-
Most folks dgaf about certs, and I agree with them. Certs are BS. I only have certs because employers paid for them and in tech (especially security) there’s a LOT of free time if you know what you’re doing. Certs only prove you can pass a test.
-
Bold of you to assume most companies have intrusion detection systems and that their monitoring isn’t muted half the time.
-
Findings come from an automated report generated by a scanner that does literally all the work.
OP post is really not that far off. It’s an easy gig.
Source: I’ve worked on both sides.
echodot@feddit.uk 4 days ago
You hope it’ll set off alarms. Sometimes it doesn’t, mostly because they don’t have monitoring setup.
Cornelius_Wangenheim@lemmy.world 4 days ago
Pen tests aren’t cheap. Even basic ones are ~$20k. There’s only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.
jol@discuss.tchncs.de 4 days ago
Or because you hacked into the wrong company. This has happened multiple times.
echodot@feddit.uk 4 days ago
That’s what happens when you do off the book stuff on company time. Got to organize yourself better.
jol@discuss.tchncs.de 4 days ago
I’ve even heard stories of physical pen testers entering the wrong company. Oops.