| I've been trying to learn infosec for a few years now with the eventual goal of either an offense/defense role. Plan to work on my OSCP next. I have a few basic questions please: 1. Aside from: linux cmds, nmap, metasploit, sqlmap, mimikatz, kali's well known tools - what other tools are often used by pen testers ? 2. How is MFA beaten in today's enterprises ? 3. Do most engagements assume one is already in the network ? If not, how does one scan (basic OSINT towards their externally facing website, but let's assume that is very secure) 4. How well do pen testers know the defense side and amalgamation of so many defensive tools - how do they learn what to beat ? Is it really as simple as try to fingerprint and then look for known vulnerabilities on msf ? Or do pen testers not care if xyz enterprise is using this version of Palo Alto or a carbon black EDR etc. e.g. Alphabet soup of products in a large enterprise for defensive solutions - NGAV, EDR, SIEM, honeypots etc. etc. 5. How do you keep up ? aside from Reddit 6. any advice to future job seekers working their way into learning more infosec ? |