Pentest-Tools.com, Security Research Lead
OSCP certified penetration tester and bug bounty hunter with a strong passion for infosec, I enjoy looking for vulnerabilities in systems and exploiting them. I use my technical knowledge and business acumen to help customers understand and prioritize critical security issues.
OSCP certified penetration tester and bug bounty hunter with a strong passion for infosec, I enjoy looking for vulnerabilities in systems and exploiting them. I use my technical knowledge and business acumen to help customers understand and prioritize critical security issues.
The best ethical hackers build and maintain an outstanding workflow and process because it pays off – big time! When you’re always overwhelmed with work, it’s difficult to make time for tweaks and improvements, even if we both know they have compound returns in the long run.
“Just patch it!” is the usual advice when a vulnerability hits (and it’s not a zero-day). But it’s never that simple in organizations that have to manage layers upon layers of infrastructure. When you have to deal with a critical CVE like the latest unauthenticated RCE in Gitlab (CVSSv3 10.0), the tangled, messy process of patching bubbles to the surface.
The current, multi-layer setup big organizations run on is a challenge to manage and we both know that (it’s an understatement). And when a vulnerability like CVE-2021-21972 pops up, it reveals how messy the process of patching and mitigation can be.
As a pentester, I have a good day when my workflow is smooth and uninterrupted. Pushing routine tasks to the background (sweet automation!) helps me stay focused. It frees up my mind to work on interesting findings and attack sequences that not everyone can see. Plus, it feels good to be productive and get stuff done!
