The Cyber Threat Perspective Episode 67: A Day In The Life: External Penetration Testing
Nov 22, 2023
Tyler Roberts, an offensive security professional and penetration tester, takes listeners behind the scenes of external pentesting. He emphasizes the importance of meticulous planning and documentation for efficient testing. Tyler shares insights on day-one recon, the balance between automation and manual research, and the risks of forgotten client assets. He explores various attack strategies like credential stuffing and the significance of multi-factor authentication across cloud services. Ultimately, Tyler highlights how pentesters provide value by validating security processes and empowering IT teams.
AI Snips
Chapters
Transcript
Episode notes
Set Up A Master File Structure
- Organize every engagement with a consistent folder and naming structure before you start testing.
- Use that structure to avoid overwritten scans and to speed report drafting.
Collect A Detailed Scope Up Front
- Ask the client for a detailed scope including domains, subdomains and external IP ranges before testing.
- Request cloud resource details too so you don't miss public-facing assets.
Let Client Goals Shape Priorities
- Let the client's goals drive which systems and accounts you prioritize during the engagement.
- Still aim to surface as many vulnerabilities as possible within the time box to maximize value.