The World's Worst Penetration Test Report by #ScumbagPenTester

docrice · February 2014

They say laughter can balance out stress:

http://it.toolbox.com/blogs/securitymonkey/the-worlds-worst-penetration-test-report-by-scumbagpentester-58747

Master Of Puppets · February 2014

This was an epic read. Thanks for sharing! And here I was thinking that it is extremely unlikely someone will get hired as a pen tester without having at least decent skills. If that's the case I can become a pen tester right now and kick ass

proph21 · February 2014

My day has been brightened by the power of laughter! Thank you for sharing this fun article

GarudaMin · February 2014

I hope it's not George.
The Chronicles of George

NotHackingYou · February 2014

Oh this was a good one. “MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections.” Uh, what?

GarudaMin · February 2014

Well, at least it didn't say
MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections FROM 127.0.0.1

I wonder what he would say for ::1

NovaHax · February 2014

LOL...this is awesome. Thanks for sharing

datacomboss · February 2014

Sad. Many of the folks coming to IT since the mid 00's, should be pressing the pictures on the registers at McDonald's.

cyberguypr · February 2014

Only two words describe this: EPIC FAIL.

CoolAsAFan · February 2014

Wow. I mean I'm pretty noobish with infosec, but even with my limited knowledge, I still found this pretty funny.

My favorite was, "Fixing the configuration will no longer allow evil connections by evil connection for configuration of server."

SephStorm · February 2014

lol, i would have kicked the trashcan too. I'm not a pentester and I could make a better report. Guess I learned something in those courses...

colemic · February 2014

Hard to believe that is real... wow.

itsgonnahappen · February 2014

I read this the other day and came dangerously close to spitting out my coffee in laughter. This piece is priceless:

While no issues were found on this portion of the network, issues may or may not exist until they are found.

JDMurray · February 2014

A good chunk of the beratement is because of the Indified English in the written report. Is this what people mean when they complain about the poor grammar on the CEH, CHFI, and LPT exams?

cgrimaldo · February 2014

wow. lol

colemic · February 2014

JDMurray wrote: »

A good chunk of the beratement is because of the Indified English in the written report. Is this what people mean when they complain about the poor grammar on the CEH, CHFI, and LPT exams?

I think that has a lot to do with it... plus the fact they bill themselves as the 'premier' IT security certification body. Sorry, but if you want to claim you are top of the heap, you need to have your house in order, and be professional and exacting in grammar and spelling. The CEH and CHFI fail spectacularly on both counts. Maybe I just get in a snit because I used to be an GLBA auditor, and my mom was a librarian... but I can't stand it and it makes me think they are unprofessional, and if they aren't willing to pay someone to get that right, what else are they cutting corners on in the name of profit (*we all know the answer to that now, LOL) As far as I am concerned, in InfoSec, you had best be swinging for the fences in getting it right. They don't make that effort.

impelse · March 2014

Many days ago I read this article, and it is not only in the security area, they are doing the same with other IT sides.

NovaHax · March 2014

Speaking of the high quality that EC-Council brings to the table...

Some of you may have already seen this, but EC-Council was breached last week (in the very least, the victim of DNS hijacking).

EC Council website that certifies ethical hackers has been hacked | Latest News & Updates at DNAIndia.com

The World's Worst Penetration Test Report by #ScumbagPenTester

Comments