• HubertManne@moist.catsweat.com
      link
      fedilink
      arrow-up
      31
      ·
      7 days ago

      or like a detailed report. I bet you could make a standard report and just change a few things and maybe pull the scam sometimes. The hardest part I think would be getting someone to accept from a cold call. Would need to be pretty stupid to do that to begin with.

      • mosiacmango@lemm.ee
        link
        fedilink
        arrow-up
        30
        ·
        edit-2
        7 days ago

        The reports list your hardware on them generally. They need access into your network.

        The truth is that instead of faking it, you just do an actual pentest. It is generally a mix of FOSS tools like kali, metasploit, nmap, etc and pay tools like nessus. These can all be automated.

        Charge the money, mail them a pre setup laptop, then hit the “go” button and still sit on your ass for a week.

        • HubertManne@moist.catsweat.com
          link
          fedilink
          arrow-up
          17
          ·
          7 days ago

          I was thinking this. Get a nice format with letter head or whatever for dumping from the tools but now its almost like an honest living. ewwww.

        • Kusimulkku@lemm.ee
          link
          fedilink
          arrow-up
          10
          ·
          7 days ago

          They need access into your network.

          “Sir we found an issue in your security practises. You let some rando into your network. That’s a terrible idea. My invoice is in the mail.”

          • stetech@lemmy.world
            link
            fedilink
            arrow-up
            1
            ·
            2 days ago

            You jest, but I’ve read somewhere it’s actually reasonable to provide some amount of info or access to pen testers… since they’re just gonna find out anyway, but if you pay them for a week, you might as well not waste the first 3 days to have them figure the basic setup which doesn’t have an effect on the security analysis/outcome.

          • cactusupyourbutt@lemmy.world
            link
            fedilink
            arrow-up
            6
            ·
            6 days ago

            I was asked to review a project of another company, and needed access to their documentation for that. they gave me access to their whole wiki instead of just a part of it. definitely included that in the report