Pentest assignments with no ways in?
Hello all,
This may come across as, kind of, a stupid question, but I was wondering are there any fairly experienced pentesters around to tell me whether they ever ran into a pentest assignment in which they simply couldn't get access at all? Also, given that the ultimate goal of a pentest is to discover and verify exploitable vulnerabilities, were you ever in a position to find only theoretical vulnerabilities which simply couldn't be exploited in a way that you can achieve any meaningful access to further compromise the security (for example, you maybe get access, but cannot escalate privileges or cannot pivot successfully)?
Honestly, I'm asking this since I'm working for the company which have a very tight security (technical and administrative controls in place, along with mature patch management, IDS, SIEM,
Thanks.
This may come across as, kind of, a stupid question, but I was wondering are there any fairly experienced pentesters around to tell me whether they ever ran into a pentest assignment in which they simply couldn't get access at all? Also, given that the ultimate goal of a pentest is to discover and verify exploitable vulnerabilities, were you ever in a position to find only theoretical vulnerabilities which simply couldn't be exploited in a way that you can achieve any meaningful access to further compromise the security (for example, you maybe get access, but cannot escalate privileges or cannot pivot successfully)?
Honestly, I'm asking this since I'm working for the company which have a very tight security (technical and administrative controls in place, along with mature patch management, IDS, SIEM,
complex security procedures, access control system, on-premise security guards...
) and it seems they are looking to have a guy who can internally perform some more specialized things like pentests, and that job will be, most probably, offered to me. I asses my knowledge and skills to be fairly basic and junior level when it comes to penetration testing, so I can't say is it normal to not find any loopholes to exploit.Thanks.