18
R-C-D
6y

Nooooo !
I fucked up !
Please tell me what is going to happen if a pentester fucks up ?

I was just curious about the codes the developer was typing remotely while they were containing important datas :/
Fuck me ! I thought it would be nice if i take some pictures of that amazing code so the other employees misunderstood !!
They think I was stealing data ! 😭

What should I do ?
What can I tell them ?

Comments
  • 6
    Show then the pics perhaps?

    Anyway, legal pentesting? Did you sign a secrecy contract?
  • 4
    @alexbrooklyn well they told me to delete all the pictures so i did.
    And yes I'm a legal pentester.
  • 25
    Nothing personal mate, but if I were your manager I'd fire you on the spot... Well unless you're a junior.

    If this comes out it could turn into a scandal and make your company oh-so-much damage. It could even go bancrupt if your customers' faith is lost.

    Not cool R... You are given access to THE MOST SENSITIVE, the most vulnerable parts of you customers' systems as long as they can trust you. And you take pics of their data, be it a snip of code, bank account passwords, classified docs or CEO's nudes - it doesn't really matter. And where do these pics go? One-drive? Samsung-cloud? Hell knows where else? You're using a closed-source hardware for the pics. You can NEVER be sure where your data is traveling and where it is not.

    If I were you I think I'd bite a bullet and admit I slipped. Schedule a meeting w/ my manager, explain everything and hope I am given another chance. Oh, and I'd leave my device I took the pics with @office making sure at least 2 coleagues can whitness I haven't brought it home. And only take the device to the meeting w/ my manager and delete those pics while he watches me do it.

    Do not EVER do that again
  • 2
    @netikras thanks ! Will talk to the manager tommorow , wish me luck. :)
  • 2
    @R1100 good luck. Let me know how it turns out. Mention me (@) if you can
  • 1
  • 1
    📌
  • 8
    As a legal pentester the things you can do and cannot have harsh borders.

    First is that you don't go around stealing stuff. Regardless if you're pentesting or not, you're under copyright. You don't own shit there. You can crack doors open and later show what you found, but if you go home and later look through all that precious data you're not a pen tester, but a thief.

    So of what value are you to the company then?

    Also. If a colleague randomly snapped a picture of my code without context I'd already give him a weird look. Because it's something you don't do.

    It weird, its awkward, its creepy.

    @netikras found better words than I, but fuck me are you in knee deep shit, and for a reason.
  • 1
  • 3
    @netikras I'm fired . that's all
  • 4
    @R1100 we learn from our mistakes :)

    you did the right thing by coming clean. Otherwise your coleagues would've had a leverage on you to make you do things. Maybe not even legal things.
  • 4
    @netikras i hope I can find another job
  • 5
    @R1100 sure you will :) just be very careful about your wording when asked why you left your previous job.
    Though I wouldn't lie. People talk :)
  • 1
    @netikras what can i say ?
    The salary was low for example? :)
  • 6
    @R1100 That's up to you.

    I can only say I never lie. And I always play transparently, with all my cards open. Just choose the right words to lay it all out
  • 2
  • 2
    @rR1100 Because I don't wanna be an asshole that tells you only how you fucked up and how garbage you are....

    You fucked up. Shit happens. Heads up. When you get to your next job, be open about what happened. Explain that you were stunned by the code and only wanted to take a picture to analyze what happened. Yadayada misunderstanding, yadayada no bad intentions. You get the deal.

    Normally people come your way if they see that you're genuine about your mistake and that you own up to it.
  • 3
    That's nothing serious at all - at least if your team/manager is understanding. Mistakes happen, you learn from it.

    I have done a terrible one some time ago.
    Made changes to an open source lib code commented the reason for the changes with an example and sent to my personal email so I can improve it in my free time. Well, it got picked up automatically by the proxies and cc'ed me, directors and the CIRT team. I could hear the noise of firing bell in my ears.

    Next day got an email from my manager to explain the incident and I did with my best performance of essay writing since my university life. So good, that my manager replied thanking me and they asked me to delete every external traces of it and confirm them. Just like that it was all over.
  • 3
    Don’t get me wrong, being honest is always the way to go - but the last thing I would do is loose a word about this concrete incident in any upcoming interview. This will almost always result in getting denied the job. Only if they ask specifically describe what happened in a very abstract way, without lying, so that it doesn’t sound too negative.
    Wish you all the best and good luck for the future! There will always be a way. Remember if one door closes another one will open.
  • 1
    @4h4b thank U man :)
    Very positive 👌
  • 1
    Sorry to read this, man. Sincerely wish you the best

    And most importantly, I hope you learnt your mistakes and you are on HIGH ALERT at all times
Add Comment