Highest Rated Comments

LeftOnQuietRoad3 karma

Any favorite methods for hiding yourself during pentesting?

Also I’m finding thinking about the “story” behind the implements is helpful because ultimately people decide what goes where. Are there any mental frameworks/mindsets/constructs that are helpful in pentesting?

LeftOnQuietRoad2 karma

I think I’ve found reading the “story” like a narrator is amazingly helpful. You know someone’s bread and rent are on the line to make the wall work, so what did they do? What did they over look. Watching that play out in my mind has lead to some interesting things, overlooked ports, strangely straight forward source code nabbing, etc. ultimately, every algorithm was made by a person. The real art is can curiosity/The Chase compel me to return 1000 times.

Holding ideas “loose” too, is helpful. Like what’s port 443? And 80? Do they talk? Oh. Can they? Can a combo of non-root processes bind a pair of ports.

We get fixed mental constructs and that become these cognitive silos we function out of. I think it’s perhaps the greatest rate limiting step across all trades: fixed thinking.