PenTest Scrubs Week 3-4

Week 3
I missed an update last week! Anyway, we had our WebApp practice engagement and sign off. It was really nice to be able to get a handle around writing reports and cleaning them up for clients.

Chaz keeps showing me this one pic from Twitter where the dudes like "Popping boxes gets you acolytes but writing reports gets you paid" and it's pretty hilarious.

Anyway week 3 went by pretty slow and we just worked on our practice engagement the whole week.

We got another co-worker this week, and whatya know it's another one of the Twitter/slack fam. Chaz literally knows everyone, we are taking over the NYC office.

Week 4
Week 4 was a lot more interesting, we actually got to work on our first real engagement this week. Unfotunately, Chaz and I were on different engagements :( - Still we both did really well.

I learned a couple of valuable lessons this week:

  • Make sure you have all your prerequisites for a job handled a week before the job starts (eg: you have working logins, and access to whatever you are testing) - otherwise you'll look like an idiot asking for it the day before it starts.
  • Take it easy and take a few steps back with any high or critical findings and really analyze it. It's easy to get carried away and make a mistake in reporting these to clients.
  • Clients might downplay your findings to save face, it's not the end of the world.
  • NEVER stop looking for the flag.txt

Other than that, it was a pretty straight-forward engagement. Nothing too crazy, but good practice communicating with clients (Which I'm bad at 'cause I'm a social retard).

Well anyway, I love this job. I also finally got to meet overcast from HackTheBox for beers Friday night. Dude is AMAZING! <3

Sincerely,
A PenTest Scrub

Elijah S.
Written by

Elijah S.

I'm just a nut obsessed with information and network security :)

Read More