CluelessPentester

>Most of the security work is done by us, platform engineers/ Sys Admins. That probably explains why there are dozens of security incidents in the news every week.

Im tired boss

Visit us at r/homelab or r/homenetwork

Holy shit what do you even do in that case? Entire company is just cooked.

Don't pin me on this, but I think you need to do some extra steps to activate it on 98 and 2000. But I am sure the windows admins here know that alot better than me. I just know from previous experience, that some companies have uhh interesting legacy systems.

Others already answered your question but please make sure that all the important services/servers can actually speak NTLMv2 before you deactivate LM/NTLM. Otherwise you might be in for a nice big surprise when you come back to work the next day.

Worse functionality than a ton of tools like nmap (or its windows equivalent) and also a subscription for a fucking ping and nslookup

Its still a centralized node that you can put specific care into, instead of worrying about a bazillion hosts exposing RDP to WAN.

If you are a full windows shop I would recommend using Sentinel as a SIEM. Will be a lot easier to integrate and maintain, as it neatly integrates in the ecosystem. Atleast if you can afford it

Your whole org sounds like shit. Why doesn't security prioritize? It's literally their job to make a risk assessment. Why do you even have hundreds of unused, vulnerable libraries? Also, just because something is not reachable externally doesn't mean you can just ignore it. All it takes is just one successfully phising mail to go from "This isn't reachable from external" to "Oopsie, our whole domain just got encrypted." Your company needs to fix its processes and needs clear policies for risk assessment, remediation strategies, and first and foremost responsibilities and accountability.

On top of what the others already said, you can also ask about methodology. How do they go about a pentest for your specific environment/service? Ask for specifics, where they usually find vulnerabilities, etc. If they just say "We do a Nessus scan" or "Yeah yeah we totally do some manual techniques", they are probably bullshitting you.

I mean that goes with everything. Why the fuck would you expose your firewall dashboard? And yet people still do it and get pwned.

Assume the worst and CYA. Better safe than sorry.

>To a network engineer, "Clueless Pentester" is redundant terminology. Cool, I'll make sure to remember it the next time when I pop DA or pivot unhindered around in a network and prepare my report for the boss of people like you.

>I gave my opinion on using an open source app to protect my infrastructure. I clearly said it was an opinion. "It's just an opinion bro" doesn't mean someone else can't call you out. Especially if you voice an uninformed opinion at the same time as you say "I'm not informed enough" (why even make the post then?) Just check the security advisories for big commercial FW vendors like Palo/Forti/etc. vs. the advisories of pfsense/opnsense. That should tell you everything about >software of the FW being an open book for the world to create vulnerabilities to Still not saying you SHOULD use these. Only saying that THIS argument doesn't make sense.

What the fuck are you talking about dude. I'm not saying that you should *sense in an enterprise environment, but the argument that open source is more vulnerable certainly is something. Also, you realize that you can have shit network security with a commercial firewall, too, if you don't configure it correctly, right?

Always these useless blanket posts. Companies in my country would literally laugh at me when I would try to apply in Helpdesk with a Bachelor/Master degree. Also, how long have you been in a cybersecurity role, and what do you work?

Ok now you are just acting like a fucking moron trying to be smug. I know what a penetration test is. It's literally my job. You are just slinging around with vocabulary and saying "Nuh uh this isn't a real pentest," when you can't even differentiate between different forms of engagements. There is no agreed standard with what a penetration test MUST and MUST NOT entail. There are TRIES to define standards. There are also several definitions of what a pentest is and what it should include depending on who you ask. That's why you get a vulnscan disguised as a pentest so often. I have no further interest in discussing this with you, as you are clearly not trying to argue in good faith. Have a nice holiday.

Okay, what's the source for the set terminology? You can also break into a system while not being pestered by the local IPS, due to an allowlisting of the testers IP.

At this point, it's just about terminology. I would say you've done a Red Team engagement, including a physical component. You probably got a bill for a pentest. But there is not a set terminology where someone can say "Yes there is a law that defines what goes as a pentest" so in the end, we are both kinda correct in our own way. In my experience, there is a stark difference between pentest and red team engagement. Like I said, normally, a client pays me to find as many vulns as I can in their network in a set amount of time (like 5 business days). In that case, it's just not feasible for me to try and be stealthy (especially in bigger networks) so I just fire away and try as much as I can with no regards to stealth, because let's be honest. A threat actor has unlimited time to be as stealthy as they want and they WILL find a way to circumvent your security measures. So I try to make the rest as safe as possible. If a client comes to me and just says "Go and pwn my database (specific goal), I don't care how you do it, you have 2 weeks", then I'm going to act a whole lot different than if a client comes to me and says "Here is that giant ass network, I want you to find AAAAAAAALL the vulnerabilities. You have 3 days. " It's just a different set of expectations.

This is so stupid. A normal pentest isn't about being stealthy. It's about finding as many vulnerabilities in a short amount of time. If you want your tester to be super duper 1337 stealthy, you need to conduct a redteam engagement. A real threat actor has an unlimited amount of time to hide in your network and slowly move around. A pentester doesn't have this. So if you want your Tester to bang their head against your FW/AV and spend 50% of the engagement time on evasion, go ahead. It's your money. But you better not complain when a real threat actor circumvents your firewall and then completely fucks you up, because your other security is complete dogshit

Damn you got your bots to send you a report of the exploits they attempted?

One man's nightmare is another man's job security

Sorry, but this is kinda hilarious. "Oh, here, let us upgrade your server to the newest version automatically! Oopsie, it looks like you don't have a license. Get fucked!" How can a company be so out of touch with the real world

"Schicht Acht Problem" would be the literal translation in German for that (/s)