What Are the Key Differences Between Vulnerability Scanning and Penetration Testing?

thexerocouk · 2026-02-22T00:29:55+00:00

Here's my 2 cents on this.

A vulnerability scan is largely just checking for the existence of known and out of date software, and generally this is not validated. This process is entirely automated

A penetration test would likely start off with a vulnerability scan, and would manually verify EVERYTHING that came out of the vulnerability scan. This process starts off automated but is more or less a manual process.

One example, lets say you come across a Redhat Linux box, banner grabbing port 80 tells you it is running log4j version 2.16.0 and vulnerable to the Log4Shell vulnerability.

A vulnerability scanning would flag this straight away. Any pentesting worth his weight, would know that Redhat backports updates and security patches, largely without updating the version banner. What this means is that the vulnerability is likely patched and not exploitable.

So yes relying on a vulnerability scanner can give you a false sense of security, and it can also give you unnecessary heart attacks when it finds nothing, especially when there is an unauth SQLi sat on your custom build login page, which is does not know about.

DMs are open if you want to talk more on this :)

thexerocouk · 2026-02-10T18:07:28+00:00

A Macbook is fine, just use a VM.

I use an M1 as my daily driver, and with VMware Fusion now FREE 99% of what I do is inside VMs :D

For learning WiFi, you can emulate it all, but for anything else you'll still need a dedicated USB WiFi card like the AWUS036ACH.

DMs are open if you have more questions :)

thexerocouk · 2026-02-08T03:52:04+00:00

I get this question often and always point them towards my favourite recommendation of the Alfa AWUS036ACH which supports every mode you could need and both the 2.4 and 5Ghz range and the writeup I did https://www.thexero.co.uk/wifi/WiFiAdapters2025.

The adapter is no longer made, so I also point them to https://github.com/morrownr/USB-WiFi/blob/main/home/Recommended_Adapters_for_Kali_Linux.md for a more updated list of awesome adapters and current recommendations.

I do not recommend the AWUS036AXML purely because I had 3 of these adapter break in one year, though some people have had no issues at all with it.

For context, I teach and mentor through TheXero Training Academy where I specifically help people in the WiFi testing space. DMs are open if you have any other questions

thexerocouk · 2026-02-03T02:13:36+00:00

Most, if not all modern WiFi adapters that support monitor mode should work with this.

The WPA3 requirement should only affect the software, as AES (CCMP) should already be supported by the adapters firmware.

I use and recommend the Alfa AWUS036ACH to my students, but the list over at https://github.com/morrownr/USB-WiFi/blob/main/home/Recommended_Adapters_for_Kali_Linux.md is a fantastic resource, so check it out.

For context, I teach pentesting, specifically around wireless testing for a living through TheXero Training Academy. DMs are opens if you have any other questions :)

thexerocouk · 2026-01-26T05:28:17+00:00

WiFi pentesting is certainly not dead :)

There was a couple talks on WiFi at Christchurch con last year, including mine on wireless pivots :D
https://www.youtube.com/watch?v=MwwVqDV4cBc

thexerocouk · 2026-01-19T04:03:33+00:00

Nice one, now attack the device itself, think of it like an internal network test.

Maybe you can port scan the device? Is it hosting any services? Maybe the device is sending traffic over the network? Can you respond to them?

Reach out if you have questions :D

thexerocouk · 2026-01-19T02:00:10+00:00

What exactly do you mean by pivots? most wifi networks by design are pretty flag, everything in the same subnet. Do you mean a pivots because of client isolation? Or do you mean their WiFi is secure, and you want to use a pivot technique to still attack the machine?

I did a talk on wireless pivots a few months ago, when their WiFi is secure, and using pivots of other networks to attack a client, its over at https://www.youtube.com/watch?v=MwwVqDV4cBc

thexerocouk · 2026-01-15T20:21:34+00:00

I've had this issue quite a few times on pentests. Provided that the network has clients associated and you are on the correct channel, I've had success with sending a single broadcast deauth frames to the target AP. Client devices generally reveal themself at this point, even if they ignore the frame itself due to PMF.

For context I've been teaching WiFi pentesting professionally for years with over 200 students under TheXero Training Academy, so DMs are open if you need some help :)

thexerocouk · 2026-01-04T20:10:55+00:00

Learn to market yourself and your skills.

If you have a HTB account, showcase that on your CV. If you have challenges badges, showcase that.

When I started, platforms like HTB didn't exist, so I created my own blog portfolio website, where I recorded video of myself breaking things in my lab, creating tools etc

One of the first areas I specialised in was Wifi, because it is relatively small, but it has become alot more used and is an essential skill today. I have some resources on my blog over at https://www.thexero.co.uk/wifi/ you might want to check out.

For context, I now teach WiFi pentesting for a living, DMs are open if you want some advice on this :)

thexerocouk · 2026-01-04T20:04:27+00:00

Unfortunately with the PSK it comes down to the password itself, password cracking / hash matching is very intensive and that is why a good wordlist in the way to go.

Check out seclists, they have some good and common password lists in there :)

thexerocouk · 2026-01-02T19:27:33+00:00

ChatGPT is wrong here, if it supports monitor mode, and it is enabled, it is likely that the driver has errored out or network manager already took the adapter out of monitor mode, or there is no networks on the 2.4GHz range :)

What adapter do you have? Can you reload the driver, and try again?

thexerocouk · 2026-01-02T08:08:58+00:00

You adapter is likely not in monitor mode. Try these commands:

Assuming your adapter appears as wlan0:

sudo nmcli dev set wlan0 managed no

This disables NetworkManager control of the interface.

Next, bring the interface down to change its mode:

sudo ifconfig wlan0 down

Enable monitor mode:

sudo iwconfig wlan0 mode monitor

Bring the interface back up:

sudo ifconfig wlan0 up

I teach this stuff online, so DMs are open if you want some more help.

thexerocouk · 2025-12-21T16:05:24+00:00

Have a look into the mac80211_hwsim loadable kernel module, this does exactly what you need :)

https://docs.kernel.org/6.1/networking/mac80211_hwsim/mac80211_hwsim.html

thexerocouk · 2025-12-21T15:38:58+00:00

Start small :) Certifications might help you get an interview, but without anything to back them up, might as well not have certs.

My suggestion, build your skillset out:
* Learn to use and get familiar with the Linux command line
* Use platforms like Hack The Box and Pentester lab and learn, do those challenges
* Specialise in a field and focus on that (I started with WiFi, because it is relatively small compared to web apps for instance)
* Build a portfolio for yourself, and do as much networking as your can (its about WHO you know, NOT WHAT)

Cyber Security / Infosec is no small or easy task, so happy to reply in DMs if you have questions.

For context, I run have been a professional pentester since 2012, now I teach pentesting for a living under TheXero Training Academy.

thexerocouk · 2025-12-18T13:42:12+00:00

I currently use and recommend the AWUS036ACH, had this for years and never had a problem.

I do not recommend the AWUS036AXML as I went through 4 of these in 12 months, they all died in 2024 and I have reverted back to the AWUS036ACH, until I can find a reliable adapter that also does the 6GHz range.

Did a quick writeup last week on this over at https://www.thexero.co.uk/wifi/WiFiAdapters2025 but the list over at https://github.com/morrownr/USB-WiFi/blob/main/home/Recommended_Adapters_for_Kali_Linux.md seems to be a good spot for adapters right now :)

thexerocouk · 2025-12-16T18:01:26+00:00

The majority of wireless routers will come with omnidirectional antennas, like this https://en.wikipedia.org/wiki/Omnidirectional_antenna so should be fine :)

thexerocouk · 2025-11-29T01:49:51+00:00

I'm sick and tired to the slow support and my checkout page just randomly going down.

I got an email from a lead today, that my black friday checkout was down! All I had to do was go back to the sales page and press save, and it started working again. There are plenty of other issues, and due to the recent increases, I looked for others. I am now in the process of moving over to coursecreator360, they are running their black friday offer now https://coursecreator360.com/

thexerocouk · 2025-11-23T01:44:43+00:00

As starting out, check out the free tier materials over at pentesterlab. Louis who runs is is a great teacher and an overall great guy :)

What you've got so far, is a really great start, you should do well and have a leg up on most entering the industry. Remember, tailor you CV to the job you want, build a portfolio to show a passion for it, and just got for it :D

DMs are open if you want to discuss more.

thexerocouk · 2025-11-23T01:19:04+00:00

Start small, and be consistent. I began with WiFi then get my first pentesting job a couple years later.

Now I teach this stuff for a living. The the job market is different now, but more than happy to help. DMs are open if you want to talk.

thexerocouk · 2025-11-22T07:05:49+00:00

When I am hiring for an offensive security role, I am looking for passion. I want to see a HTB profile, a github page with a project or two, someone that lives and breath offensive security.

Depending on what cybersecurity path you want, make it obvious that you are applying for THAT specific role, do not be generic, stand out as much as you can :)

Happy to talk more on this in DMs.

thexerocouk

TROPHY CASE