Highest Rated Comments


DucBlangis420 karma

Pentesters usually have "get out of jail free" cards. Any pentester worth their weight will make sure to have all their legal bases covered with contracts, proofs, etc.

DucBlangis127 karma

Certifications (CEH, Security+, CISSP, etc) and/or a degree will usually do the trick. Although, I have heard of red teams with members who had no certs or degrees, they were just good at what they did and usually had some type of respect in the open source community, reverse engineers, etc. I'm kind of the opposite of what this guy does. I am a NetSec Administrator, the "defense" if you will. I love pentests, unfortunately we have only had 1. The red/blue teaming was the best part of school for me.

DucBlangis14 karma

I'll try and answer these. I am a NetSec administrator, I am basically "Defense" whereas he is "Offensive" but we go through a lot of the same training, and I do have to put on the offensive hat every once in awhile during Vulnerability Assesments and pentests on my own networks.

1) Certification and/or a degree. Certs such as CEH, Security+, OSCP, CPTS, LPI, CISSP, etc. Degrees vary. I have an Associates in Network Security and a BA in Network Engineering. Cert wise I have Security+, Networking+, Linux+, CCNA, VMware CPV and CEH.

2) Most red teams I know don't really work "part-time/full-time" gigs. I do, but like I said I don't do the attacking. I assume that OP can "break into" anything, most pentesters are not caught up in just one type of business, but because he knows his compliance (HIPPA and such) he is one of the first that medical places probably go to. And HIPPA covers all medical if I remember correctly not just Hospitals. ER, Plastic Surgeons, Family Doctors, Dermatologists, Methadone Clinics, etc.

3) I can't answer this one.

4) Most Pentesters I know have "get out of jail free" cards. Any pentesters worth their weight will have legal options covered long before starting anything. Whether it is written contracts, proofs, etc.

5) I can't speak for him, but I assume each place he "breaks into" has their own set of needs. Whether it is a Vulnerability Assessment or a full on Penetration Test would also make each job different. And I assume that not every job requires physical entry or social engineering. I know a lot of places specifically ask for you not to do those things during a pentest.

6) You can look these thigs up using Google. Basically look up how much different security positions (Auditor, Pentester/Certified Ethical Hacker, etc.) make.

7) I highly doubt this is of concern since these places hire him.

You said you were interested in this type of work, just so you know physical "break ins" and social engineering make up maybe 10-20% of the work at most, and a lot of places don't want you to do any of these things. You need to be good at a plethora of others things, a jack of all trades in the IT/infosec world. Coding/programming and Reverse Engineering, Networking, know how both Windows and Linux work (how they boot, the different file systems, internals, writing bash scripts, powershell, Active Directtory, blah blah blah), compliance and legal issues, Virtualization, Incident Response, APT's, malware, etc, etc.

DucBlangis6 karma

Yea, this seems to be the case. I've done 2 terms, once in California (was shipped between 3 different Prisons in the 3 years I was doing there) and the other was 367 days in AZ where I was in Eyman the entire time. The Cali. crime got me to level 2 and the AZ crime was just a drug possession case so I was in a level 1 setting. I've been in county jail numerous times, which can actually be far worse than Prison. All of this in my younger days, haven't been in touble in almost 7 years. But from what I've seen, and what I've been a part of, it seems as though different counties are different and there is a huge difference between States. California is a hard place to do time, everything is gang related. In AZ things were a lot more laid back. Each prison has a different culture, like the white boys had the upper hand in AZ where-as California the southeners (Southern Mexicans) seemed to be the big timers. Each race handles things differently and you can sense it when you get to "their" prisons. The problem is that everyone who wants to disrespect someone will say they are a chomo/chester even if that is far from the truth. Luckily you usually know this is BS since most Prisons, with a few exceptions like Colorado, house sex crimes, gang drop outs, informants, etc. in different housing structures than the rest of the population. Usually called Sensitive Needs or Protective Housing/Protective Custody(PC). It doesn't matter if you touched your 5 year old niece or are an ex leader of the Aryan Brotherhood, once you go to PC you are shit and you can never go back or you will be killed or at least given a $1.50 and a bad beating.