Anon is a white hat hacker
Anon is a white hat hacker
You're viewing a single thread.
45 comments
-
- No one's hiring you unless you have an OSCP or similar certification.
- A real pen test will set off all kinds of alarms.
- You don't get paid until you deliver a 100+ page report detailing what you did and your findings.
-
You hope it'll set off alarms. Sometimes it doesn't, mostly because they don't have monitoring setup.
-
Pen tests aren't cheap. Even basic ones are ~$20k. There's only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.
-
Or because you hacked into the wrong company. This has happened multiple times.
-
That's what happens when you do off the book stuff on company time. Got to organize yourself better.
-
I've even heard stories of physical pen testers entering the wrong company. Oops.
-
-
-
-
You're implying that people who post on 4-chan have no clue how the real world works and no idea what business is like and how people make money!
-
- Most folks dgaf about certs, and I agree with them. Certs are BS. I only have certs because employers paid for them and in tech (especially security) there's a LOT of free time if you know what you're doing. Certs only prove you can pass a test.
- Bold of you to assume most companies have intrusion detection systems and that their monitoring isn't muted half the time.
- Findings come from an automated report generated by a scanner that does literally all the work.
OP post is really not that far off. It's an easy gig.
Source: I've worked on both sides.
-
Uh, certs are a huge deal in cyber security. Absolutely useless in most fields, but cybersecurity is not one of them.
-
So pen testing is a scam? I knew it! Opening all my ports right now.
-
oh yeah I probably should close those unused ports I've had open since 2020...
-
45 comments