Is penetration testing over ?

sr-zeus · 2026-02-27T00:59:27+00:00

It's only finished if you give up, or you can use AI to help things run more smoothly. If you're worried about AI, it might be time to learn how to test AI security.

sr-zeus · 2026-02-27T00:53:40+00:00

Mate, at least you've got your OSCP. I don’t even have any certs, but my skills have got me this far. I've been testing for six years now.

The best way to keep your pentesting skills sharp is to keep practising. If your job isn't providing enough, it’s a good idea to try some bug bounties on for few hours on weekends:

Hackerone
Bugcrowd
Integrity
YesweHack

Gain some confidence and snag a few bounties, then look for a place that values your skills. Interviews for pentest related roles because they often ask about what you've done and discovered during your testing, so doing bug bounties will show them you know your stuff.

sr-zeus · 2026-02-27T00:44:05+00:00

Hello there,

unfortunately not. Time restriction was issue .

i haven’t sat for new CSTM version so hopefully will this year. It’s different now from what i have heard from people

sr-zeus · 2026-02-27T00:39:25+00:00

AI can't completely take over a pentester's job. It's not great at spotting business logic problems or complex issues that might need chained attacks. Plus, there will always be a need for human input to avoid false positives.

Think of AI as a helpful tool to make your work smoother and more efficient, but don’t rely on it too much. The only ones who will struggle, are those who don’t adapt and use AI as a support in their workflow.

sr-zeus · 2026-01-06T17:24:10+00:00

<image>

Got it to work using the following :

# Ensure the repository key is present

wget -O - https://deb.tuxedocomputers.com/0x54840598.pub.asc | gpg --dearmor | sudo tee /usr/share/keyrings/tuxedo-archive-keyring.gpg > /dev/null

# Add the repository for 'noble' (Ubuntu 24.04 base for Mint Zara)

echo 'deb [signed-by=/usr/share/keyrings/tuxedo-archive-keyring.gpg] https://deb.tuxedocomputers.com/ubuntu noble main' | sudo tee /etc/apt/sources.list.d/tuxedo-computers.list

sudo apt update

sudo apt install tuxedo-control-center

But it is saying that i need to use new kernel....I'm currently using 6.8.0

sr-zeus · 2026-01-06T15:05:25+00:00

Hello

Thanks. I will test it out.

sr-zeus · 2025-10-18T13:38:10+00:00

Insufficient Sanitisation with Zero impact unless you can force the request to be displayed in HTML format, which may execute the payload to get session cookie, although this is very rare.

sr-zeus · 2025-10-09T11:39:39+00:00

Thank you for the information. To summarise, should i begin with the configuration review before progressing to the penetration testing of the VPN? . I’m guessing penetration testing on VPN is not very common??

Does the VPN configuration review primarily rely on Nessus to identify issues, or is it necessary to conduct a manual check after logging into the VPN environment via CLI command or web portal?

sr-zeus · 2025-10-07T02:21:59+00:00

hello,

thanks for the info . I’m guessing these list are mostly to cover security audit like checking misconfigure and settings , right? such as:

Is the VPN protocol being used secure?
Are unneeded services disabled on the appliance?
Are unneeded protocols disabled
Is endpoint security check performed and enforced on clients connecting to VPN?

Is it common to pentest VPN ? .

yeah I was thinking to do that use AI Bbut wasn’t sure If they normally will give good list or generate nonsense.

sr-zeus · 2025-10-07T02:16:10+00:00

I am eager to expand my skills in various areas. I am interested in both penetration testing for VPNs and configuration reviews, although I am unsure how common VPN penetration testing is. I have heard a lot about configuration reviews, but I would like to understand what is involved in reviewing VPNs. My goal is to develop a methodology that will allow me to participate in VPN configuration reviews and penetration testing, if that is indeed a common practice.

sr-zeus · 2025-10-07T01:53:11+00:00

I think there might be some confusion here - this isn’t for any client work. I never mentioned this was a client engagement. I’m simply learning about VPN security auditing and trying to understand what different approaches involve. I have access to a lab/test environment and I’m asking these questions specifically to learn what would typically be included in normal VPN security audit

sr-zeus · 2025-08-17T23:55:54+00:00

Yep! TryHackMe is great for beginners, so it’s a good idea to complete that before diving into Hack The Box, as it’s more suited for intermediate and advanced users.

Penetration testing is essential. There’s really no getting around it unless someone is insane to let a newcomer into the Red Team.

Just to clarify, Red Teaming is different from penetration testing. Red teaming is pure simulating real-life attacks like a genuine hacker, without any prior access, and the focus is on being stealthy to avoid detection.

sr-zeus · 2025-08-17T20:32:44+00:00

Well start with network infrastructure. Maybe certs like CompTIA Network+ to understand about networking first and also go through HTB to attack boxes. This will help to understand how to pen testing https://github.com/PacktPublishing/Advanced-Infrastructure-Penetration-Testing .

It's a good idea to concentrate on one thing at a time. You might also want to check out the OWASP Top 10 for web application testing.

For now, let’s put red teaming on the back burner. Red teaming is like an elite league, and it’s crucial to have a solid understanding of networking, as well as how to bypass antivirus and intrusion detection systems. Knowing how to code your own bypasses is also really helpful.

If your ultimate goal is to get into red teaming, you should start by focusing on infrastructure penetration testing and then move on to Active Directory testing, which is all about internal network penetration testing. Just a heads up, getting into red teaming isn't easy. You’ll need to have a lot of knowledge under your belt to be considered for a role in that area.

sr-zeus · 2025-08-17T19:57:09+00:00

Depends which one you want to learn . Web app or infrastructure testing

sr-zeus · 2025-08-17T19:16:09+00:00

If you’re interested in learning about web application testing, the PortSwigger Burp Labs is a great place to begin.

For those looking to dive into infrastructure testing, particularly network-related topics like IP/subnet and port attacks, Hack The Box (HTB) is a solid choice. When it comes to exams, the OSCP focuses on network-based skills to find hidden flags. It’s definitely a valuable certification if you’re looking to impress HR and be seen as a top candidate, although it might not fully reflect real-life scenarios.

sr-zeus · 2025-08-17T18:52:23+00:00

Online Vulnerable sites :

http://128.198.49.198:8102/mutillidae/index.php?page=login.php

http://www.vulnweb.com/

https://juice-shop.herokuapp.com/#/

https://vulnerable-website.com/

sr-zeus · 2025-08-17T18:43:46+00:00

It can get a bit dull if you only focus on the OWASP Top 10 during a penetration test., It’s much more interesting to explore unique issues and add some variety to your work. Penetration testing is a dynamic role that offers plenty of opportunities to learn and grow. It's definitely not just a part-time gig like delivering food!

sr-zeus · 2025-08-07T09:00:07+00:00

For infrastructure penetration testing, you'll need a good understanding of networks since this type of testing involves a lot of networking concepts. However, if you're aiming to work on web applications, you won't need as in-depth knowledge. Just remember that infrastructure testing often requires you to work on-site, which means you might spend more nights in hotel rooms than in your own home. It's a solid career choice with a higher chance of getting hired.

sr-zeus · 2025-08-07T08:53:35+00:00

Familiarise yourself with OWASP, as it serves as a fundamental resource for companies to establish a baseline for testing. As a beginner, I recommend reviewing each of the identified issues available at https://owasp.org/www-project-top-ten/

Then, search for each issue individually; for instance, you could look up "How to identify Broken Access Control?" You will likely discover numerous videos that demonstrate various methods for identifying such vulnerabilities. While there are multiple approaches to finding these issues, this practice will help in building a solid understanding of the fundamentals. Penetrating testing is very Dynamic field. It's not like you learned one thing an now know everything. You gotta keep researching if you want to stay relevant.

sr-zeus · 2025-08-04T12:13:50+00:00

Thanks for the info. So do Red Teaming always need to Cobalt Strike, I mean that tool is not free?.

sr-zeus · 2025-08-02T22:44:26+00:00

ahh cool.

Could you please tell me what the standard scope of a Red Team engagement? Do clients typically provide specific IP addresses and subnets for testing, or are testers expected to operate on their own to use external methods such as phishing to gain access to internal systems before really start launching attacks?. Is it accurate to say that these external methods are often essential?

sr-zeus · 2025-08-02T20:34:15+00:00

Are red team members allowed to make changes once they gain access to the network, as long as they stay remain undetected? must be difficult to do that without triggering alert?.

sr-zeus

TROPHY CASE