Greentext

4591 readers

718 users here now

This is a place to share greentexts and witness the confounding life of Anon. If you're new to the Greentext community, think of it as a sort of zoo with Anon as the main attraction.

Be warned:

Anon is often crazy.
Anon is often depressed.
Anon frequently shares thoughts that are immature, offensive, or incomprehensible.

If you find yourself getting angry (or god forbid, agreeing) with something Anon has said, you might be doing it wrong.

founded 1 year ago

MODERATORS

Early_To_Risa@sh.itjust.works

701

Anon is a white hat hacker (sh.itjust.works)

submitted 2 days ago by Early_To_Risa@sh.itjust.works to c/greentext@sh.itjust.works

45 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] Cornelius_Wangenheim@lemmy.world 154 points 2 days ago (3 children)

            
              No one's hiring you unless you have an OSCP or similar certification.
A real pen test will set off all kinds of alarms.
You don't get paid until you deliver a 100+ page report detailing what you did and your findings.

[–] ameancow@lemmy.world 20 points 1 day ago

You're implying that people who post on 4-chan have no clue how the real world works and no idea what business is like and how people make money!

[–] echodot@feddit.uk 29 points 2 days ago (2 children)

You hope it'll set off alarms. Sometimes it doesn't, mostly because they don't have monitoring setup.

[–] Cornelius_Wangenheim@lemmy.world 21 points 1 day ago

Pen tests aren't cheap. Even basic ones are ~$20k. There's only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.

[–] jol@discuss.tchncs.de 12 points 1 day ago (1 children)

Or because you hacked into the wrong company. This has happened multiple times.

[–] echodot@feddit.uk 1 points 1 day ago (1 children)

That's what happens when you do off the book stuff on company time. Got to organize yourself better.

[–] jol@discuss.tchncs.de 1 points 1 day ago

I've even heard stories of physical pen testers entering the wrong company. Oops.

[–] CaptainHowdy@lemm.ee 18 points 2 days ago (2 children)

Most folks dgaf about certs, and I agree with them. Certs are BS. I only have certs because employers paid for them and in tech (especially security) there's a LOT of free time if you know what you're doing. Certs only prove you can pass a test.
Bold of you to assume most companies have intrusion detection systems and that their monitoring isn't muted half the time.
Findings come from an automated report generated by a scanner that does literally all the work.

OP post is really not that far off. It's an easy gig.

Source: I've worked on both sides.

[–] expr@programming.dev 11 points 1 day ago

Uh, certs are a huge deal in cyber security. Absolutely useless in most fields, but cybersecurity is not one of them.

[–] SaharaMaleikuhm@feddit.org 8 points 1 day ago (1 children)

So pen testing is a scam? I knew it! Opening all my ports right now.

[–] TriflingToad@sh.itjust.works 3 points 1 day ago

oh yeah I probably should close those unused ports I've had open since 2020...