I wouldn't recommend trusting the @offsec community discord, and at this point, I can’t recommend their certs either.

Last night, I called out an account using a fake federal subdomain for their username as "larp:" "<first_name>.<last_name>.dni.gov." Threat actors frequently use fake government handles to cultivate unearned trust. Instead of validating a basic threat indicator, a mod reignited it this morning, defending the account with "you don't know if they are posing or not."

Exactly. I don't. That’s why I called it a larp instead of phishing. But a red team platform should understand zero-trust models, proactive threat identification, and defensive alignment. Instead, they operate on a purely reactive basis.

It's a terrible look to run off a cybersecurity major in a CAE-CD program for practicing human perimeter tactics. I don't need OffSec to get where I'm going. SANS/GIAC offers highly respected pentesting certs anyway, alongside industry-gold-standard DFIR (Digital Forensics & Incident Response) and specialized Cyber Defense pathways. I'll save my $1,600+ for an ecosystem that actually understands threat modeling.

Purple team is still the undisputed champion. I am not going to bow down to someone just because they are a community mod and operate in a complete silo.

#cybersecurity #purpleteam #offsec #opsec #APTs #impersonation #proactivedefense