Hello World! New member here

Hey, nice to meet you Jason. But if you work in SCAP and STIG why this side is new for you ? I mean this side is so much easier that SCAP or STIG. Are you lying to us Jason ? ;)

Lol, no. I’m not lying. So, as you may know, SCAP scanning and STIG compliance is all about system configuration. I have almost zero experience in pentesting. I have actually never attempted to pentest a system before. I’ve read up on many tools and have looked at Kali and Parrot OS before but I have had no successful system penetrations. I have only read about it and studied it but never practiced it. I hope to change that.

As you say, “This side is so much easier”. I hope so, I’ve alwas thought that looking at Cyber from a policy/IA perspective means that you have to consider everything. If you’re a pentester then you only need to find one jinx in the armor. One of the things I hope to research is how difficult it would be to pentest a fully STIG'ed system -vs- an out of the box configuration. I can also state with confidence that learning how to STIG a system has taught me many things about computing, in general, and vulnerabilities specifically. I am hoping to leverage this when I reach the higher challenges that more closly resemble a real world situation.

I thought, because most of the time people who likes computer security, have already tested the pentest. Defendtheweb teach you the fundamentals of hacking. If you want pentest, go to root-me or hackthebox. There is no CTF here. But i didnt say that defendtheweb is boring, of course its cool. So if you work in SCAP and STIG, this side is maybe not new for you.
If you want “a real world situation”, there is no more realistic than the CTF.

Thanks for that Mortfeus. I definetly need the fundamentals. I tried Hack-the-Box, but that was too advanced for me. This seems like the best place for me at the moment. The challenges i’ve beat so far have mostly covered things that I already know with a little bit that I don’t know.

Something else I’d like to ask you Mortefus. I’m having trouble finding what tasks are on the to-do list. I seem to be doing them, but on accident. lol CAn you tell me what all the tasks on the to-do list are? Thanks again.

PM me if you want.