Pentesting is NOT what I expected 

Slowly, and methodically, poking, prodding, researching, and documenting. Probably not a career path for everyone, but it's what I'm working towards.

we are at the same boat, as a plain pentester you cover literally every struggling that we find on the week tests, along side the exploitation totally agreed to everything you said.

Great to see your progress.

Here is my personal opinion and experience: This totally depends on the company you work for and the clients you work with. Each has its approach. My current role focuses on displaying impact, so we are trying to get code execution and steal admin accounts via XSS but with longer engagement windows. My last role was focused on checking the boxes, finding vulnerabilities, and less on exploitation. Reporting among each org has been the most important aspect of the job and people do need to understand that before jumping in. You should have strong verbal and written communication skills… Great video man! 😊

After watching the video and reading the comments, sounds like the general approach you should go in to pentesting with, atleast for entry level, is “How can I help the client improve their security”, rather than, “How can I hack the client”. Very insightful!

Thanks for sharing your experience!

Most people just see the glamorized part of pentesting from movies, but in reality a good pentester is more 60/70% consulting and 30% actual hacking. I've seen lots of pentesters forget that the report and the interaction with the customer is the actual product, your technical wizardy comes second. I've had more impact helping a customer just talking to them for two hours brainstorm problems than a 60 page PDF document ever will do

First thanks for the insightful I definitely have the HTB approach I love it! However it lets me know I need to slow down. So, if you are looking for “Width,” as you say. Instead of “Depth” doesn't this make things a bit more easy… More work, of course. Sounds more of a bug bounty

We have extremely similar career timelines… I too remember realizing the RCE sprint and local privesc drilled into me from HTB was so unrealistic. I used to do so many boxes but now getting “root” feels laughably convoluted. CTFs are fun but not very helpful past a certain point… red team labs though are however quite useful

Good to see you're confidence levels growing mate. Appreciate the content! I'm sitting my OSCP exam next month but still know very little coding. Will probably try to put a block of learning in after the fact. Were you able to code proficiently in any language prior to starting web app testing?

When I was watching this video the words were not aliened with the mouth, did someone hack my computer?

I have my first gig as a Pentester/Red Teamer/Trainer starting in October. Ill report back on how I experience all of this

My pentest team does a htb session together on Friday afternoons. So we can do some of that depth testing. Best to keep up with how to do that. You so we don’t lose that depth test ability while pentesting.

Thank you for this video.

Keep in mind clients are not paying for you to hack them. They are paying for the report you give at the end of the test.

Nice video man!

man you room is too cool 😁😁

Thx

Not in it yet, been trying to get into infosec for a while now with existing sysadmin experience for almost five years, seems impossible to break into it at times. Hard to pick and choose what to spend time on when it comes to learning, red teaming or general offensive security would be the dream for me right now.

Bro , u never mentioned any pen test product beginners can start learning n practicing , pls include in ur future videos. Thank you for this video time n effort n passion goes with its creation!!!

Is there a difference between ethical hacking and pen testing?

most pentesters say their job is boring. Or you can hear it in their tone.