As an Infosec specialist, you might have worked with tools like Nessus, Appscan, Acunetic etc. Well these tools kind of give a pentester an easy time during an engagement.
Organization throughout the world who have security departments that test vulnerabilities in a daily basis use the same tools for easier scans on their subnets, but they also contract Security Specialists for a view above the scope. Its more money on their budgets so they always expect a better addition of the value they are procuring for.
The other day, i was looking at some reports done by a very powerful company that specializes with AV (Anti-virus)and also on with PT(Penetration Testing). From such AV cooperations i was expecting real good reports but all i could see were copy pastes from Nessus plugins. Many question unanswered there......
One of the questions i asked myself was, why not just buy a scanner and leave it running for your report?
Another question that truly comes up is, will the bad guys be doing the same?
Anyone who has answers, please post below.