I have a pen tester interview coming up. What are some questions theyll ask?

I have a pen tester interview coming up. What are some questions they’ll ask?

  1. 2 weeks ago

    I'm gonna plop my cock on this desk, can you find a way to find the scrotum with your tongue?

  2. 2 weeks ago

    "you aren't using kali linux, right?"

    • 2 weeks ago

      From what I know for Cysa+, CEH, CISSP, etc. Kali Linux is frequently mentioned. And if you go to college for a Cyber security degree there's a good chance they'll have you use Kali.

      I died a little when I found that out.

      • 2 weeks ago

        >fork debian
        >break it
        >install a bunch of mostly useless tools
        >muh epic h4X0r OS
        nvm the fact they make you pay a grand to learn how to break an HTB medium box at best

  3. 2 weeks ago

    "Can you hack my gf's instagram/facebuk account?"
    "Can you hack this bank here and transfer some money over to my account?"
    shit like that

  4. 2 weeks ago
    Sneedy Pie

    "who sent you?"
    "do you know marshviperx?"

  5. 2 weeks ago

    probably just nmap & metasploit bullshit, honestly pentesting is the IT equivalent of QA monkeys in programming
    >muh cybersecurity
    most of these retards couldn't even exploit a basic buffer overflow on a 2000's machine

    • 2 weeks ago

      This. All the certifications are a complete joke so this is a natural outcome.

    • 2 weeks ago
      Sneedy Pie

      i have a bachelor's cybersecurity and I'm fucking retarded

      • 2 weeks ago

        >can't build it
        >can't understand it
        >can't secure it
        simple as

  6. 2 weeks ago

    I'd ask
    - what's your specialty? (every pen tester has one: physical security, recon, initial access, persistence, lateral movement, exploitation, exfil)
    - different ways you could do recon
    - different types of password attack
    - what's MITRE?
    - tell me about your personal infosec (I'm looking for password management, multi factor, use of harware keys, etc)
    - what's hydra?
    - what's metasploit?
    - recent developments that are notable?
    - what's your preferred toolset? (really don't care about the answer) why? (this is what I care about, you need to be able to demonstrate your choice is informed, or that you can at least defend it)
    - any experience w/ Burp Suite? tell me about it.
    Were I the hiring manager, I'd try to get you talking. Then drill toward exhaustion. Not to be a dick but to see how much you truly know about a topic, if you're willing to admit "don't know", what you'll do when you hit "don't know", and if you can hear yourself talk. Yes, infosec is lots of tech, but there's a people / team component. You need to be able to speak and communicate.
    - do you have any certs? why did you chose that cert? how did you prepare? what domains in that cert were the most difficult?
    - tell me about your home lab. If it's "lol, cable modem, that's it" and nothing else, you're probably done unless you can describe a compelling VM setup hosted somewhere
    - as a pen tester, you better be able to describe "rules of engagement" and what should be in it
    - ditto with "scope of work"
    - what do you do if you discover you inadvertently exceeded scope of work? (nebulous question, but important, you will fuck up eventually and tip over something you're not supposed to tip over, what do you do then?)
    - how would you image this hard drive? (should mention "write blocker", a proper imaging tool, and start talking about "chain of custody")
    - tell me about your last engagement (looking for you to tell a coherent story, not ramble)
    t. infosec hiring manager

    • 2 weeks ago

      >would scrap a strong candidate for not having a home lab

      • 2 weeks ago

        Ok smart guy, how do you learn? how do you stay current?
        > new exploit comes out
        > how did you hear about it?
        > how do you learn what it does?
        > ok, don't have a home lab?
        > do you work through junk email to see what the attack vector is?
        > is there a dropper? is there a link to a malicious site?
        > do unpack payloads?
        > don't have a home lab? that's fine, as long as you can intelligently articulate "how I learn"
        > and no, "Twitter / tiktok" isn't a sufficient answer

        • 2 weeks ago

          >new exploit comes out
          >wooozaaa new exploit just dropped my fellow cybersecurity professionals
          >lets run it against my epic raspberry pi homelab
          >watch and learn kiddos
          this is what you call reddIT

        • 2 weeks ago

          >ok smart guy
          Bro you are such a midwitt.
          I’m MD that switched to pentesting and if someone started asking me such questions I would just start joking around lmao. HR ladies get wet just at the sight of my CISSP and OSCP. No need for some nerd trying to show how smart he is

    • 2 weeks ago

      >what's your specialty
      breaking shit
      >do recon
      call their help desk
      >password attack
      access the network share with all the old files and find the standard credentials they use everywhere written down in some random excel
      >what's MITRE
      corpo bullshit
      >personal infosec
      I'm young & poor
      >what's hydra
      >what's metasploit
      >recent developments that are notable
      pissed off hr
      >what's your preferred toolset
      nmap, scapy, cve database
      because everything else is for children
      >burp suite
      no, idc about your shitty web-server, it's sitting in some dmz behind a pa or forti anyways
      >home lab
      company has an actual lab, don't need toys at home
      >rules of engagement
      you won't know anyways or blame me either way
      >scope of work
      until I'm bored
      >exceed scope of work
      blame it on the network team
      >image this hard drive
      I'm not doing digital forensics retard
      >last engagement
      I watched videos behind a paywall, because doing useless shit is not my day job

      • 2 weeks ago
      • 2 weeks ago

        the literal definition of a script kiddie good luck landing any job with that

      • 2 weeks ago

        based chad

        the literal definition of a script kiddie good luck landing any job with that

        cringe larper, nmgi

  7. 2 weeks ago

    they'll ask you to click the top to see if the nub thing pops out of the bottom

  8. 2 weeks ago

    Are you ready to get penetrated?

  9. 2 weeks ago

    >is this a pen?
    >no further questions

    • 2 weeks ago

      The trick is that it's actually a mechanical pencil, so make sure to write with it before saying yes or no

  10. 2 weeks ago

    how to pen test for my niece's virginity?

Your email address will not be published. Required fields are marked *