Penetration testing agency

Without naming names, there are currently several users working for established pentesting companies. Hopefully one of them will respond with their ideas.

Personally I have little knowledge of the real world of pentesting, but wish you luck! Can you pentest an ex-girlfriend for me? :)

Hi dalfor,

Thank you for the good wishes.
i really do hope that i get some good feedback and maybe some help.

As far as your request goes, it kind of made me laugh… (not to be rude, just a odd request)
I don’t think its morally right to do that, mainly because a pentest is conducted against an organization with permission of the owners.
you asking me to pentest.. and i think the right word here is hack , your ex, means i will need permission from her,

Sorry mate,

Nothing rude, all who know me know that I was being funny - I would be the last person to hack a live system.

Still good luck :)

Im starting to like your ways dalfor…

There is already thousands of companies doing exactly that. On top of that, most pen testing is just social engineering.

Anyways, if you were to do this then you will need a few things.

1. You must have a group that you can trust. (Say you get hired by a bank, and everything goes well. What is to say one of your hackers doesn’t hack right back into the bank and leave you as the target.)
2. You must already have companies asking you for help already. (Pen testers tend to get paid an easy $70k-$120k)
3. You MUST have really good lawyers. (Some companies will try to mess you over)
4. You must keep up to date with all the certs, and everything else. (Even if you don’t have the certs. You need to know what’s what so you can tell which hacker to do what)

Oh and another thing. If you do this, you may want to actually give a starter bonus to trusted hackers to get things started. Hacking does cost money to do (time, electricity, parts, etc.)

But, let me know if you get things started.

I see what you mean, and yes there are many companies out there who actually doe this, but,
you assumed I will be doing this is the USA or well any country on the dollar.

Nope, I’m located in South-africa, where believe it or not we do have banks ISP’s and huge corperations, who are very liitle aware of the importance of internet and network safety.

so no there arent many copanies that do this out in SA.

I am also aware of legal, finacial and “being up to date” factors this will require.
Im not just going to wake up and start hacking places.

Like any business, a customer base is important, so why not first build one.

YA, this thing can go global, but its not just any guy who says he can hack that will be concidered, It will be those who can prove it.

Registaration will be bound to validation of information provided, Personal, educational,and yes I will have background checks done.

Thank you for input.

@michael.vanstaden9208

What I said will apply world wide. Even if you aren’t in a super power, the law still will apply to you in some way. A small example of this is what the USA did to the Mega Uploader CEO. He never was a USA citizen, but he was raided by USA agents and being brought on USA laws.
There is tons of examples where the super powers actually kidnap people they didn’t like, and brought them in their courts. Many of the times, they have to serve a 100-200 year sentence.
There is also a ton of examples where someone PO the super powers, and they were picked up in a black car. Then they drop the person off in another country so the locals will kill you (that or they just push you out of a helicopter).

It isn’t a joking around thing, and even citizens of super powers get treated the same way.

That aside, hacking is still hacking no matter where you are at. Nearly 97% of pen testing is social engineering. This means you must have someone already near the company.

Anyways, Africa is a really good place to start this since it’s going to be the new China (everything being built there). There is plans to improve it within 15 years, so major factories can move from China to Africa.

I was determined not to post here as after deleting my HackThis account, I intended it to be inactive, but the more I see here, the more I am itching to post.
@crua9 is totally 100% correct, and there are more factors than even he has mentioned.
You will need a VERY clever team of lawyers. I do work for a pentesting company (Check this out here - I’m 2nd from the bottom https://www.nethemba.com/who-we-are - slightly out of date as I do now have a degree) and we have run into some very nasty legal issues in the past.

A customerbase before you start is VITAL, the company I pentest with are internatonal and cover even those parts of the world who are apparently not so ‘clued up’ on security.

What is your experience? If you are going to be reading through and ‘analysing’ reports, I would expect you to have a lot of certs, particularly OSCP, CISSP, LPT, and many along that route, and have been in a pentesting position for at least 3-5 years. A degree would also be useful.

Failing all this, I doubt many skilled hackers will take this post seriously.
Regardless - All the best.

sabretooth

I need to edit to say that in my case (and that of our company) pentesting and social engineering are treated as two separate tests (and are therefore paid as separate tests) so when we perform an OS test, Network test, Smartphone, Server, Webapp test and so on, we do not rely on social engineering at all. This is due to the fact that we do not feel it is right to say ‘We got root on your system due to x giving us the password’ and totally ignore or not discover the fact that it can be done without such ties to the company simply by an LFI or something similar due to running out of time which we spent chasing the company receptionist :) We keep the technical aspects separate from the … let us say… persuasive aspects :)

@michael.vanstaden9208 dude how long have you been in pentesting? pm me I’m in the 011 boetie

dedsec_shadow im in 012, popped you a PM