Live streaming Summary
☀️ Quick Takes
Is this Live streaming Clickbait?
Our analysis suggests that the Live Streaming is not clickbait because the majority of the content directly addresses how the speaker earned OffSec's certs in one year, providing relevant details and experiences.
1-Sentence-Summary
Muhammad Fidel Khed's journey in cybersecurity, from game hacking to mastering all OffSec certifications in under a year, underscores the importance of perseverance, structured learning, embracing failures, and balancing life, while stressing the strategic thinking akin to chess necessary for effective penetration testing and continuous learning in the evolving fields of API and AI.
Favorite Quote from the Author
if you can write an exploit for something then you understand that thing to the zeroth level like as deeply as a human being can understand something you understand that thing even if it's a really really small thing and that feeling just feels so amazing.
💨 tl;dr
Muhammad's journey in cybersecurity spans over a decade, focusing on offensive security and bug bounties. He tackled OffSec certs for growth, emphasizing hands-on practice, adaptability, and the importance of mastering fundamentals. His approach includes embracing challenges, learning from mistakes, and managing burnout while balancing personal life. He completed all certs in 10 months, proving that passion and commitment lead to success.
💡 Key Ideas
- Muhammad's journey in cybersecurity began over 10 years ago, evolving from game hacking to a focus on offensive security and bug bounty hunting.
- He pursued OffSec certifications for the challenge and skill enhancement, scheduling his first exam just after starting his subscription.
- The Ed exploit development course requires a deep understanding of topics and a significant mindset shift from using to developing exploits.
- Alternative learning methods, like videos and diagrams, can help overcome frustration and enhance comprehension.
- The 'try hard methodology' emphasizes perseverance and problem-solving without seeking easy shortcuts, crucial for deep learning.
- Success in pentesting involves understanding fundamentals, adaptability, and building relationships with clients, focusing on delivering value.
- Managing burnout is vital; taking breaks and focusing on specific interests can improve productivity and learning.
- Practical experience, hands-on practice, and understanding the tools and systems are key for mastering cybersecurity concepts.
- The speaker completed all OffSec certifications in 10 months, balancing studies with personal responsibilities, including a new baby.
- Continuous learning and accepting that everyone makes mistakes are essential for growth in the cybersecurity field.
🎓 Lessons Learnt
-
Work on What You Love: Pursuing a passion turns a hobby into a fulfilling career, enhancing your performance.
-
Challenge Yourself: Scheduling exams early forces you to adapt to time constraints and pressure effectively.
-
Learn from Mistakes: Initial setbacks provide valuable lessons; prepare for technical issues to avoid wasting time.
-
Financial and Mental Readiness Matters: Be prepared both financially and mentally before committing to certifications for better engagement.
-
Stay Committed to Your Schedule: Pre-scheduling exams keeps you focused and minimizes frustration.
-
Embrace the Challenge: Tackling tough exploit development leads to better understanding and personal growth.
-
Master the Fundamentals: Understanding basics like assembly writing and Windows API is crucial for effective exploit development.
-
Don’t Skip Difficult Topics: Revisiting challenging concepts strengthens your knowledge base.
-
Practice Builds Confidence: Regular hands-on practice enhances problem-solving skills and familiarity with concepts.
-
Understand Errors Deeply: Analyzing error messages thoroughly improves learning and reduces frustration.
-
Change Your Study Environment: Switching study locations can make learning feel more enjoyable.
-
Accept Burnout as Normal: Taking breaks when overwhelmed helps reset your mind and maintain motivation.
-
Adaptability in Pentesting: Flexibility is essential; be ready to adjust strategies if tools or devices fail.
-
Value in Negative Results: Not finding vulnerabilities still demonstrates the effectiveness of security measures to clients.
-
Continuous Growth: Engage in discussions about detection and future strategies, even if your findings are minimal.
-
Prioritize Sleep Wisely: Limited sleep can be enough when focused on goals, but watch for fatigue.
-
Avoid Frustration: Recognize that everyone, including experts, is continually learning; it's part of the journey.
-
Take Your Time: Learning in this field is a marathon, not a sprint; patience is key.
🌚 Conclusion
In cybersecurity, continuous learning and resilience are key. Embrace challenges, stay committed, and remember that mistakes are part of the journey. Prioritize hands-on experience and adapt to changes, and you'll thrive in this ever-evolving field.
Want to get your own summary?
In-Depth
Worried about missing something? This section includes all the Key Ideas and Lessons Learnt from the Live streaming. We've ensured nothing is skipped or missed.
All Key Ideas
Muhammad's Journey in Cyber Security
- Muhammad has been in the cyber security field for over 10 years, starting from game hacking.
- He taught himself coding and got involved in a community focused on bug bounty hunting.
- Muhammad found his passion in offensive security, which he considers challenging and rewarding.
- He initially didn't see cyber security as a career option until he discovered job opportunities in the field.
- He was motivated to pursue OffSec certifications for a hard challenge and to enhance his skills.
- Muhammad scheduled his first exam just two hours after starting his subscription with OffSec.
- He faced technical difficulties during his first exam but managed to complete it successfully.
Exploit Development Course Insights
- The Ed exploit development course (ex P 301) is well-designed, challenging, and requires deep understanding of topics.
- Exploit development is seen as level two of hacking, requiring knowledge of reverse engineering and vulnerability discovery.
- Transitioning from using exploits to developing them involves a significant mindset shift and is a challenging concept to adapt to.
- The internals of systems, such as assembly language and Windows API, are crucial for mastering exploit development.
- Successfully creating an exploit provides a profound sense of understanding and accomplishment.
- Getting stuck is common during the learning process, but having a structured approach and scheduling exams can help manage frustration.
Understanding Learning Strategies and Challenges
- Finding alternative ways to understand a topic helps avoid frustration, such as using videos, diagrams, or studying in different locations.
- Understanding every part of an error message is crucial rather than glossing over it, which enhances comprehension and reduces frustration.
- The speaker emphasizes the happiness derived from grasping difficult concepts rather than typical leisure activities.
- The rapid perion method involves tackling challenges actively and taking breaks to approach problems from new perspectives.
- Various certificates are transferable across different aspects of cybersecurity, with OCP and OA being particularly relevant for pentesting roles.
- Balancing a full-time job, side projects, and continuous learning requires a demanding schedule, including late-night study sessions.
Insights on Pentesting and Motivation
- Many members of the speaker's team are motivated to study and achieve similar goals, inspired by the speaker's dedication and methods.
- Pentesters have a different mindset than ordinary employees, requiring unique leadership approaches.
- The mindset of a pentester involves thinking critically about how things are built and the idea that 'everything can be hacked.'
- Hacking and reverse engineering enhance problem-solving skills and a deeper understanding of concepts.
- The 'try hard methodology' emphasizes solving challenges without seeking easy solutions, which fosters deeper learning and understanding.
Key Principles in Problem-Solving and Cybersecurity
- Accepting failure is essential in problem-solving; it's okay not to solve a problem immediately.
- Balancing persistence and frustration is crucial when guiding a team through challenges.
- The 'try harder' methodology is fundamental in OffSec courses, differing from traditional learning approaches.
- Practical experience and hands-on practice are vital for mastering cybersecurity concepts.
- A deep understanding of tools and systems is necessary; it's not just about running tools but knowing their inner workings.
Key Insights for Success in Pentesting and Cybersecurity
- Understanding the fundamentals of pentesting and being adaptable to different situations is crucial for success.
- Research in cybersecurity differs from pentesting; a deep understanding of the subject matter is necessary.
- Exploring various fields within offensive security, like telecom and cloud penetration testing, is important for growth.
- Prior experience can significantly ease the exam process; solving challenges is essential for preparation.
- Reading the exam guide carefully and practicing are key steps for success in certification exams.
- Burnout management varies by individual; taking breaks and learning new things can help.
Burnout and Productivity Insights
- Accepting burnout is important; taking breaks can help you come back refreshed and ready to learn.
- Burnout is prevalent due to overwhelming information; focusing on specific interests can alleviate pressure.
- Feelings of powerlessness contribute to burnout; a lack of work-life balance often leads to frustration.
- Sometimes doing less can lead to greater productivity and understanding in learning.
- Practicing and improving research skills are crucial for overcoming challenges in professional engagements.
- Understanding the system and adapting to challenges are essential in pentesting, even with limited resources.
Pentesting Insights
- The role of pentesters is to provide clients with actionable next steps to enhance security rather than just hacking the company.
- Success in pentesting can also be defined as adding value to the customer, even if no vulnerabilities are found.
- Building relationships and having discussions with clients, regardless of findings, is essential for continuous growth in pentesting.
- The readiness for an exam is uncertain, but solving challenges can indicate preparedness.
- The structure and complexity of challenge labs in courses mirror that of the actual exams, providing a good preparation framework.
Speaker's Journey and Insights
- The speaker completed all OffSec certifications in 10 months, with the hardest being OED which took around two to two and a half months.
- The speaker managed their studies while balancing personal responsibilities, including a new baby, which impacted their study time.
- The speaker sleeps about four to five hours a night, feeling that this amount is adequate for their productivity.
- The speaker took short breaks between difficult courses, usually waiting for exam results before starting the next certification.
- The speaker finds parallels between chess and cybersecurity, particularly in the need for strategic thinking and adaptability.
- The speaker distinguishes between API pentesting, which is similar to application pentesting, and AI/machine learning pentesting, noting the latter's current limited scope in vulnerability research.
Advice for Learning
- Avoid frustration and understand that no one is perfect in the field; everyone is still learning.
- It's important to take your time and not burn out; it's a journey.
All Lessons Learnt
Key Insights from Muhammad
- Work on what you love: Muhammad emphasizes that pursuing a career in something you are passionate about makes you better at it. His journey started as a hobby, which eventually turned into a fulfilling career.
- Challenge yourself: He mentions pushing himself to limits by scheduling his first exam on the same day he started his subscription. This approach helped him adapt to time constraints and pressure.
- Learn from mistakes: Muhammad's experience with his first exam, where he wasted time configuring screens, highlights the importance of learning from initial setbacks and being prepared for technical issues.
- Financial and mental readiness matters: He stresses that being financially and mentally prepared is crucial before committing to certifications, ensuring that you can fully engage with the material.
Tips for Successful Exploit Development
- Stay Committed to Your Schedule: Schedule all your exams in advance and stick to the dates to avoid frustration and keep you focused on your goals.
- Embrace the Challenge: Exploit development is tough, but pushing through the difficulties can lead to a deeper understanding of systems and a sense of accomplishment.
- Learn the Fundamentals: Master the basics, like assembly writing and understanding Windows API, as they are crucial for developing exploits and conducting research.
- Don't Skip Difficult Topics: If you encounter a concept you don’t understand, don’t ignore it. Make sure to revisit and master those topics to build a solid foundation.
- Practice Builds Confidence: Regular practice in exploit development helps in adapting to new perspectives and ultimately enhances your problem-solving skills.
Study Tips for Cyber Security
- Understand Errors Deeply: Don’t gloss over errors. Take the time to understand every part of an error message to avoid frustration and enhance your learning.
- Change Your Study Environment: Studying in different places can help convince your mind that learning is enjoyable, reducing frustration.
- Take Breaks When Overwhelmed: If you feel overwhelmed or frustrated, step away for a day to reset your mind, then return with a fresh perspective.
- Use Visual Aids: Drawing diagrams and writing things down can help clarify complex concepts that you struggle with.
- Transferable Skills: Understanding and skills from one area of cyber security are applicable to others; all certifications have value in real-life scenarios.
- Stay Committed to Learning: Managing a busy schedule is tough, but consistent study habits—even late at night—can lead to success in achieving certifications.
Key Principles for Learning Hacking and Cybersecurity
- Dedication and Investment: You have to be dedicated and invest a lot of your thought to achieve success in learning hacking or cybersecurity.
- Different Mindset of Pentesters: Pentesters are not ordinary employees; they have a different mindset which requires unique leadership methods to encourage their skills.
- Reverse Engineering Thinking: The mindset of a pentester involves understanding how things are built and approaching problems with a method of reverse engineering that can be applied in daily life.
- Try Hard Methodology: Solving complicated problems requires a 'try hard' methodology where you focus on the process of understanding rather than just finding the easiest solution.
- Building Problem-Solving Skills: Engaging deeply with challenges helps develop your ability to solve problems as your mind learns to navigate complex situations without relying on simple solutions.
Tips for Problem Solving in OffSec Courses
- Accept failure as part of the process: It's okay if you don't solve a problem immediately; taking time to look at it from different perspectives is crucial.
- Balance persistence and frustration: Don't give up too early, but also avoid pushing yourself to the point of frustration; find a healthy balance.
- Embrace the 'try harder' methodology: OffSec courses are different from ordinary ones; you need to adapt to continually trying and solving problems.
- Practice is key: Regularly solving challenges and hands-on practice is essential to truly understand and remember the material.
- Understand deeply, not just superficially: Don't just run tools; grasping the underlying processes enhances your capabilities and appreciation of results.
- Take the time to analyze tools' actions: Before using results from a tool, pause to understand what it actually did, which builds a stronger foundation in the field.
Pentesting Tips
- Adaptability in Pentesting: You must understand how attacks work and be ready to adapt to various situations, even if tools or devices fail during a pentest.
- Importance of Research: To be a good researcher, it’s crucial to understand every part of what you’re doing, not just rely on tools.
- Preparation for Exams: For those new to pentesting, it’s essential to solve challenges and thoroughly engage with the content before taking exams.
- Read the Exam Guide: Always read the exam guide carefully to ensure you don’t miss important information that can help you succeed.
- Dealing with Burnout: Taking breaks and learning something new can help manage burnout and keep you motivated in the field.
Tips for Managing Burnout and Frustration
- Accepting Burnout is Important: It's okay to take breaks and relax when feeling burned out. Pushing through can lead to more frustration.
- Focus on What Matters: Accept that you can't know everything. Concentrate on topics that advance your career or interest you, allowing you to let other things pass.
- Learning from Frustration: It's normal to feel overwhelmed when starting out. Understanding that you'll gradually learn and identify gaps can help ease frustration.
- Adaptability in Challenges: When stuck in a professional engagement, improve your research skills and adapt to understand the system you're dealing with.
- Value Beyond Vulnerabilities: You can still provide value in pen testing even if you don't find or exploit vulnerabilities; understanding the system is key.
Key Insights for Pentesting
- Reframe Success: Provide value to the customer rather than just aiming to hack the company. This mindset shift helps you feel accomplished even if you don't find vulnerabilities.
- Value in Negative Results: If you don't find any vulnerabilities, you still add value by showing the client that their defenses are strong. Proving security may not be possible, but demonstrating thorough testing is beneficial.
- Continuous Growth: Even without finding vulnerabilities, engage in discussions with clients about detection methods and future strategies. This fosters relationship-building and learning.
- Exam Readiness: You're never 100% sure if you're ready for an exam. However, solving challenge labs that mirror exam conditions can give you a good indication of your preparedness.
- Handling Uncertainty: In pentesting, you often face unknown networks. Embrace the uncertainty and rely on your skills to adapt and tackle new challenges effectively.
Cybersecurity Tips
- Prioritize Sleep Wisely: Sleeping around four to five hours can be sufficient for some when intensely focused on a goal, as long as it doesn't lead to fatigue.
- Take Breaks Between Courses: It’s beneficial to take short breaks between difficult courses to recharge and avoid burnout, even if it's just a few days.
- Adaptability is Key: The ability to adapt to new challenges, similar to making moves in chess, is crucial in cybersecurity and hacking.
- Understand Different Testing Areas: API pentesting is closely related to application pentesting, while AI and machine learning pentesting is still an emerging field with potential vulnerabilities to explore.
- Vulnerability Research vs. Pentesting: There’s likely more opportunity in researching vulnerabilities in AI applications than in traditional pentesting at this point in time.
Learning Mindset Tips
- Avoid frustration: It's important to recognize that no one is perfect in this field, and everyone, including experts, is still learning. This helps to maintain a healthy mindset.
- Take your time: The journey in this field is ongoing, so it's vital not to rush and to be relaxed about the learning process.