Junior team members
Fuck knows how long it is since I posted on here. Hi again. Miss me?
I bet.
Anyway, the resurrection of this little vitriol dumping ground is due to some fuckwittery on my colleagues part.
Background: we're all pentesters.
I'm working on a web app test, which is mildly interesting. As a sidebar, I have a VPN test which has been causing me pain due to errors with the certificate auth. As a sanity check, I asked a colleague to install the client, and test....
Same error.
Fine. Troubleshooting continues. For expedience, we decide to dispense with the certificate auth, as it's not pertinent to the actual scoped test. I no longer have the client installed, as it b0rked my laptop for four hours when I tried to uninstall it, so I have been proxying testing via the aforementioned colleague.
So, I ask him to check the user logon and 2fa work as intended.
WAIT. No. He's still got a test running.
Ok, that's fine... I don't expect him to trash current testing to do me a favour.
Hang on.
He's been given an application test which is effectively three login portals (which is really one login portal accessed three different ways). He's been running sqlmap against the username and password field since yesterday morning. That's his current testing... he's still sqlmapping a login portal. TWO FUCKING DAYS he's been at that. For the uninitiated, once it's kicked off, you get to watch it tell you what it can't find, until it does find something, which in his case it hasn't. He's spent two days watching a script say "NOPE" every couple of minutes.
I'm hard pressed to tell if he's dedicated, optimistic, or just bloody lazy.
I bet.
Anyway, the resurrection of this little vitriol dumping ground is due to some fuckwittery on my colleagues part.
Background: we're all pentesters.
I'm working on a web app test, which is mildly interesting. As a sidebar, I have a VPN test which has been causing me pain due to errors with the certificate auth. As a sanity check, I asked a colleague to install the client, and test....
Same error.
Fine. Troubleshooting continues. For expedience, we decide to dispense with the certificate auth, as it's not pertinent to the actual scoped test. I no longer have the client installed, as it b0rked my laptop for four hours when I tried to uninstall it, so I have been proxying testing via the aforementioned colleague.
So, I ask him to check the user logon and 2fa work as intended.
WAIT. No. He's still got a test running.
Ok, that's fine... I don't expect him to trash current testing to do me a favour.
Hang on.
He's been given an application test which is effectively three login portals (which is really one login portal accessed three different ways). He's been running sqlmap against the username and password field since yesterday morning. That's his current testing... he's still sqlmapping a login portal. TWO FUCKING DAYS he's been at that. For the uninitiated, once it's kicked off, you get to watch it tell you what it can't find, until it does find something, which in his case it hasn't. He's spent two days watching a script say "NOPE" every couple of minutes.
I'm hard pressed to tell if he's dedicated, optimistic, or just bloody lazy.
posted by Subscribed at 4:22 PM
0 Comments:
Post a Comment
<< Home