This topic contains 1 reply, has 2 voices, and was last updated by GuidedHacking 1 month, 1 week ago.
- August 10, 2020 at 9:54 pm #293300
hi i’m new to pentesting and cyber secuirty and i have a question if I’m doing pentesting for a company and trying to hack into their server and i scan everything and cant find any exploits that are known what do i do? do i need to learn exploit development and come up with a 0day?
if social engineering isnt an option.
- August 10, 2020 at 10:00 pm #293301
Even if you do not find vulnerabilities you should be able to write a report with recommendations on how they can improve their security posture. 99% of pentests are successful, they typically involve large networks and you do an internal and an external audit. It’s unlikely that you will not find vulnerabilities or security issues on the internal audit. If your job is only to hack 1 server externally, then yes it’s certainly possible you will not get in, but like I said most pentests involve multiple networks and a larger surface area. It really depends on what you are contracted to do. You are not expected to make your own 0days unless you’re doing some big juicy contract.
If you really can’t find anything, you would at least give a report on what you were able to enumerate in recon and give suggestions on how they can reduce the amount of info that can be gained through recon. If hackers find almost nothing during recon they will just move on, there is too much low hanging fruit around to be messing around with a secure target.
You must be logged in to reply to this topic.