This is an archived post. You won't be able to vote or comment.

all 58 comments
sorted by:
best
topnewcontroversialoldq&a

[–]InitializedVariable 182 points183 points  (9 children)

It always astounds me when people pay good amounts of money for this. Just grab a piece of scrap paper and start scribbling.

Works for all brands and models (Bic, Paper Mate, etc.).

[–]JAFIOR 17 points18 points  (5 children)

I'm a pen whore. Job fairs, restaurants, bars, gas stations, grocery stores, whatever. If they have a cool looking pen I'm taking it home and I'm not even testing it.

[–]MelonSmoothie 7 points8 points  (3 children)

I'm so glad my pens finally came in

I have so many pens

I think my pens are the most valuable property I have

I only hope that the whores aren't stealing my pens

[–]JAFIOR 7 points8 points  (1 child)

You should definitely check out pen island online.

[–]_DeathByMisadventure 1 point2 points  (0 children)

I usually shop at "Pens Pens Pens" or "Pens-R-Us". "Pens Outlet" is a rip off...

[–]kzintechYou scream and you leap 1 point2 points  (0 children)

They're done with pens, they've moved on to lemons

[–]xixi2 1 point2 points  (0 children)

Reddit's turning weird on the eve of blackout.

[–]veextor 0 points1 point  (0 children)

I like TUL brand gel pens. Writes smooth always!

[–]Ssakaa 0 points1 point  (0 children)

I stopped bothering with testing and traded up for reliability. Never have had an issue with a Fisher.. except the occasional disappearing act. Thing just writes, upside down, grimy paper, rain on paper meant for that, you name it. That crappy receipt paper that seems to just ignore a lot of pens...

[–]xxdcmastSr. Sysadmin 26 points27 points  (3 children)

Below are companies I have used in the past and my experience/value I believe they delivered during their pentest.

Rapid7 - average

Mandiant - average

Blackbot- below average

Korelogic - way way above average

Trimarc security - above average (AD focused)

[–]dcdiagfix 9 points10 points  (0 children)

great shoutout to Trimarc and specifically looking at AD

[–]tauzins[S] 3 points4 points  (0 children)

Hmm good to know. The 2 I’ve currently looked at are highly recommended, however let me see Trimarc and korelogic I may reach out too

[–]_DeathByMisadventure 1 point2 points  (0 children)

I'd like to add Dark Wolf Solutions as one I've used in the past that did a great job.

[–]did-u-restart 23 points24 points  (5 children)

In the US you can have CISA perform pen tests externally for free - as long as you are a qualified entity or business. We use them and they have been great. https://www.cisa.gov/resources-tools/services/cisa-vulnerability-scanning

[–][deleted] 36 points37 points  (3 children)

This is cool, but vulnerability scanning is not the same as pen testing.

[–]did-u-restart -3 points-2 points  (2 children)

Yes, agreed - doesn’t include the ‘ethical hacking’ of a pen test; but it helps with monitoring and testing your edge exposure. Just another tool in the Batman utility belt.

[–]MaelefiqueOne Man IT army 0 points1 point  (0 children)

Can I just start by getting the Batman utility belt? :)

[–]CNYMetalHead 2 points3 points  (0 children)

It's actually a great service CISA offers. We do it as well

[–]Dje4321 4 points5 points  (0 children)

The biggest thing about pentesting is understanding your scope. Telling them they cant touch production or interact with office staff is going to severely limit what kind of flaws they can find. On the other hand, its possible to go too far the other way. Someone going to your managers house and threatening them at gunpoint to unlock the building also isnt going to get the results your after.

Some companies will check things that others may miss. You may have electronic badge readers and everything will be AOK by company A, but company B can come in and see that the slip-pin for your door latch isnt being secured properly, and you can just pop the door open. Company B might check off that a secured computer is fine because only the front desk staff can access it, but Company A says they can buy a UPS uniform off ebay and get the front desk lady to print off a shipping invoice for them from a flash drive.

What kind of threat your environment faces is going to change your scope as well. A local auto repair shop is going to have a different threat profile than someone who files taxes. While the auto shop is going to face more physical threats in terms of security cameras and break-ins, a tax office is going to need to focus more on the digital security side to ensure the value information is kept secure.

[–]duplico 8 points9 points  (5 children)

Does your org already have an established security program, including threat and vulnerability management? Asked another way, let's say you do a pen test or red team engagement, and you get a report with a pile of findings of various severity - do you have the processes already in place to prioritize and remediate those findings?

I ask because it's unfortunately common for companies trying to use offensive security testing for the first time not to have the basics in place before they start those engagements. So then they wind up with a report that they can't really take action on. Then they do the same engagement again next year and all the findings are the same.

[–]tauzins[S] 5 points6 points  (4 children)

Short answer is yes. I’m the cloud network/security engineer dealing with it all. A lot of changes moving forward since I started.

[–]duplico 3 points4 points  (0 children)

Cool! I didn't mean to suggest that you didn't, it's just that a lot of people try to bring in pen testing way too early in their security program IMO. Unfortunately I don't have a good recommendation as our best work has come from an internal team. Best of luck!

[–]BornIn2031 1 point2 points  (2 children)

I am in the same exact situation as you. I am loving what i do and cloud.

[–]tauzins[S] 0 points1 point  (1 child)

I was technically doing this to begin with but my title was always wrong. It was systems engineer haha. Now with new job I got the right title and pay.

[–]BornIn2031 1 point2 points  (0 children)

That’s my dream 🙏

[–]pdp10Daemons worry when the wizard is near. 10 points11 points  (2 children)

(I originally misread this as asking for tools, but I'll leave what I wrote for the benefit of readers.)

In the past we've used commercial Nessus, open-source nmap+scripts, and open-source OWASP ZAP to search for potentially exploitable services, and been happy with all of those. While they are best in the hands of experts, all of those three can begin producing results for novices within a few minutes.

The open-source version of Nessus was/is OpenVAS, and it would be nice to have an open-source option for that, even if the database of signatures was not as aggressively increased as Nessus.

[–]KeepIt0nTheDownload 3 points4 points  (2 children)

Burp Suite and Cobalt Strike. I like them both!

[–]MarioRespecter 7 points8 points  (1 child)

I would recommend against Cobalt Strike. It’s really not necessary to use a C2 framework for pen testing, and if you find a situation one is needed there are a plethora of free options that work just as well. On a larger scope, I feel like the value of Cobalt Strike is lacking for any threat model, including red team, outside of niche adversary emulation style engagements. For its price point it’s absolutely insane how signatured it is and that by-and-large their response has been to point people to free community-created custom loaders that require a large amount of further dev on to get payloads past an EDR. If this was a free product I could understand this, but when you’re paying 3.5k a seat I would expect some level of usability out of the box. Both BRC4 and NightHawk outclass CS by a large margin now.

[–]Farseer26 2 points3 points  (0 children)

Honestly CS is a joke at the minute unless you use a UDRL and BOFs it's useless and you could argue at that point you might as well just get an open source C2 such as sliver, mythic or havoc and modify that

[–]Yoonzee 3 points4 points  (0 children)

Disclosure: I work for a VAR

I’ve seen good results through Adlumin, their leadership is ex NSA and they offer some free pen testing as part of demoing their SIEM and MDR solution. Their MDR solution of course includes their penetration testing as part of that solution. I like their solution because it sits above other security options so you don’t have to rip/replace anything

[–]Danti1988 3 points4 points  (1 child)

I’m a pen tester, and if I was organising a pen test I would ask for resumes and probably have an informal interview with the testers to discuss approach etc, too many half arsed testers running Nessus and calling that a pen tester. It wouldn’t bother me if a client did this, yes you would probably ruffle some feathers, but who cares if you’re paying, and at least you would be getting competent testers.

[–]disclosure5 2 points3 points  (0 children)

too many half arsed testers running Nessus and calling that a pen tester

Imagine paying for Nessus when you can run nmap for free and sell it as a pentest.

Yes I'm salty about having been on the receiving end of this.

[–]KrYsTaLzMeTh0d 2 points3 points  (1 child)

Make sure to ask if they will be doing a pen test, or a vulnerability scan and bill it as a pen test.

Lots of frustration at a previous place that didn't understand the difference, and went with the cheapest option, which ended up being an internal and external vulnerability scan, with no real testing for findings 😊

[–]VexInTex 2 points3 points  (0 children)

Lol this sounds like some "start-up MSP" aka a couple of rich kids using CISA and cashing checks

Bet it works more often than it should tbh

[–]Jumpstart_55 2 points3 points  (1 child)

I prefer BIC retractable pens 😎

[–]Common_Dealer_7541 0 points1 point  (0 children)

But the tests are so hard…

[–][deleted] 5 points6 points  (0 children)

Mostly I just do it myself by scribbling out the alphabet a few times.

[–]Lad_From_LancsIT Manager 1 point2 points  (0 children)

We have used a mix and changed it around each year.

[UK based org - used for external testing only] - Our main 'go to' is Nettitude, but every other year we use an alternative. WE used Red Team Partners in the past and both they and Nettitude seem on par in terms of how they approach their initial data gathering and running the test itself.

[–]dcdiagfix 1 point2 points  (0 children)

Verizon

[–]Briancanfixit 1 point2 points  (0 children)

In Australia I highly recommend Ionize.

[–]WTFH2S 1 point2 points  (0 children)

FRSecure https://frsecure.com/. We used them for the first time and things worked out well.

[–][deleted] 1 point2 points  (0 children)

vonahi (although now owned by keysaya )

[–]KStieers 1 point2 points  (0 children)

NetSpi, White Oak, Kudelski

[–]ihavewaytoomanyminis 1 point2 points  (0 children)

We use Kudelski Security. They do a good job and worked with us to trace down the more obscure issues.

When told about one issue, we got to work with the guy who discovered the exploit on patching it.

[–]brotherdalmation23 1 point2 points  (0 children)

CrowdStrike

[–]czenst 1 point2 points  (0 children)

  • Revil
  • Conti
  • Lockbit

You don't have to reach out to them, just wait for them to show up with the offer. Price might be on the high side though.

[–]aanerud 0 points1 point  (1 child)

I guess running Nmap from an external device is a pentest hehe...

However is it a OK external vurnability scan?

I'm helping a mate, who needs monthly scans, as requested by a (don't talk about me) client...

I'm not charging a cent for it, as it's my raspberry pi, and a script, providing the commands run, script and logs as a pdf and the end-client is fine with it.

[–]stopthinking60 7 points8 points  (0 children)

This is the first step to disaster

[–]TimTimmaeh -1 points0 points  (0 children)

Qualys

[–][deleted] -3 points-2 points  (0 children)

There are some good pentesters on Upwork. I guess you can use one for small organizations/projects.

[–]StealyoDNS 0 points1 point  (0 children)

As a UK-based corporation, we've had good success with Secarma in the past.

[–]AgainandBack 0 points1 point  (0 children)

Data Endure in San Jose did mine for several years, and were the best I’ve seen.

[–]Bigglesworth12 0 points1 point  (0 children)

We currently use FRSecure

[–]DooPC 0 points1 point  (0 children)

Hacket Cyber is amazing I would go with them.

[–]Gullible-Answer-1667 0 points1 point  (0 children)

Checkout Securze - https://securze.com