An average day in the life of a pentester

Recently I was asked to write a blogpost about “an average day in the life of a pentester”, and I must say I had quite a bit of trouble writing it at first. The thing is, as a penetration tester, there aren’t that many “average” days for you to have.

One day you could be sitting in the comfort of your bedroom, compromising the external perimeter of a client’s network during an infrastructure pentest. Taking over multiple domain accounts and trying to elevate your privileges to the highest level, all while sipping coffee.

The next day you could be laying in the woods across from a large corporations’ headquarters, trying to compromise their network using a long-range WiFi antenna, whilst hoping it won’t be raining any time soon.

And then there are those days where you spend hours upon hours trying to write that one payload you need to get through a client’s web application firewall, just to prove there is a serious vulnerability lurking in one of their websites which an attacker with enough dedication could easily abuse.
These are just 3 examples of actual days I have had in the nearly 6 years of my career up until now at tSF. And although not all days are as “spectacular” as these 3 examples (there are also many days spent writing security assessment reports and reading and condensing various whitepapers) they do give a nice idea on the variety in the type of work we do.
A nice quote which I think summarizes all that is great about a career in pentesting is the following (from season 2 of Mr. Robot):“Domain Admin. This, the thrill of pwning a system, this is the greatest rush. God access. The feeling never gets old.”
And that is indeed the case, it never gets old.Whether it is getting domain administrator privileges in an enterprise network, gaining full read and write access to the database behind a web application, rooting an IoT device or simply seeing that alert box popup on your screen while testing for Cross-Site Scripting, it never fails to give you that rush.
At the Security Factory, we are all pentesters at heart, we are all ethical hackers.We are the guys who hack you so we can tell you how to prevent the bad guys from doing the same thing.We are the people who help securing your systems and applications by showing you that maybe, just maybe, they weren’t all that secure in the first place.
And so, by combining our manual pentesting approach with the continuous sharing of knowledge within our team, we try to help making the digital world a little safer, one not-so-average day at a time.

Ward Vermeulen Technical Lead Penetration Testing @ tSF

Want to get acquainted with ethical hacking, learn more about how Ward and the tSF team can help you?