|
|
|
|
|
|
by CyberBank
2566 days ago
|
|
|
YMMV, but, in my experience the biggest difference between these platforms and "real world" is the amount of data available (generally). At big companies, if you were to run a red team exercise or pen test, most of the probing and data gathering you do is on confluence, open git repos, and other places of documentation. Not running nmap or sitting in the middle of two services and inspecting packets. That's not to say that more advanced testers don't employ those methods, but the reality is, the most effective way is to expose yourself to the data available in front of you. Disclosure: I run Vulnerability Management and Assessments globally for one of the largest companies in the world |
|
|
I have a few basic questions please:
1. Aside from: linux cmds, nmap, metasploit, sqlmap, mimikatz, kali's well known tools - what other tools are often used by pen testers ?
2. How is MFA beaten in today's enterprises ?
3. Do most engagements assume one is already in the network ? If not, how does one scan (basic OSINT towards their externally facing website, but let's assume that is very secure)
4. How well do pen testers know the defense side and amalgamation of so many defensive tools - how do they learn what to beat ? Is it really as simple as try to fingerprint and then look for known vulnerabilities on msf ? Or do pen testers not care if xyz enterprise is using this version of Palo Alto or a carbon black EDR etc.
e.g. Alphabet soup of products in a large enterprise for defensive solutions - NGAV, EDR, SIEM, honeypots etc. etc.
5. How do you keep up ? aside from Reddit
6. any advice to future job seekers working their way into learning more infosec ?