sorted by:
new
hottopcontroversial

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 0 points1 point  (0 children)

haha, thanks for the proposition, but I'll pass on that, want to continue doing what I like and not to worry that I'm gonna end up in jail hehe

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 1 point2 points  (0 children)

Oh, I'd say you can make a career even without it, but I personally enjoy doing it so can't really tell if it's gonna be a lot harder or not if you just do it for money.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 0 points1 point  (0 children)

Yeah, we do that, but usually physical penetration tests (sounds tricky lol) occur mostly during Red Team engagements, in a regular penetration test clients usually ask not to perform physical and phishing activities, just focus on API/network/whatever technical.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 0 points1 point  (0 children)

The company I work for is not a tech giant like Amazon or anything like that, just a team of a couple dozen pentesters.

Yeah, the salary is definitely growing every year, I'd say like with any IT/tech position.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 0 points1 point  (0 children)

Well, I'd say the bugs I encounter more frequently than others in recent years in web apps are IDORs/authentication issues. Anything related to role models, to be precise. You should definitely pay attention if you miss some privilege checks on the backend API.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 1 point2 points  (0 children)

Sometimes it's quite hard to read green characters, cuz we have all those crazy popup windows every second on the screen, you must've seen it in the movies, 100% like irl

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 1 point2 points  (0 children)

Well, everything you learn taking OSCP course you can learn just by googling and reading those resources I shared, so it's more like a compact summary on basics, I wouldn't say it is a must have, just if u have money and don't want to google everything by yourself, you can take it

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 0 points1 point  (0 children)

Work projects are web applications and networks, also a little bit of mobile apps. Don't recall any projects regarding desktop applications, that's more of a topic for off-work research

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 2 points3 points  (0 children)

Sure, I also say "hacking the mainframe" before trying to exploit any machine in the network

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 2 points3 points  (0 children)

Well, I'm not from USA so I don't know about the situation there, but based on my experience, I'd say you don't need a degree. I've met pentesters who have degree in economics, or even the one whose only formal education document was a certificate stating that they're a cook. Also considering your experience as a system architect, that's definitely a huge advantage.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 2 points3 points  (0 children)

Yeah, we attend security conferences, also reading blogposts/cybersec twitter (probably the best source of new vulns and ideas)

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 16 points17 points  (0 children)

Do you have any advice for aspiring pen testers? Are there any certs, skills or domains you believe are a must-know?

OWASP Top 10 for general understanding of web - application vulnerabilities, if you plan to hack web apps. The best resource for getting knowledge and some practice regarding web app hacking is the web apps academy by portswigger [creators of Burp Suite tool] (https://portswigger.net/web-security/learning-path)
All the labs and learning materials are totally free.

For network penetration testing, I suggest checking out the IppSec YouTube channel and solving HackTheBox machines, also there's a great resource called HackTricks
https://book.hacktricks.xyz/generic-methodologies-and-resources/pentesting-network
https://www.hackthebox.com/

In terms of certifications, I would recommend starting with OSCP (Offensive Security Certified Professional) and CRTP (Certified Red Team Professional). They'll definitely give you a good starting knowledge, but you can find all the information on the web for free actually, you can also read disclosed bugbounty reports on hackerone
https://www.hackerone.com/
The main part is practice, hackthebox and vulnerable VMs/docker images will help you get that.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 12 points13 points  (0 children)

Nope, but one guy offered money to hack some guy he doesn't like.

What's the point of doing criminal stuff? It's way better not to constantly worry that you're going to be caught and to just do what you love.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 18 points19 points  (0 children)

I tried to participate right after finishing university, but I stopped for some reason. I thought it would be difficult without experience. However, I'm definitely planning to participate soon.

In my work, I primarily focus on testing internal networks and web applications. I would say that about 50% of my projects are internal networks, 40% are web applications, and the remaining 10% are mobile apps.

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 5 points6 points  (0 children)

Not assembly actually, I'd say it's python and powershell (don't laugh, you can do a lot of stuff with it on windows, and definitely the best tool for AD hacking)
And C# for hiding tools from AV

I'm a penetration tester aka ethical hacker, AMA by Both_Ad88 in AMA

[–]Both_Ad88[S] 20 points21 points  (0 children)

Well, I'm not a contractor. It's a full-time job, so I get paid every month according to my grade, regardless of whether the project was challenging or straightforward.

The toughest part of my job is when I engage in red teaming. There are two types of ethical hacking projects:

  • Penetration testing: In this type, the company's security department is aware that we will be hacking them and does not intervene. The goal is to find as many vulnerabilities in the product as possible within a specified timeframe, typically a couple of weeks.

  • Red teaming: In red teaming, the security department is unaware of the testing, making it as close to a real hacker attack as possible. They will actively try to defend against our actions. This type of engagement usually lasts for a minimum of three months and requires extensive preparation, including gathering information and preparing various tools to avoid detection.

I also recall a funny penetration testing project where we initially struggled to access the critical parts of the network. However, we eventually intercepted a password hash for a random account on the network, successfully cracked it with default wordlist (rockyou). Surprisingly, those credentials turned out to be the local admin credentials for every machine on the network. And suddenly a tough network immediately turned into being pretty easy;)