what i do?

Am an Information Risk Consultant and Penetration Tester, i specialize mostly in penetrating secure networks/computer systems where i simulate an organized professional attack against your organization, where after that a detailed report with weakness and exploited vectors are summarized. This will help you gain control over your infrastructures security and maximize your protection.

Friday, February 21, 2014

HOW THEY CONFUSE CLIENTS TO THINK ITS EFFECTIVE



a) We will do for you a Polymorphic Testing

There is nothing like Polymorphic Testing, there are three types of testing, Blackbox, Whitebox and Graybox. Polymorphic is part of Advanced Persistence Threat Assessment which is mainly used on  a BlackBox Penetration testing. It works together with Social Engineering Assessment, RedTeam Assessment and External Assessment.



b) We will do a BlackBox Assessment

There is nothing ever, forever ever called Blackbox Assessment. This is used by a lot of companies to justify why they can't use other Assessments to issue a full test on your organization. Its called BlackBox Penetration Testing



c) Red Team is not a part of Testing

F%^%&^&& sh%%^%!!! Red team Assessment is part of BlackBox. Blackbox comes from the word Blackhat, and who are the biggest Blackhats ever, yes; the Government. They do all this on you a lot. Protect yourself from these guys especially the Rogue Government operators.

d) We will do a Pentest in 3, 4, 5, 10 days

Holy sh*$^!! Who does that!!!!
Yes Skiddles

e) We need your IP Address and Links to perform the BlackBox

Well, Blackbox is my specialism and i know asking for IPs and system information during a blackbox Penetration testing is a NONONO!!! I have heard companies that do Security ask for these, whenever i hear this and whenever they ask for such info, yes, a Kitten dies.

f) We can do a Code Review in One Day

Actually i heard this the other day i almost puked. Unless its just 100 to 200 lines of code, this is a bullshitter bullshitting other bullshitters

g) Too Much PaperWork

Most of the Pentest reports go to techies in the firm to fix the issues. Do you think they read these reports? This is just a way to show you they worked, when everything on that report is nmap and telnet grabbing banners and the CEOs can't understand anything, so they take advantage of that.
Quality is better than anything to a client, do real Penetration testing, people are reading this blog and others and they will soon know they are getting conned, with their skirts up on the streets.

e) Internal Blackbox

There is nothing like Internal Blackbox Penetration testing. When you are working from a client office, that's either Gray Box or White Box.

KEEP IT REAL

No comments: