Viewing a single comment thread. View all comments

cyberjerry42 OP t1_j6aik77 wrote

Reply to comment by LusoInvictus in I am an ex-welder turned Offensive Security analyst (ethical hacker) AmA! by cyberjerry42

In terms of actual exploits I've come across an unusually high number of debug werkzeug consoles that were publicly available via a "staging" subdomain (ex: staging.mywebsite.com). The pin authentication can be relatively easy to bypass in certain circumstances essentially giving an attacker direct access to the machine to run malicious commands.

3

LusoInvictus t1_j6alcto wrote

Oh that's interesting. I feel like Pentesting is more of a novelty and "nice to have" as I've never came across anyone with your skill set and I've worked for public listed companies as Software QA for the last 10 years.

You feel it's a niche and there are still a few willing to follow your path? Are you guys typically contracted to audit the companies rather than work with their IT teams? Any reference anywhere to what your typical work week looks like? (I'm considering branching out to it hence my questions xD)

2

cyberjerry42 OP t1_j6anbcl wrote

For you question about my work week:
My week will usually start with looking at all that wasn't resolved from the week before. I will then look at what pentests I have coming up (I usually have one per week lasting more or less 3 days). Pentests are always my weekly priority. Throughout the week I'll also follow up on bugs I've previously raised a flag on to make sure they get fix. If I still have time I'll typically plug the holes by working on one of our various projects which can range from a cloud infrastructure scanner to an API key sniffer (for example)

2

LusoInvictus t1_j6aqqq3 wrote

Ah man thank you for the AMA. I've been reading every answer. Besides TryHackMe what other websites/forums/media you keep tabs on to be up to date?

2

cyberjerry42 OP t1_j6arevi wrote

It's my absolute pleasure! Twitter is full of great security researchers like JohnHammond, TheXSSRat , TheMayor and many more (see who they retweet and follow them). There is also a lot of great content on youtube such as Liveoverflow and the cyber mentor. Finally, once you feel like you're ready for the real deal, head over to hackthebox. They have some great challenges. In terms of CTFs, I highly recommend going to picoCTF. You'll pickup great tricks there. BurpAcademy is also a great starting point for webapp related stuff!

3

cyberjerry42 OP t1_j6amv3e wrote

I wouldn't say it's a niche line of work per se but it's very hard to find good pentesters. A lot of companies tend to hire external firms to pentest their products and get the "stamp" for compliance reasons. Offensive security is absolutely not for everyone as it requires you to think outside the box in very odd ways sometimes.

I've known a lot of absolutely genius devs that could whip out the most complex algorithms without sweating it but they had a very hard time imagining "well if I chain X with Y and finally Z it can easily lead to compromise of A". I'd probably make a shit full time software dev but boy can I break their stuff hahaha

> Are you guys typically contracted to audit the companies rather than work with their IT teams?

I would be tempted to say yes. It's important to keep in mind that most tech companies out there don't have a giant budget and 1000 employees so they often can't afford a red team. This in turn creates a big demand for external contractors such as Cobalt. I personally, however, prefer to work for the company itself rather than being a contractor as it lets me not only find the problem, but help them fix the issue.

1