Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The reason its banned in OSCP is because the OSCP is in no way representative of a real world engagement.

The OSCP places a premium on hand jamming commands and doing everything manually, banning automation, because its trying to test if you understand the fundamentals.

Out in the real world, automation is encouraged. The goal is efficiency - getting the job done within the timeframe allowed by the client. Doing everything manually is horribly inefficient when you are on the clock.

It does annoy me that people take the wrong message from the OSCP, you should be automating away as much as possible so you can spend more time making novel discoveries and giving value to your customers.



I see what you are saying but engagements are not a matter of speed only either, you have restrictions and opsec requirements that prohibit you from automating certain things. If you have a decent EDR for example, even if you can evade the NGAV component,at least one of the commands LinPEAS runs will trigger an alert if the process execution alone is logged.


In the vast majority of pentests those concerns are largely irrelevant.

The goal with most pentests is to provide maximal coverage in a time window.

They may be relevant in red team engagements, which tend to happen over a longer timeframe anyway.


Really? Isn't coverage for vulnerability management and pentesting always has a specific goal like "get domain admin"? Honestly asking, I do offensive security but never been a pentester.


More mature clients these days want pretty broad coverage as well as "get DA" (or other "goal") out of their engagements, in my experience.

It's been kind of interesting seeing things change over the years - from strictly goal oriented, to the era of the Nessus Monkey (vuln scans sold as pen tests), and then back to goal oriented but now with additional coverage requirements.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: