this post was submitted on 16 Dec 2024
711 points (97.8% liked)

Greentext

4604 readers
338 users here now

This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.

Be warned:

If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 163 points 5 days ago (3 children)
  1. No one's hiring you unless you have an OSCP or similar certification.
  2. A real pen test will set off all kinds of alarms.
  3. You don't get paid until you deliver a 100+ page report detailing what you did and your findings.
[–] [email protected] 24 points 5 days ago

You're implying that people who post on 4-chan have no clue how the real world works and no idea what business is like and how people make money!

[–] [email protected] 33 points 5 days ago (2 children)

You hope it'll set off alarms. Sometimes it doesn't, mostly because they don't have monitoring setup.

[–] [email protected] 23 points 5 days ago

Pen tests aren't cheap. Even basic ones are ~$20k. There's only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.

[–] [email protected] 13 points 5 days ago (1 children)

Or because you hacked into the wrong company. This has happened multiple times.

[–] [email protected] 2 points 5 days ago (1 children)

That's what happens when you do off the book stuff on company time. Got to organize yourself better.

[–] [email protected] 3 points 5 days ago

I've even heard stories of physical pen testers entering the wrong company. Oops.

[–] [email protected] 20 points 5 days ago (2 children)
  1. Most folks dgaf about certs, and I agree with them. Certs are BS. I only have certs because employers paid for them and in tech (especially security) there's a LOT of free time if you know what you're doing. Certs only prove you can pass a test.

  2. Bold of you to assume most companies have intrusion detection systems and that their monitoring isn't muted half the time.

  3. Findings come from an automated report generated by a scanner that does literally all the work.

OP post is really not that far off. It's an easy gig.

Source: I've worked on both sides.

[–] [email protected] 12 points 5 days ago

Uh, certs are a huge deal in cyber security. Absolutely useless in most fields, but cybersecurity is not one of them.

[–] [email protected] 9 points 5 days ago (1 children)

So pen testing is a scam? I knew it! Opening all my ports right now.

[–] [email protected] 4 points 5 days ago

oh yeah I probably should close those unused ports I've had open since 2020...