Pen testing

I usually prefer the single slit design for pen testing personally

My little brother (still in school , learning security and pen testing): i found a bug in a website , it returns an xml file instead of the web page , i reported it to them and i think i'm gonna get rewarded like 2k $ for it .
Me : cool ! Show me .
Him : shows me his phone ...
Me : wait , gotta rant this .

Guuuys! I made it! I just got my first job in IT as a Junior Sys Admin at a Security/Pen Testing company. So happy right now. Just wanted to share with you. :D

Many have python learning as their 2018 goal, well theres a 15$ huge humble bundle for python machine learning, networking, rest, pen-testing and more, its a good deal, check it out.

I went for an interview for a position stated as "web developer" . They questioned me on Pen testing and writing scripts for detecting attacks. This is how the interview went. Fucking get your shit together .Fucking waste of time

Got a math exam tomorrow but learning about it-security and pen-testing is a lot more interesting.

Building a remote for the projectors in your school can also be a source of fun :P

I'm currently one of two "pen testers" for the anticheat system of a game.

It all started a few days ago when the developer handed me the obfuscated package and told me to go at it. No big deal, I've bypassed it before the obfuscation, so I just changed some imports and sent in the screenshot.

Fast forward 100+ hours, it's turned into a cat-and-mouse game. He sends us (the testers) an update, we break it within hours. We show him what we exploited and he attempts to fix it. Rinse and repeat.

Finally, today he patched the one hole that I've been using all this time: a field in a predictable location that contains the object used for networking. Did that stop me? No!

After hours of searching, I found the field in an inner class of an inner class. Here we go again.

pen testing

This is not really the reason I got these parts, but I just had them lying around and have been following the project for some time... so why not? Haha. I was also thinking it might be cool to set these up to auto-disrupt known AP names that would be issued by companies most responsible for the dismantling of Net Neutrality. Like just make them in a dirt cheap throwie form-factor and let the companies deal with pissed off customers for a few days until the battery dies (thinking the little generic LiPo’s that cheap quadcopters use would give a few days if attacking sporadically and using the ESP’s sleep function). Just riffing here... ;P ;D

so, me and my best friend started playing pen and paper and after a wile we decided to create our own system. After a year of improving and testing we thaugth about a new java side project and more improvements for our system. time goes by and now we have three java apps for our own pen and paper and a lot of reusabilly code.

Playing and planing a new session of p&p is now so comfortable and fast 🤗

Anybody else feel like their Internet traffic constanty being monitored after downloading pen testing tools?

Have our identities been added to lists of potential cyber criminals :/

Thoughts?

(For ethical purposes - involving your own site's security!!)

Becoming the Consultant or Sys admin who does social engineering pen testing and then making a spreadsheet of all the employees who failed listed by name

Hey guys, I've decided to remove windows (again) and want to install a distro in its place, can you suggest some?
I'm learning pen testing so Kali is something I used to use on VM, also Ubuntu for random stuff.

So I'm still new to programming. Mind blown every day learning python. Although self learning does get confusing sometimes. Somehow I'm learning pen testing now and already installed Kali on a virtual box. Pretty sure I aimed at making a multi platform mobile app to begin with.... Yep, from Kivy to changing Mac addresses, am I lost? Or this is the way to dive in?

I've deployed an instance of OWASP Juice Shop on Heroku, if anyone wants to practice and/or learn pen testing or just web based vulnerabilities in general it's an amazing application to learn from and practice on.

Your progress is dependant on the cookie, so it won't affect one another.

owaspshop.herokuapp.com

It's free, so if you want to deploy your own instance you can.

My mate just pen-testing on running production server using admin credential.
Guess what happen!
And no backup!

What a day!

Has hacking become a hobby for script-kiddies?

I have been thinking about this for a while know, I went to a class at Stanford last summer to learn penetration-testing. Keep in mind that the class was supposed to be advanced as we all knew the basics already. When I got there I was aggravated by the course as the whole course was using kali linux and the applications that come with it.

After the course was done and I washed off the gross feeling of using other peoples tools, I went online to try to learn some tricks about pen-testing outside of kali-linux tools. To my chagrin, I found that almost 90% of documentation from senior pen-testers were discussing tools like "aircrack-ng" or "burp-suite".

Now I know that the really good pen-testers use their own code and tools but my question is has hacking become a script kiddie hobby or am I thinking about the tools the wrong way?

It sounds very interesting to learn https and network exploits but it takes the fun out of it if the only documentation tells me to use tools.

When testing things..

Product Description: Expensive Imported Turkish Pen

Product Image: A bag of Snickers

The "asdfghsjgllhdk" text doesn't look very appealing.

That moment you forget to tell the devs about the new tests and end up doing brute force for some pen testing and load capacity and they do a rant of you

Been working on pen testing an old ass web app written in a combination of 4 languages with the primary being asp, serious question for the older generation was concatenating SQL statements ever best practice or are the mob that wrote this just useless?

I'd love to get into a career within the cyber security industry.

Anyone got advice?

I've played around with Kali/Parrot and setup a proxmox box to perform pen testing and have a fair number of PDF ebooks and audio books on networks, security and pen testing

So, I have been offered two jobs at the same company (big, global corp)

1. RPA coordinator or operator or business analyst. Completely new to me, they're happy with my background enough so that I could learn on the job. RPA is new in this place and they're creating team from scratch.

2. Member of IT security team where most of my work would be split between things that interest me greatly - vulnerabilities, fixing them and pen testing.

I'm not sure what to pick, really.

Option 1 seems to be way more future proof and seems like a lifetime opportunity to get into something relatively new, potentially more ££ down the road.
Option 2 is what I already spent some time learning and I have quite a big interest in. I've always been less of a programmer and more of an admin/sec guy.

Tbh before option 1 called me yesterday I thought that option 2 is a dream job for me. Now I'm all in doubt.

What the hell am I!? I wonder if you guys can help me...

I've been programming most of my life but I've never actually been a developer by title or job role. I thought maybe if I list what I do and have done someone here could help? I'm sure there are more of you in a similar boat.

- C# and VB dev for some quick DBMS projects to help me understand and mine databases and create a nice simple view for project teams to show findings from the data to help make certain decisions.
- Automating a lot of my colleagues work with Python and if very restricted then just VBA macros in Excel and MSP. This did also include creating tools to gather data during workshops and converting the data for input into other systems.
- Brought Linux to the office with most team members now moving over to Linux with the peace of mind to know that though they do need to try solve their own problems, I can help if need be.
- Had to learn AWS and then implement an autoscaling and load balanced data center installation of a few Atlassian toolsets.
- Creating the architecture diagrams documentation needed for things like the above point.
- Having said that, also have ended up setting up all the Jira/Confluence etc. servers we use and have implemented so far whether cloud (Azure/AWS) or on prem and set up scripts to automate where possible.
- Implemented an automated workflow view in SharePoint based on SP list data and though in an ASPX page, primarily built in JS.
- Building test systems in PHP/JS with Laravel and Angular to help manage integration between systems. Having quite a time right looking into how to build middleware to connect between SOAP and REST API's, the trouble caused more by the systems and their reliance on frameworks we're trying to cut out of the picture.
- Working on BI and MI and training a team to help on the report creation so that I can do the fun creative stuff and then set them to work on the detail :)

Actually it seems safe to say that it seems that though I've finally moved into a dev office (beforehand being the only developer around) I seem to be the one they go to when a strategic solution is needed ASAP and the normal processes can't be followed (fun for someone with a CompSci degree and a number of project management courses under the belt... though I honestly do enjoy the challenges)

But I always end up Jack of all but master of, well hopefully some at least. let's not even get started on the tech related hobbies from circuit design and IoT to Andoid / iOS and game dev and enjoying a bit of pen testing to make sure we're all safe at work and at home.

As much as I don't like boxes, I'm interested to know if there is in fact a box for me? By the way, the above is just a snapshot of my last two years minus the project management work...