this post was submitted on 16 Dec 2024
717 points (97.9% liked)

Greentext

4610 readers
1479 users here now

This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.

Be warned:

If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] Cornelius_Wangenheim@lemmy.world 165 points 6 days ago (3 children)
  1. No one's hiring you unless you have an OSCP or similar certification.
  2. A real pen test will set off all kinds of alarms.
  3. You don't get paid until you deliver a 100+ page report detailing what you did and your findings.
[–] echodot@feddit.uk 33 points 6 days ago (2 children)

You hope it'll set off alarms. Sometimes it doesn't, mostly because they don't have monitoring setup.

Pen tests aren't cheap. Even basic ones are ~$20k. There's only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.

[–] jol@discuss.tchncs.de 13 points 6 days ago (1 children)

Or because you hacked into the wrong company. This has happened multiple times.

[–] echodot@feddit.uk 2 points 6 days ago (1 children)

That's what happens when you do off the book stuff on company time. Got to organize yourself better.

[–] jol@discuss.tchncs.de 3 points 6 days ago

I've even heard stories of physical pen testers entering the wrong company. Oops.

[–] ameancow@lemmy.world 24 points 6 days ago

You're implying that people who post on 4-chan have no clue how the real world works and no idea what business is like and how people make money!

[–] CaptainHowdy@lemm.ee 20 points 6 days ago (2 children)
  1. Most folks dgaf about certs, and I agree with them. Certs are BS. I only have certs because employers paid for them and in tech (especially security) there's a LOT of free time if you know what you're doing. Certs only prove you can pass a test.

  2. Bold of you to assume most companies have intrusion detection systems and that their monitoring isn't muted half the time.

  3. Findings come from an automated report generated by a scanner that does literally all the work.

OP post is really not that far off. It's an easy gig.

Source: I've worked on both sides.

[–] expr@programming.dev 12 points 6 days ago

Uh, certs are a huge deal in cyber security. Absolutely useless in most fields, but cybersecurity is not one of them.

[–] SaharaMaleikuhm@feddit.org 9 points 6 days ago (1 children)

So pen testing is a scam? I knew it! Opening all my ports right now.

[–] TriflingToad@sh.itjust.works 4 points 6 days ago

oh yeah I probably should close those unused ports I've had open since 2020...