Which certs should I get besides oscp to become an employable pentesters?

I’m in college for information systems right now. My parents are willing to help me out with any certs I need to get on the correct path. I’m not relying solely on certs, I have a bunch of other things I’m working on such as HTB, CTF, I’m creating a website to teach people how to hack, I formed a cybersec club at my uni and actually got a sponsorship by offensive security and etc.

So, back to the certs. Which do you recommend getting in what order? At the moment, I’m considering doing it this way:

Security+

Pentest+

OSCP

OSCE (maybe if I’m feeling frisky)

Do you think this would suffice? If not, which do you think I should do?

submitted by /u/err-therror
[link] [comments]

November 14, 2019
Read More >>

New TSX Speculative Attack allows stealing sensitive data from latest Intel CPUs

ZombieLoad 2, aka TSX Asynchronous Abort, is a new flaw that affects the latest Intel CPUs that could be exploited to launch TSX Speculative attack. ZombieLoad 2, aka TSX Asynchronous Abort, is a new vulnerability tracked as CVE-2019-11135 that affects the latest Intel CPUs that could be exploited to launch TSX Speculative attack. The flaw […]

The post New TSX Speculative Attack allows stealing sensitive data from latest Intel CPUs appeared first on Security Affairs.

November 13, 2019
Read More >>

Mexican state-owned oil company Pemex hit by ransomware

On Sunday, the Mexican state-owned oil company Petróleos Mexicanos (Pemex) was infected with the DoppelPaymer ransomware. On Sunday, a piece of the DoppelPaymer ransomware infected systems of the Mexican state-owned oil company Petróleos Mexicanos (Pemex) taking down part of its network. According to the company, less than 5% of the computers in its network were […]

The post Mexican state-owned oil company Pemex hit by ransomware appeared first on Security Affairs.

November 13, 2019
Read More >>

TA505 Cybercrime targets system integrator companies

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. Introduction During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama company to hide its real registrant and this […]

The post TA505 Cybercrime targets system integrator companies appeared first on Security Affairs.

November 12, 2019
Read More >>

Buran ransomware-as-a-service continues to improve

The recently discovered ransomware-as-a-service (RaaS) Buran attempts to gain popularity by offering discounted licenses. In May, researchers from McAfee’s Advanced Threat Research Team discovered a new piece of ransomware named ‘Buran.’ Buran is offered as a RaaS model, but unlike other ransomware families such as REVil, GandCrab the authors take 25% of the income earned […]

The post Buran ransomware-as-a-service continues to improve appeared first on Security Affairs.

November 12, 2019
Read More >>

Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure

Researchers from Radware reported that massive TCP SYN-ACK DDoS reflection attacks hit Amazon, SoftLayer and telecom infrastructure in the last month. Researchers from Radware are warning of a wave of TCP SYN-ACK DDoS reflection attacks that in the last 30 days hit Amazon, SoftLayer and telecom infrastructure. “Over the last 30 days, Radware has observed […]

The post Experts warn of spike in TCP DDoS reflection attacks targeting Amazon, SoftLayer and telco infrastructure appeared first on Security Affairs.

November 12, 2019
Read More >>