AI to do something more laterally involved like that? And moreso, what do you think the human-compliant effects of AI will be on malware analysts and other jobs? We will likely have AI incorporated into tools if its presumably not fully competent enough to screen for vulnerabilities; what could the implications of AI have in terms of being used by experts in the field as an assistant rather than replacement? Thank you again if you ever answer all of this. If not, been interesting to think about this to myself and write it out. Hope I can learn more as always :)

sory for my poor english writing skill if i write anything wrong but i want to ask if I want to become a malware analysis in the future so should i chosse to be on SOC team or pentester team to begin with as a college students , thank you for all the great video that you been making and hope you reply

waht best programming language to develope malwers like Trojan horse and ransowmer ?

From my research, the main route is: bug hunter → penetration tester → red team operator, what you're talking about is the fact that penetration testing is dying, so if I'm new, and just got my cybersecurity literacy or ABC by doing tryhackme paths, HTB, ... etc. How do I get into a red team operator position? If penetration tester background is a perquisite, can you please elaborate further in a separate video or a comment? Just a way to direct myself. Thank you.

Is it possible to do freelancing in cybersecurity? If yes, then which domain do you recommend in the current market scenario for getting long term clients.

Kanal başarılı arkadaşlar

Hyy sir I am thinking of switching from pentest ING to malware analysis any tips you wanna share for me

I have just heard that with the help of chatgpt, one can manage to create highly sophisticated malware with minimal knowledge of coding, enabling even scripts kiddies to create undetectable malware, does that mean, one studying to be a red teamer can neglect having advanced knowledge of programming And it's only sufficient to have the basic concept about what's going on ?