Should You Get A Loan? Finance Advice For Your Situation

Whether you’re in financial difficulty or relatively comfortable, chances are you’ve considered a loan at some point. You might be planning a particularly ambitious DIY project, looking to add another room to your house, or simply wanting to add a little cash to the coffers before next payday. All of these are understandable reasons for taking out a loan, but there’s a little more to it than that.

Before you apply for any sort of loan, you should be a hundred percent certain (or as close to it as possible) that this is the right decision for you. Loans are not free money; you’ll need to pay back the amount you borrowed plus interest within a time frame specified by the lender, so there are several reasons you might not want to take one out. We’ve collected a number of questions you can ask yourself before you apply for a loan to make sure that doing so is absolutely what you want.

Is this the right lender?

There are a number of disreputable or shady lenders out there who will attempt to deceive you with sweet talk before slapping huge interest rates or hitherto unseen terms and conditions on your loan, thus creating a much more difficult situation for you than you’d previously envisioned. Before taking out a loan, thoroughly research the company you’re going with as a lender. If it’s your bank, make sure you talk to someone at the bank and go through your circumstances first. If it’s a private company, then research them on the Internet and make sure they’re legitimate. To begin with, try a company like this for your loan, one that’s trustworthy and upfront with you about costs and risks.

Do I need this loan?
It might sound silly, but it’s definitely worth considering whether the loan you’re about to apply for is definitely one you absolutely need to take out. It’s no good saddling yourself with monthly repayments if the loan isn’t absolutely essential, or if you’re not one hundred percent sure you can pay it back. If you’re struggling to pay your bills this month but you know you’ll be fine next month, then the loan is arguably essential and you should proceed. If your financial circumstances are strong and you know you can make repayments, but you just don’t quite have the capital to begin that DIY project, then go ahead. If, however, you’re looking to add another room to your house but your finances are in dire straits, then you should shelve the idea of taking out a loan for another day.

What type of loan do I need?

There are several kinds of loans you could look into if you’re after a quick cash injection. Unsecured loans are simply amounts of money borrowed from banks, building societies or third-party companies. They’re usually lower amounts of money because there’s no asset they’re secured against. Secured loans, by contrast, are usually borrowed against your home or vehicle, and because of this, the amount you can borrow is often higher. There are specific types of loans which fall into these two categories; payday loans, for example, which are quick injections of cash with typically quite high interest rates, and logbook loans, which are specifically secured against your vehicle. Make sure you know which kind of loan is right for you before applying.

Can I make my repayments?

This might be the most crucial question you need to ask yourself before applying for a loan. If you know that you won’t be able to make your repayments in the future, then a loan is a very bad idea for you. Not being able to pay off a loan will negatively impact your credit score, making it more difficult for you to apply for more in the future as well as affecting many other fiscal decisions you might want to make. In addition, if the loan is secured against your property or an asset you own, then not being able to repay it might mean that asset is repossessed. Examine your finances very carefully before you take out a loan; it shouldn’t be a means for getting you into more financial trouble, but for lifting you out of it.

What is my credit score like?
Counterintuitively, taking out a loan can actually really help with your credit score. If you’ve struggled with repayments in the past, or you’ve come up against problems when repaying a mortgage, you might have a poor credit score. If you’re more financially solvent now, taking out a loan and making prompt repayments can raise your credit score. In addition, if your debt is mostly of one type – credit card debt, for example – taking out a personal loan can add to your “account mix”, raising your credit rating and making it easier in future for you to get loans. There are several services available online for checking your credit score – they’re usually free and the forms take minutes to fill out, so it’s always worth finding this out.

Family Fall

There are four seasons but three of them have better PR agents. Winter has snow and Christmas, spring has blooms and flowers, and summer has the weather. Autumn isn’t as well loved as the others, which is a shame considering it’s October. What are we supposed to do – chill for the next couple of months?

Of course we shouldn’t because that would be boring, not to mention pointless. As it happens, fall time isn’t as vanilla as it seems. In fact, it’s a perfect time to be with family and bond.

With that in mind, these are family fall tips you should try this autumn.

Lock Up The Motorcycle

Summer is an amazing time to break out the chopper and go on long rides. There is nothing like a breeze ruffling through the hair and you explore what Mother Nature has to offer. The thing is riding a hog in the hot, dry conditions is much easier than doing it in the wet. Plus, there is the wind to factor in. An accident claim is only around the corner when you don’t take precautions. Remember that you can’t enjoy family time this fall if you’re using crutches, which is why you should swap the bike for a car.

Gear Up For Halloween

As it stands, the scariest holiday of the year is only 21 days away. Wow, time flies when you’re having fun. Halloween is an incredible day because it’s fun for everyone. Parents and “old” people alike can dress up and let out their inner child just like the kids and teenagers. Granted, you might embarrass your children but they have a mask so no one will know it’s them anyway! Make a month of it by decorating the house, visiting a pumpkin farm and creating the ultimate outfit. As always, the most creative costumes win the best prizes.

Channel Your Inner Briton

We’re only separated by an ocean yet our customs couldn’t be different. Every 5th of November, the Brits build ‘bonfires’ and set off fireworks to remember Guy Fawkes. He was the guy behind the gunpowder plot by the way. Okay, it might be their tradition and it has nothing to do with the US, but who wants to turn down s’mores? Plus, the Thanksgiving is just around the corner so you can always top-up on your nationalism if you feel like a bit of a culture vulture. By the way, be sure to cook a turkey and eat as a family on the fourth Thursday of November.

Watch TV

There’s no better way to bond than to sit in front of the box and watch TV. During the summer, this is tricky because all of the best shows go on a summer hiatus. Well, they’re back now it’s October, and they’re back with a bang. So, call the kids down from their rooms and tell them the fall television season is here. Then, throw the popcorn in the microwave and sit back and relax.

Doesn’t that sound like an unbelievable way to spend the next few months?

Auto-Autos: What Are The Risks With Driverless Vehicles?

Over the last few years, loads of companies have been happily showing off examples of vehicles which are able to drive themselves. Ranging from the smallest cars to the largest trucks, this sort of technology promises to make the roads much safer in the future, taking human error out of the question when it comes to driving. Of course, though, these is a long way to go before this sort of tool will be ready. Currently, there are simply too many problems with this sort of idea, and this post is going to be exploring some of them to give you an idea of what is at risk.

Bugs: Like any piece of modern technology, it can take a very long time for bugs to be ironed out in code and hardware. During testing, things could go very well, with very few errors causing issues, making it seem as if something is ready. Once users get their hands on it, though, this status can very quickly change. When it comes to a car which is travelling at high speed, having a bug occur could be extremely dangerous, especially for those around the car.

Security: To make a vehicle driverless, a huge amount of automated and connected components have to be used. Without the right level of security, this can leave vehicles open to very easy hacking, giving criminals direct control over the machine. Thanks to the nature of vehicles like this, it may not be easy to spot that this has taken place, leading to potential issues like accidents, kidnap, and theft while the owner is still inside.

Maintenance: When a machine like a truck has to travel long distances each day, it will often have to go through routine maintenance on a regular basis. As a big part of this, the driver will be able to tell when the vehicle has something wrong with it, prompting them to have it fixed before taking the risk of driving with it. When you don’t have a driver, though, this sort of issue may not come to light, making it much harder for companies to keep on top of their most important jobs.

Accountability: Finally, as the last area to consider, it’s time to think about accountability in the case of an accident involving driverless cars. It will be hard to find an attorney who will be able to argue a reasonable case in this instance, with several people holding blame. The owners will be the obvious choice for responsibility, but this ignores those in control of the software, along with the people who made it. This makes it very hard to tell who is at fault when something goes wrong with a vehicle like this.

As time goes on, this sort of technology will advance to the point that you can safely use it each and every day. Until that point, though, it is probably best to avoid completely driverless options, as they simply aren’t ready for the modern world, and it could take several years for them to get there.

The Unofficial OSCP FAQ

It has been close to a year since I took the Penetration Testing with Kali (PWK) course and subsequently obtained the Offensive Security Certified Professional (OSCP) certification. Since then, I have been hanging out in a lot of Slack, Discord, and MatterMost chat rooms for security professionals and enthusiasts (not to mention various subreddits). When discussing the topic of obtaining the OSCP certfication, I have noticed *a lot* of prospective PWK/OSCP students asking the same questions, over and over.

The OffSec website itself covers some of the answers to some of these questions, but whether its because people don’t read it, or that it wasn’t made very clear, these questions keep coming back. Here, I will attempt to answer them as best I can.

Disclaimer: I am not an OffSec employee, nor do I make the claim that anything that follows is OffSec’s official opinion about the matter. These are my opinions; use them at your own risk.

  1. Do I have enough experience to attempt this?
  2. How much lab time should I buy?
  3. Can I use tool X on the exam?
  4. What note keeping app should I use?
  5. How do I format my reports?
  6. Is the HackTheBox.eu lab similar to the OSCP/PWK lab?
  7. Are VulnHub VM’s similar to the OSCP/PWK lab?
  8. What other resources can I use to help me prepare for the PWK course?

According to the official OffSec FAQ you do need some foundational skills before you attempt this course. You should certainly know your way around the Linux command line before diving in, and having a little bash or python scripting under your belt is recommended. That said, it’s more important that you can read code and understand what it is doing than being able to sit down and write something from scratch.

I see many people asking about work experience, which isn’t really covered by OffSec. For example, people wondering if 3 years of networking and/or 1 year being a SOC analyst is “enough.” These questions are impossible to quantify and just as impossible to answer. What you should focus on is your skills as they relate to what is needed for the course.

To do that, head over to the PWK Syllabus page and go through each section. Take notes about things that you are not sure about, or know that you lack skills and expertise in.

Once you have a list made, start your research and find ways to learn about what you need to get up to speed on. For example, when I was preparing for PWK, I knew very little about buffer overflows. I spent a while watching various YouTube videos, reading up on the methods by which you can use a buffer overflow exploit, and taking notes for future reference. Once I started the course, I was able to dive into the exercises and understand what was going on, at least a little bit beyond the very basics, which helped me save time.

In the same boat? Check out this excellent blog post about buffer overflows for something similar to what you will see in the PWK course. Also, while I haven’t tried it yet, I hear that this is a good buffer overflow challenge you can practice on.

Buy the 90 day course in order to get the most out of the experience and not feel crunched for time — especially if you work full time and/or have a family.

With 90 days, you can complete the exercises in the PWK courseware first, and still have plenty of time left for compromising lab machines.

I see this question a lot, perhaps more than any other. People want to know if it is safe to use a specific tool on the exam, such as Sn1per. The official exam guide from OffSec enumerates the types of tools that are restricted on the exam. It is pretty clear that you cannot use commercial tools or automated exploit tools. Keep this statement in mind when wondering if you can use a certain tool:

The primary objective of the OSCP exam is to evaluate your skills in identifying and exploiting vulnerabilities, not in automating the process.

If a tools helps you enumerate a system (nmap, nikto, dirbuster, e.g.), then it is OK to use.

If a tool automates the attacking and exploiting (sqlmap, Sn1per, *autopwn tools), then stay away from it.

Don’t forget the restrictions on Metasploit, too.

From what I have heard, even though OffSec states that they will not discuss anything about it further, people have successfully messaged the admins to ask about a certain tool and gotten replies. Try that if you are still unsure.

I wrote a lot about this already, so be sure to check out that write-up. In short, these are the main takeaways:

  • Do not use KeepNote (which is actually recommended in the PWK course), because it is no longer updated or maintained. People have lost their work because it has crashed on them.
  • CherryTree is an excellent replacement for KeepNote and is easily installed on the OffSec PWK Kali VM (it is bundled by default on the latest/greatest version of Kali).
  • OneNote covers all the bases you might need, is available via the web on your Kali box, and has clients for Mac and Windows.
  • Other options boil down to personal choice: Evernote, markdown, etc.

Check out the example reports that OffSec provides. From those, you can document your PWK exercises, your 10 lab machines (both of which contribute towards the 5 bonus points on the exam), and your exam notes.

I do not recommend skipping the exercise and 10 lab machine documentation, thus forfeiting your 5 extra exam points. I am a living example of someone who would not have passed the exam had I not provided that documentation. Yes, it is time consuming, but it prepares you for the exam documentation and helps you solidify what you have learned in the course.

There are definitely some worthy machine on Hack The Box (HTB) that can help you prepare for OSCP. The enumeration skills alone will help you work on the OSCP labs as you develop a methodology.

There are definitely some more “puzzle-ish” machines in HTB, similar to what you might find in a Capture The Flag event, but there are also plenty of OSCP-like boxes to be found. It is a good way to practice and prepare.

See the above answer about Hack The Box, as much of it applies to the VulnHub machines too. I used VulnHub to help me pre-study for OSCP, and it was a big help. The famous post by Abatchy about OSCP-like VulnHub VM’s is a great resource. My favorites were:

  • All the Kioptrix machines
  • SickOS
  • FrisitLeaks
  • Stapler

There are a lot of resources that can help you pre-study before you dive into the course. I will post some here.

Books

Online Guides

Super Easy Ways to Protect your Business from Crime

If you run a business then you will know that security should always be a priority. If you don’t do this then you may find that you lose out on tons of money when you just don’t need to and you may even find that you lose out on a good level of customer trust as well. Luckily a few simple changes are all you need to avoid all of this.

Risk Assessments

The first thing that you need to do is identify where your weak points are. You need to try and find out where you are most vulnerable and you also need to find out if your business has been the victim of crime before as well. If you have been the victim of crime before then you need to familiarise yourself with the details and you also need to find out why the incident was allowed to happen in the first place. When you have done this, you can then take the right steps into making sure that this doesn’t happen again. Depending on the industry you work in, you may also want to look into law enforcement software as well.

Secure your Location

If you have any doors, you need to have them strengthened and you also need to do your best

to install some security lighting as well. If you haven’t got window locks installed right now then you need to do something about this. Remember that every little investment that you make right now is going to act as a deterrent for the future, so even though you are spending money, you really are saving it at the same time.

Protecting Your Staff

If possible, you need to provide some of your staff with security training. You also need to try and make sure that your team know what to do in the event of a serious threat. You are much better off giving up the goods that you have rather than letting some of your team get hurt. If you happen to keep money on your business premises then make sure that it is as little as possible and take anything else that you have to the bank.

Your Equipment

You also need to make sure that you carry out as many equipment checks as you can. Some team members should have a certain amount of responsibility when it comes to the items you have as well. Security numbers for your computers should be logged and you may also want to think about securing some of your more expensive equipment to the floor. When you do this, you reduce the chances of someone trying to steal it and you also make it much harder for things to be knocked or even moved as well.

Stock

If you are not organised then you may find that you always end up losing track of your stock and this is the last thing that you need when you are working so hard to try and keep everything secure. Use software if possible and always put the work in to try and log everything that comes in and goes out.

The Internet: Good Or Bad?

The internet is one of those topics that can be spoken about forever, because there really isn’t an ending. Technology is getting so advanced, and has come such a long way in the last ten years, let alone twenty. There are features out there now that go above and beyond to give us a better, safe life. Even down to the tech that is fitted into cars that stop a potential crash before it happens, or even drives for us entirely so we can just sit and watch as we’re being taken for a ride. But is this the only kind of world we live in now? Does everything revolve around the web? Or do children still play kerby in the streets before dinner?

The source

You can pretty much find out whatever piece of information you would like to know, from whether that famous supermodel is walking in Victoria’s Secret fashion this year, right down to whether or not Mike Crapo is currently with or against the President’s decision making. The possibilities are endless, and with that comes great responsibility in remaining focused when doing a basic Google search. It’s so easy to get caught up in links and tabs and information that is totally irrelevant to you, and yet you have a random need to find out anyway. They say that curiosity killed the cat, and yet we’re the most curious beings in the world right now.

The debate

A lot of people often have two very strong opinions. One is that the internet is great and we’re in a modern world and shouldn’t look back, while others believe it’s too much and we’re forgetting where we came from. Well, both sides have a point. There are so many opportunities that are out there and have been created for us all thanks to technology. We can source out what we need when we need it, and do so while taking a brilliant selfie. But, it can also be a very consuming thing that consists of people burning so fast through life with their head down staring at their phone screens, which means they aren’t able to appreciate the real beauty that’s around them anymore.

The change

Remember that change is something that can be so feared, and yet so much good can come out of it if only you allow it to. Embracing change makes life a lot easier. Having said that, it doesn’t mean that you have to accept everything as it comes, because then you have no more opinion or diversity. Instead, you end up with a planet full of sheep, following one another round, doing as one another does, until they’re no longer here anymore – and that’s a very boring life if you ask me.

The conclusion

So where does that leave us?

Well, maybe it’s about finding the balance. It’s about remembering our roots and looking back at old photographs in dusty albums that are sitting in the attic. And it’s also about indulging in data that can give us the necessary tools to have that career of our dreams. – As long as there is a balance, surely there is no right or wrong…