Finally got a job as a pentester!
FEEL FREE TO HACK THE WORLD!

Now that I have time to approach my ultimate dream ( being the pro penrester ) , asked a hacker for a road map and he gave me (U'll rarely see such open hackers that share knowledge :) )
Surprisingly I've been familiar with all the topics but being the most pro , requires u to be pro in every single topic .

Guess what ? I'm starting from basic linux commands all over again 😂
echo 'hello world :/'

Ok ! I'm fired !
But U fuckers will pay !
Never fire your pentester , NEVER !!

"bart as a pentester"

When the university finds out you're a pentester:

Usual underclassmen: Can you hack my bf/gf? I think they're cheating on me.

Delusional underclassmen who think they know everything: I can hack too! Who's your master? I learned how from master jimmy *runs a batch script that has "tree" on loop. See? What batch script do YOU have?"

The IT teachers: can you show us how a payload works?

Hey hackers! It's me again 😀

If I wanna be an awesome pentester / bug hunter , what should be my main focus?
Network?
Data sciense?
Algorythm?
Low level programming?

I've already passed network + and basics of ccna and I already know pentesting using kali and I know c and python as well.
Just not sure where to go next and keep using kali packages makes me feel like a script kiddie (which is aweful 😬)

Dreaming to be able to write my own exploits and have my own 0day bugs👑

Thanks for any recommandation you would

Nooooo !
I fucked up !
Please tell me what is going to happen if a pentester fucks up ?

I was just curious about the codes the developer was typing remotely while they were containing important datas :/
Fuck me ! I thought it would be nice if i take some pictures of that amazing code so the other employees misunderstood !!
They think I was stealing data ! 😭

What should I do ?
What can I tell them ?

>pentester
Raised an issue with a web application for out client that was weak TLS protocols/cipher suites in use on the sever hosting their application.

Then I was asked to confirm that reissuing the certificate was the correct remidial action for fixing this...

Man, it's scary to think non-technical project managers are in charge of fixing this stuff...

Today I attended the first half of the WhiteHat challenge at CERN :) one more to go to be a certified pentester! I expected lots of learning, and my expectations were not let down, game on!

I wonder if lock picking is part of the pentest or not ? XD

Right now I enjoyed being SysAdmin and PenTester more than programmng...but I doubt I can get a job without certification from either of those field.

Later, I will write a book :
Fuckups of a pentester

:/

I hate Mondays...

So, Yours truly, the multilingual flightless bird leaves his apartment... Locks door... Fucking key gets stuck in lock (had some attempted home invasion attempt last year, left a few things bent).
The last thing I can use today, important project to work on with a deadline close enough to worry about.

I would say that's a classic Error 500 on login kinda situation.

The irony? I fancy myself a pretty good lock picker(A must have for an aspiring pentester) .

Luckily, a quick squirt of gun oil resolved that one... Seriously, how do people manage without a supply of tools and stuff?

> 2018 starts just like another day
> Drops a tip for the pentesters
> As a pentester if you aren't good as a Chineese APT actor pack up and go home

Hello together.

I need your help. Im a junior Pentester.

Tomorrow I need to pentest a Macintosh workstation but I have no idea where to start. Users can login via LDAP and I will do a white box pentest.

Any suggestions where to start?

If a pentester find a very critical bug and the boss is not aware of him knowing this type of exploitation (no one is expecting him to find such flaws)

Should he report it ? Or reporting will make him suspicious ?

I am a pentester.
'I am a pentester.
'Iam a pentester/n/r"
'"Iamapentester\/n\/r-- '"''
'"'/>alert(1):</script>
%68%65%6c%6c%6f

Can't i find 10 pentester in these post 😆

1. When we struggled for month with using OpenSSL, fixing our server, then bit of Sqlite3 fuck ups. Was it even right to use those libs, not write shit ourselves, if it is such a hassle to use them, or is it only us being too stupid to read the docs? Project seemed 'finished' for over a year. Really wore us out to get it out there.
2 Our board constantly announcing the success and striving of our pentester department. Makes me feel I am at the wrong place. No dynamics, growth, just too much stupid work to plow through.
3 Starting a bit with CTF's. Realizing I am hardly at the entrance of the rabbit hole. (And also is it even the right thing going down there? My Luddite tendencies also shining through...) Not mastering all this tools.

made website, pentesters and general testers needed. pm on telegram if you'd like to help me out :) @calmyourtities

this afternoon, we got email from our pentester. He said that he got some security vulnerability in our project. He found .git/ folder in project directory in production server. He considered it as security vulnerability because user can see all git branch on remote repo. He recommend us to remove that folder but the problem is, we using CI/CD so we need that .git/ folder. My question is it bad practice to use git on production server?