Hia,
I'm a software engineer currently, I've worked in backend dev, frontend dev and then transitioned into systems where I'm currently writing C and C++ code for a range of platforms and architectures. I recon I've got very good knowledge of software (high level web stuff and low level hardware programming) and have dabbled around security when implementing projects in the past. I'm good with networking too. However, I've never done any genuine black or gray box pentesting. Its always been testing applications I have written. I recently started playing some online challenges like the CTFs on hacker101 and I've got some of the ones recommended on the pinned post here on my todo list.
I've been considering a move into white hat hacking and just want to scope out how this field looks and whether the reality sounds as fun as the vision.
Career
Is this a hobby or a career path for you? How much does the career differ from the hobby?
If you do this as a career, what is your job role and what does it generally consist of?
Are you working as a tester where you are validating newly built features?
Is the work contract based (agency work) or are you part of a permanent team in a non-security company?
Are bug bounties at all feasible for making money(they seem too good to be true)?
Tools
So far I've been writing quick scripts myself, but there is so much noise about things like Kali or Parrot.
While i see the incentive, I'm a little too married to my flavor of Arch and i3 and don't like the idea of pre-installing a bunch of tools which I don't know how to use. I would much rather iteratively build a library of tools that I know how to use and can rely on (very Arch mentality, i know).
Does Kali and Parrot actually get used in day to day jobs?
If not, what tools are common in the job area?
It seems like most of this stuff is FOSS, which I would much prefer to proprietary tools. This field doesn't look too sold out to massive corporations yet, but I worry it will be soon (*sideeyes* burp). Are the proprietary tools worth it at all or is the FOSS stuff enough?
I really appreciate the help, its very tricky to dig through all trash information on the net, which seems increasingly saturated with low value articles and bootcamps. Getting some advice from people that have navigated this already is priceless.
[link] [comments]
from hacking: security in practice https://ift.tt/2J2NYqo
Comments
Post a Comment