You're viewing a single thread.
- No one's hiring you unless you have an OSCP or similar certification.
- A real pen test will set off all kinds of alarms.
- You don't get paid until you deliver a 100+ page report detailing what you did and your findings.
You hope it'll set off alarms. Sometimes it doesn't, mostly because they don't have monitoring setup.
Pen tests aren't cheap. Even basic ones are ~$20k. There's only 2 types of companies that bother with them: ones that care about cybersecurity and ones that have to do it for compliance (PCI/CMMC/etc). Both will have some kind of IDS and a SIEM.
Or because you hacked into the wrong company. This has happened multiple times.
That's what happens when you do off the book stuff on company time. Got to organize yourself better.
I've even heard stories of physical pen testers entering the wrong company. Oops.
You're implying that people who post on 4-chan have no clue how the real world works and no idea what business is like and how people make money!