How to be a better pentester


2 min read

I was thrilled to have a chance to work as an Associate Security Engineer, mainly specializing in penetration testing.

Over the past 2 years, I have learned so much from my peers and the industry, that I can write a whole book about my experience. Below are some of the lessons that would hopefully help someone who has just started out as a pentester.

Recognize your flow

When you find a promising attack vector, make note of the flow of actions that you'll go through. For example, talk to yourself out loud: "I will run an nmap scan first, and then this, and that". If you're forgetful like me, write them down in your notes. You can even reuse the notes as a personal guideline for your future tests.

Explain the payload to yourself as you go

Try and explain the payload you're going to use to yourself see if it will do exactly what you want it to do. Ask yourself what are the expected results and what alerts it might trigger. Teach yourself as you go; you will remember it better and might find a different way to pivot if the payload fails.

If you're reusing a payload online, make sure to go through it line by line to ensure that it's not actually malicious to your program. Check which remote IP it's using as an example, because you might accidentally cause real-life damage to the application and turn this pentest into an incident response event.

Write amazing reports

Spell check, y'all

Your reports are the results of your sweat, blood and tears conducting pentests. Pentests are not easy, and you should make sure your report represents you, the meticulous you, and make it easy to understand and follow. Always always spell check. They should be as well-polished as the work you do during the pentest.

Have an executive summary

This condenses the results of the test and make it easy to understand to a C-suite executive. You never know how far your report might go internally, depending on what juicy findings you found.

Give detailed remediation steps

Give detailed remediations of how to fix the finding, since our job is to make security better, not harder. This is why our job is considered QA on steroids: we find bugs, and we should understand how to fix it. This is why Pentests are not easy, and why we get paid the big bucks.

Thanks for reading!