Common mistakes every newbie pentester makes

We get a lot of new-comers who want to get into pentesting, so this might be of interest:

https://rawhex.com/2014/12/the-common-mistakes-every-newbie-pentester-makes/

Find more posts tagged with

Comments

JoJoCal19

Thanks docrice, great article.

cgrimaldo

Great article!

philz1982

Thanks for the share but seriously? These are the common mistakes? Holy crap batman! I thought the issues were going to be things like accidentally dos'ing networks or wiping out databases with a bad insert statement.

-Phil

JDMurray

The "Not Storing Evidence" section should be renamed to "Document and Save as You Go."

I would also add sections on "Not Able to Reproduce Results" for not having a resettable testing environment (usually provided by working from VMs) and "Not Knowing Time Saving Tricks." There are a lot of tircks not specific to pentesting, but useful to pentesting, that save a lot of time, such as how to easily convert between data formats (e.g., CSV to SQL), write useful SQL and LDAP queries, carving (log) file data using Excel, and Google hacking for information. Few things are more time-wasting than having to stop pentesting so you can teach yourself how to do something new that you need to get the job done. Those are expensive lessons learned on a fixed-rate job.

impelse

Good article. When I took one pentest training the instructor always repeat the saying: if I am going to cut a tree and will take three hours then I will spent more of my time sharping my tools

I cannot imaging updating your tools onsite and your vm cashed, lok

john13619

Thanks for this article

octobersveryown

as a wannabee pentester, this is great for me. Thank you!

p.s. I have create a thread at http://www.techexams.net/forums/security-certifications/107789-am-i-going-down-right-path.html. Any guidance would be appreciated!

yzT

I completely disagree with the using of the output of tools in a report. In fact, I consider this is a must-have, just you have to put it at the right place. At one place, you provide intelligence on the findings, at the other (usually, an annex) you **** the output of the tools.