How to hack your way to an OSCP or any cert voucher through Synack and Hack the Box.
How do you break into the industry without breaking the bank?
This is a question so many of my fellow students and friends have asked themselves countless times. The obvious answer would be getting the eJPT(eLearn Security Junior Penetration Tester), CompTIA Security+ or TCM’s PNPT but what then? These certs, while amazing, inexpensive(by infosec standards) and worth every penny, aren’t widely recognized in the industry despite their ability to prepare you for the job better than most certs out there. It’s hard being a budding cybersecurity professional. We all know this. Thousands struggle to get their name out there and stand out in applications. I know because I’m part of that group. We are all in this together, making the online world a better place each day. Many of us know that one of the surefire ways to get noticed is through having a reputable certification in our CVs. One such certification is the esteemed Offensive Security Certified Professional(OSCP). Sadly, not all of us can afford the steep price tag of $999+ especially if you’re just 17 years old and under like me.
Disclaimer: At the time of this writing, minors are not eligible to join Synack just yet but Ryan Rutan, the community manager of the SRT clued me in on plans to include them in the future. I include a lot of embedded links to additional resources in this article.
Luckily, I recently thought of a way to get there while gaining valuable experience(the kind you can put on a CV) and honing your skills. Joining the Synack Red Team!
For those of you that may not know, the SRT is a crowd sourced platform that enables ethical hackers and security researchers to find and secure vulnerabilities. At this point, you’re probably thinking it’s just another bug bounty platform. You’re half right. I’d best describe it as an advanced bug bounty program. Unlike HackerOne and Bugcrowd, not just anyone can join with good reason. Synack prides itself as being composed of some of the best security researchers and ethical hackers on the planet. As a result of this exclusive nature, it’s much easier to find bugs on the programs listed(with higher payouts) and thus income becomes more of a regular occurrence in that I’m confident in using it to further one’s career by using the profits gained to invest in certs. Applicants go through a rigorous vetting process listed on their website with mostly individuals with degrees and certifications getting through. Where does that leave the rest of us? On the outside looking in. Fortunately, you know me and I live by the principle that there are always two ways into a system, the front door and the back door.
Getting into Synack Red Team: The Backdoor.
There are two ways to get in if you’re like me. One way is a technique as old as time itself, having a friend on the inside. If you know someone part of the red team they could give you a recommendation helping you bypass the waiting list. Method two and the main focus of this article is through Hack the Box which currently has a partnership program going on with Hack the Box to recruit future Synack Researchers. There’s a specially curated Synack Track on Hack the Box listed here. I highly encourage even people using a friend to get in to complete at least half the track to prep them for the interview and the bugs they will be hunting. Alternatively, you could sign up for and finish the Dante Pro Lab listed here with the same result. From then on, if you’ve properly written your CV with all you’ve learned so far. Hacking labs, skills, TryHackMe, CVEs etc. You should have a significantly higher chance of making it to the interview stage and passing the technical assessment!
Final remarks and further reading.
I recommend checking out Gerald Auger’s SimplyCyber to learn how to include all this in your CV if you’ve never actually worked in the field and stand out. Bonus: He has a list of FREE cybersecurity resources on there too! Here’s an overview of the vetting process:
Read through the whole process here in this document as well along with Octavian’s story to better understand the process. As of now, I am currently on the path to getting in. See you on the red team and happy hacking! One thing’s for certain. After getting certified this way, no one’s ever going to be able to tell us we didn’t TRY HARDER!!!