The World's Worst Penetration Test Report by #ScumbagPenTester

docricedocrice Member Posts: 1,706 ■■■■■■■■■■
Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/

Comments

  • Master Of PuppetsMaster Of Puppets Member Posts: 1,210
    This was an epic read. Thanks for sharing! And here I was thinking that it is extremely unlikely someone will get hired as a pen tester without having at least decent skills. If that's the case I can become a pen tester right now and kick ass :D
    Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. My crime is that of outsmarting you, something that you will never forgive me for.
  • proph21proph21 Member Posts: 34 ■■■□□□□□□□
    My day has been brightened by the power of laughter! Thank you for sharing this fun article :)
  • NotHackingYouNotHackingYou Member Posts: 1,460 ■■■■■■■■□□
    Oh this was a good one. “MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections.” Uh, what?
    When you go the extra mile, there's no traffic.
  • GarudaMinGarudaMin Member Posts: 204
    Well, at least it didn't say
    MySQL configured to allow connections from 127.0.0.1. Recommend configuration change to not allow remote connections FROM 127.0.0.1

    I wonder what he would say for ::1 :D
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    LOL...this is awesome. Thanks for sharing icon_thumright.gif
  • datacombossdatacomboss Member Posts: 304 ■■■□□□□□□□
    Sad. Many of the folks coming to IT since the mid 00's, should be pressing the pictures on the registers at McDonald's.
    "If I were to say, 'God, why me?' about the bad things, then I should have said, 'God, why me?' about the good things that happened in my life."

    Arthur Ashe

  • cyberguyprcyberguypr Mod Posts: 6,928 Mod
    Only two words describe this: EPIC FAIL.
  • CoolAsAFanCoolAsAFan Member Posts: 239
    Wow. I mean I'm pretty noobish with infosec, but even with my limited knowledge, I still found this pretty funny.

    My favorite was, "Fixing the configuration will no longer allow evil connections by evil connection for configuration of server."
    IvyTech - AS CINS (Completed: May, 2013)
    WGU Indiana - BS IT Security
    (Started: August 1st, 2013)

    Transferred: AGC1 CDP1 BVC1 CLC1 CVV1 DHV1 DJV1 GAC1 CIC1 CDC1 UBT1 IWC1 IWT1 TCP1 TJP1 TJC1 EBV1 WFV1 EUP1 EUC1 CJC1 UBC1 TBP1
    Completed: CUV1 BOV1 DRV1 DSV1 CTV1 CJV1 COV1 CQV1 CNV1 TPV1 MGC1 TXC1 TXP1 BNC1 TYP1 TYC1
    Required:
    SBT1 RGT1 RIT1
  • SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    lol, i would have kicked the trashcan too. I'm not a pentester and I could make a better report. Guess I learned something in those courses...
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    Hard to believe that is real... wow.
    Working on: staying alive and staying employed
  • itsgonnahappenitsgonnahappen Member Posts: 95 ■■■□□□□□□□
    I read this the other day and came dangerously close to spitting out my coffee in laughter. This piece is priceless:

    While no issues were found on this portion of the network, issues may or may not exist until they are found.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    A good chunk of the beratement is because of the Indified English in the written report. Is this what people mean when they complain about the poor grammar on the CEH, CHFI, and LPT exams?
  • cgrimaldocgrimaldo Member Posts: 439 ■■■■□□□□□□
  • colemiccolemic Member Posts: 1,569 ■■■■■■■□□□
    JDMurray wrote: »
    A good chunk of the beratement is because of the Indified English in the written report. Is this what people mean when they complain about the poor grammar on the CEH, CHFI, and LPT exams?
    I think that has a lot to do with it... plus the fact they bill themselves as the 'premier' IT security certification body. Sorry, but if you want to claim you are top of the heap, you need to have your house in order, and be professional and exacting in grammar and spelling. The CEH and CHFI fail spectacularly on both counts. Maybe I just get in a snit because I used to be an GLBA auditor, and my mom was a librarian... but I can't stand it and it makes me think they are unprofessional, and if they aren't willing to pay someone to get that right, what else are they cutting corners on in the name of profit (*we all know the answer to that now, LOL) As far as I am concerned, in InfoSec, you had best be swinging for the fences in getting it right. They don't make that effort.
    Working on: staying alive and staying employed
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    Many days ago I read this article, and it is not only in the security area, they are doing the same with other IT sides.
    Stop RDP Brute Force Attack with our RDP Firewall : http://www.thehost1.com
    It is your personal IPS to stop the attack.

  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    Speaking of the high quality that EC-Council brings to the table...

    Some of you may have already seen this, but EC-Council was breached last week (in the very least, the victim of DNS hijacking).

    EC Council website that certifies ethical hackers has been hacked | Latest News & Updates at DNAIndia.com
Sign In or Register to comment.