CARTP Course Review

Posted on 2023-11-30 by Nathan Jarvie in Industry

So, what does a certification addict do when he’s bored? He starts a new one!

This time I completed the Attacking and Defending Azure Lab and the accompanying Certified Azure Red Team Professional (CARTP) exam by Altered Security. Working my way through the provided labs, watching all the videos, learning all the things.

Was it worth it? (spoiler alert) Absolutely!

Let’s dive into the good, the bad and the ugly of pentesting Azure!

Continue reading

"Why test what we know is bad?"

Posted on 2023-08-01 by Nathan Jarvie in Industry

“Why bother getting a penetration test when we already know they will compromise us? “

“We already know our security sucks, we don’t need someone to tell us that.”

We occassionally hear this sentiment from our clients. Penetration testing is much, much more than just “getting pwned” by your friendly neighbourhood hacker-man. This article goes through the benefits of getting a network penetration test done even when you know there are problems.

Continue reading

How many vulnerabilities does it take to hack a system?

Posted on 2023-05-23 by Matt Strahan in Industry

If you see penetration testing reports for two different systems, one with 10 vulnerabilities and one with 20, which system has worse security?

Unfortunately in this case, the answer is “I don’t know”. How many vulnerabilities does it take to hack a system? One is usually enough.

Continue reading


Posted on 2023-05-05 by Nathan Jarvie in Industry

Late last year I was looking into “What happens next?” after OSCP and PNPT certifications, and it is common to hear from those in the industry that the next step for network penetration testing is to complete Certified Red Team Operator (CRTO) or Certified Red Team Expert (CRTE).

But what I discovered is that while there are many blogs about each one, there are surprisingly few that compare the two directly. So I set out to remedy this issue.

I will try to keep it brief…

Continue reading

Penetration test, red team, vulnerability assessment... what???

Posted on 2023-04-20 by Alexei Doudkine in Industry

You’re probably here because, like many others, you’ve gone out looking for offensive cyber-security services only to be give a bunch of buzz words that don’t really describe what they are or what they mean for you. Fear not; in this post I hope to demystify the most common ones, in simple terms and explain the benefits and shortcomings of each. I’ll also give a few examples of when each one would be useful.

Continue reading

Questions for a certification addict

Posted on 2023-03-01 by Nathan Jarvie in Industry

Recently I have encountered a few people in various channels ask about how to approach certifications. Common questions like:

  • How/Why do you study?
  • Should I do this exam?
  • How long will it take me to study for X exam?
  • How many attempts did it take you to pass?
  • I hear this exam is difficult. How difficult is it?

And other questions that are near impossible to answer in a universally accurate way. I want to address these questions as they are often less helpful than people think.

Continue reading

From SysAdmin to Pentester - Part 5 - OSCP vs PNPT

Posted on 2022-10-31 by Nathan Jarvie in Industry

Part 5 of the Sysadmin-to-Pentester series is a comparison between two entry level penetration testing certifications. Offensive Security’s Certified Professional (OSCP) and TCM Security’s Practical Network Penetration Tester (PNPT). While both have their merits, they focus on different elements and provide different experiences. Deciding which to go for can be a challenge.

Continue reading

From SysAdmin to Pentester - Part 4 - Tickets please

Posted on 2022-10-24 by Nathan Jarvie in Industry

Part 4 of the Sysadmin-to-Pentester series is discusses offensive security foundation-level certifications. While not required to get a job in the infosec industry, there is no denying that certifications help your chances of landing your first role. Luckily for you, I have done quite a few so far, and can tell you which are worth your time (and which are not).

Continue reading

From SysAdmin to Pentester - Part 3 - How to stand out in a crowd of paper

Posted on 2022-10-17 by Nathan Jarvie in Industry

Part 3 of the Sysadmin-to-Pentester series is all about how to make your CV stand out from the crowd. Junior roles are rare with many many applications. Additionally, hacking skills don’t translate well to text. So how do we show we have more skill and drive to be a penetration tester than the other candidates, on paper? Well…

Continue reading

From SysAdmin to Pentester - Part 2 - Great expectations

Posted on 2022-10-10 by Nathan Jarvie in Industry

Part 2 of the Sysadmin-to-Pentester series is discusses the differences between the idea and the reality of being a penetration tester. The certifications and the industry paint a picture a little different from the reality. A better understanding and more preparation towards the roles requirements will help you to decide if this is the role for you and how to ace the interviews.

Continue reading