The Hacker's Cache
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
The Hacker's Cache
#4 A Vulnerability Assessment Isn't a Pentest ft. Kristofer Johnson
Kyser Clark and Kristopher Johnson's conversation covers various topics related to offensive security, certifications, career progression, and distinguishing between vulnerability assessments and penetration tests. Kristopher shares his journey into offensive security, his challenges, and the importance of continuous learning and perseverance. The conversation also goes into the significance of different certifications, the value of practical experience, and the need for clear differentiation between vulnerability assessments and penetration tests. Additionally, the discussion highlights the relevance of LinkedIn for career growth and networking within the cybersecurity industry.
Connect with Kristofer Johnson on LinkedIn: https://www.linkedin.com/in/kjohnson422/
Takeaways
- Continuous learning and perseverance are essential for success in offensive security.
- Clear differentiation between vulnerability assessments and penetration tests is crucial for accurate testing and reporting.
- LinkedIn is a powerful platform for career growth and networking within the cybersecurity industry.
Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention viewers/Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
The postings on this site are my own and may not represent the positions of ...
[Kristopher Johnson] (0:00 - 0:13)
Probably really isn't a hot take, but a vulnerability assessment isn't a pentest. Running Nessus or, you know, a web app vulnerability scanner is not a pentest, and just because you want that check mark, there's still plenty of underlying issues.
[Kyser Clark] (0:14 - 2:14)
A lot of people don't understand. I think the real problem with differentiating a pentest and a vulnerability assessment is that people who sell vulnerability assessments as pentests, those people, they're almost like scammers. Like, they're almost on the scammer level.
It's like they're doing a vulnerability assessment and calling it a pentest and then charging the company, you know, pentest money to get it done. Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one byte at a time. Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners.
If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Hello, hello. Welcome to The Hacker's Cache.
My name is Kyser Clark. If you don't know who I am, I have been in the field for six years now. I have 12 certifications, a bachelor's degree in cybersecurity, and I'm currently working on my master's degree in cybersecurity, and I am working as a full-time penetration tester.
Today, I have Kristopher Johnson on the show. Kristopher Johnson is an offensive security consultant full-time. He's been doing it for about a year and a half now.
Kristopher has a bachelor's degree in cybersecurity and networking with a minor in computer science. Kristopher also has the OSCP, the I&E security, which is formerly eLearn Security, web application penetration testers, that's EWPT, also has the ECPPT, that's a certified professional pentester, and the EJPT, which is a junior penetration tester. Then he also has Hack the Box Dante and Hack the Box Zephyr.
Kristopher, thank you so much for joining the show. I really appreciate your time, and I look forward to this discussion. Go ahead and unpack some of your background and experience and introduce yourself to the audience.
[Kristopher Johnson] (2:14 - 5:44)
Thank you for having me. Like Kyser said, I've been working in offensive security now for about a year and a half. I was in school for the past four years up until last May, studying cybersecurity and networking, where my whole career took off.
Prior to college, I had no knowledge of cybersecurity. I didn't know what it was. My first experience with a hacker, I guess you can say, was in a Call of Duty Modern Warfare 2 lobby, where they hacked it.
You could bounce off the walls and do crazy stuff like that. I was like, okay, that's pretty cool. Then fast forward to when I was looking at colleges a few years ago, I went and looked at criminal justice.
Then I was like, it seems okay. Then my mom found a major called cybersecurity. I looked at that, and I said, that's what I want to do.
My first semester in school, I asked one of the seniors, how do I get started in offensive security? How do I get going with hacking? He's like, here, I'll send you a bunch of books.
They're all PDFs. He's like, just be careful opening them. One might have malware in them.
I never opened them. I was like, okay, I have to figure this out for myself. Fast forward another year or so, a buddy of mine that I went to school with and now actually work with started teaching himself through TryHackMe.
He was like, you should really do this. I feel like this is a great way for us to get started. Started with the TryHackMe path, which I think is a great way for anyone just getting started in hacking, let alone cybersecurity, to really gain that foundational knowledge.
We were doing that for about a year and a half. I took the EJPT in August of 2022 or 2021. Can't remember the year at this point.
Passed that and was like, okay, what's the next step? This was all still while I was in college. I ended up buying the INE two-year subscription for whatever amount of money where I get unlimited access to all the course materials and two free certification vouchers.
Then after that, I immediately started studying for ECPPT, which was like the step up from EJPT. And that taught me double pivoting, buffer overflows, which were a pain, but I figured it out and I passed the certification. Thank God.
So I passed that and the week after, no, sorry, the week before I passed, I started working at the company that I'm at now. So, yeah, I mean, it's just been a rollercoaster working in offensive security. I especially love the network side of things.
The web apps aren't my favorite. Social engineering, Active Directory, you have me sold right there. But yeah, I mean, that's basically it.
It's nothing too special. Just hacking away and studying.
[Kyser Clark] (5:46 - 6:44)
Nice. Yeah, you kind of answered my question already. I wanted to know, like, how did you go straight from college into offensive security?
Because I feel like it's incredibly hard to get into offensive security without some kind of IT experience or cybersecurity experience. Because, you know, getting my first pentesting job, even with six years of cyber defense and system administration experience, I was still getting turned down because I didn't have the title of pentester under my belt. And it was a challenge for me.
So I kind of want to know, like, what was it that helped you get that first job without the experience? I mean, I know you had a bunch of certifications, but even though you have a lot of certifications, it can still be challenging because I also have a lot of certifications. And even with all my certifications and Hack the Box experience, you know, there were still employers denying me.
So what was it that really helped you get that first job?
[Kristopher Johnson] (6:45 - 7:22)
Yeah, so right around the same time as ECPPT, or probably a little bit before I took it, my buddy that I went to school with and now work with, he was an intern at this company and went full time. And I took on his intern position. And then after I graduated, they're like, okay, we want to take you on full time.
And it was definitely getting my foot in the door as an intern helped me out drastically in the long run. I mean, if I didn't have that internship, who knows if I'd be working in offensive security right now.
[Kyser Clark] (7:24 - 7:28)
So you got that position, but how did your friend get there first?
[Kristopher Johnson] (7:29 - 8:32)
So he's an administrator of a fairly medium-sized Discord, where, you know, a bunch of people are part of it. And somebody that's another like admin of the Discord was having work done with our company now. And he was like, I know this kid, he's an administrator of my Discord.
And my now director of my team is also in the Discord. So the other admin and the director messaged each other. And he was like, look, I have a great kid that would be, you know, perfect for your intern position.
Would you take him on or give him a shot or anything? And he was like, yeah. So he brought him on.
He saw that he had EJPT and ECPPT at this point. I was like, yeah, let's do it. And my buddy started in August or September of 2022, I want to say.
And then I started in January. No, sorry, not 2023, 2022. And then I started in January of 2023.
Getting my years all mixed up.
[Kyser Clark] (8:34 - 8:38)
Yeah, I'm the same way. Years, they just fly by when you're busy.
[Kristopher Johnson] (8:39 - 8:39)
Yeah.
[Kyser Clark] (8:40 - 9:11)
So yeah, man, well, that is a great way to enter the field, man, straight out of college. That's quite amazing. That's hard to do.
And congratulations for that. And honestly, congratulations on focusing on those certifications while you're doing your schooling. So you're doing your regular schooling and you're going for all those certifications.
So I think that speaks a lot about your drive and your passion for the field. So kudos to you for that.
[Kristopher Johnson] (9:11 - 9:38)
Thank you. Yeah, it was definitely. Well, with school, it was a lot of work.
Absolutely. It was, you know, I'm doing homework for classes and I'm like, OK, I have, you know, two hours before I want to go to sleep. Let me just get something in.
And I always said, like the strict rule, like I'm not doing anything on the weekends. I'm just going to relax as long as I have my homework done and I got some studying in. I'm not doing anything on the weekends.
I'm just going to relax.
[Kyser Clark] (9:39 - 10:24
)
Nice. Yeah. All that done without even doing it on the weekend.
That's, I tip my hat off to you. All right. So let's go ahead and get on our rapid-fire round.
So the way this works is there's five questions and you're going to have 30 seconds to answer five questions. So answer them as quickly as you possibly can and don't provide explanations to them. And then at the end, I will have you explain what I think is the most interesting response and then if you get through all five questions in 30 seconds, you will get a bonus question not related to cybersecurity.
Sweet. Let me get my stopwatch ready here. Are you ready?
[Kristopher Johnson] (10:24 - 10:24)
I'm ready.
[Kyser Clark] (10:27 - 10:30)
Your time will start as soon as I stop asking the first question.
[Kristopher Johnson] (10:31 - 10:31)
OK.
[Kyser Clark] (10:32 - 10:38)
On a scale from one to 10, how important is a college degree for a cybersecurity career today?
[Kristopher Johnson] (10:38 - 10:39)
Two.
[Kyser Clark] (10:41 - 10:42)
Favorite capture the flag event?
[Kristopher Johnson] (10:44 - 10:49)
That I've been in, I'd say NOMCON.
[Kyser Clark] (10:50 - 10:52)
Favorite hacking gadget?
[Kristopher Johnson] (10:53 - 10:54)
Wi-Fi Pineapple.
[Kyser Clark] (10:56 - 11:04)
Do you think cybersecurity is underfunded in most organizations?
Yes. Favorite cybersecurity framework or methodology?
[Kristopher Johnson] (11:10 - 11:15)
Framework meaning like a hacking framework or?
[Kyser Clark] (11:17 - 11:20)
Any kind of framework in cybersecurity. Hacking, non-hacking.
[Kristopher Johnson] (11:25 - 11:28)
I'm going to have to go with Metasploit, stick to the roots.
[Kyser Clark] (11:30 - 12:28)
Nice. So that was about 50 seconds. So we didn't make it in 30 seconds.
But that isn't the worst time. That's actually the second best time out of all my guests so far. So don't feel bad.
So let me think here. I think your most interesting answer for these questions was your favorite hacking gadget, the Wi-Fi Pineapple. And the reason why I'm asking that is because I also think the Wi-Fi Pineapple is an interesting hacking gadget.
And I don't know if you can see in the background, I got two Flipper Zeros. That's my favorite hacking gadget. Okay.
But I don't have that much time to play around with my Flipper Zero. So I imagine you're working full-time, you're going through college, you're getting all these certifications. Do you have a lot of time to mess with the hacking gadgets or?
[Kristopher Johnson] (12:30 - 14:01)
It definitely depends on the week and maybe even the month. So I actually have the Wi-Fi Pineapple Nano. I just figured I'd say Wi-Fi Pineapple instead of Nano, like adding on the Nano because it saves some time.
So I got to use it on a physical engagement a few months ago. And I'm walking around this building with a clipboard in my hand. And since it's small enough, I'm able to...
How do I describe it? It's like one of the clipboards that you can open up and it's probably about that thick. So I had the Pineapple Nano in there and I was like, oh, somebody is going to try and connect to this.
Because I did all my recon, I got the fake network set up and everything. I had it hooked up to a little portable charger. Don't know when this happened, but at some point the battery and the Pineapple disconnected from each other.
And I was like, you got to be kidding me. So I go back, I check the logs. There's one set of credentials that were input in them.
And that helped the rest of the test roll super smoothly. So ever since then, it's been my favorite. But just having time, I do and I don't.
It's when I set aside time for myself to play around with them. I got the LandTurtle a few months ago as well and just haven't touched it that I need to. I was super hyper-focused on OSCP when I got it.
And I was like, okay, eventually I'll get around to it.
[Kyser Clark] (14:02 - 14:57)
Yeah, that's my problem when it comes to all those hacking gadgets. I honestly don't have any of the Hack 5 gadgets. And I look at them and I'm like, man, all of these are cool.
But I just feel like I don't have time to really learn how to use them. And spend the money on a gadget that I'm not really going to touch. Now, if I start doing physical assessments and Wi-Fi assessments on-site, then I would definitely get into that.
And it's kind of weird because I have the OSWP, that's OffSec Wireless Professional, but you don't need any physical gear to get that certification. So there's a fun factor about that certification. So yeah, I've done Wi-Fi hacking, but I don't have any of the tools because I emulated it all.
But yeah, that's really interesting. So I'm pretty excited. I hope one day I can get on some physical assessments and do stuff like that.
[Kristopher Johnson] (14:57 - 14:58)
They're so much fun.
[Kyser Clark] (14:59 - 15:27)
But yeah, I believe it. So I'm curious to know, so you have a handful of certifications and you do a lot of training in your spare time. What is a common attack that you use a lot that you didn't learn from a certification or other mainstream training?
[Kristopher Johnson] (15:28 - 17:06)
Oh, certificate authority vulnerabilities. So anything to do with, I want to say it's CVE-2022-26923. So right now there's like 14 different possible escalations.
The most common one I see is one in four, where they're misconfigured certificate authority templates, where either they allow the domain users, authenticated users, or domain computers groups to enroll a certificate on behalf of another user. So if you can do that, you have domain admin like pretty much right away. That's escalation one.
And then escalation four is a group such as authenticated users, domain users, or domain computers has permission to overwrite a template or overwrite its own template. And in doing that, you can make it vulnerable to ESC1 and then perform the same action and request a certificate on behalf of another user and get domain admin that way. So those I didn't learn from anything.
I just stuck to it, did the research. They're fairly easy vulnerabilities to find and actually execute. And then they started getting popular pretty recently though.
So now like a lot of Hack the Box machines have them. And they like go through step-by-step how to actually go or actually execute it.
[Kyser Clark] (17:07 - 17:21)
So what was the need? Like why did you have to or why did you want to learn how to do that? And how did you figure out where the resources were for that?
[Kristopher Johnson] (17:22 - 18:47)
So somebody that used to work at our company, I forgot why it came up in conversation, but he was like, this is something we should definitely look at. And I was like, okay, I'll take it upon myself to go and do the research about some new cool vulnerability that we haven't heard of. So I looked it up and turns out that there's already like two tools built out for it, or maybe even three now.
And one of them works out of a Linux VM. So I was like, okay, let's do it. Let's figure out how to exploit it.
There's also two TryHackMe rooms that go through it. So I did those rooms just to see what it was all about. See how to actually go through the process of enumerating the certificate authority, figuring out which template is vulnerable, and then how to execute this attack.
And this one tool that you can use out of the Kali VM, it pretty much just does it for you. You do the find command, it shows you all the templates and which ones are vulnerable and what they're vulnerable to. Then you do the request and you supply the domain admin's username, and you have the PFX file, and then you do the off command and you have the NTLM hash of whichever domain admin you picked.
[Kyser Clark] (18:49 - 18:53)
Nice. So what tools do that?
[Kristopher Johnson] (18:54 - 19:14)
So one is called Certify. Certify is the Windows executable. And then the one that you can run out of Kali is called Certipy.
So it's C-E-R-T-I-P-Y. And it's part of the Kali packages, so you can just install it with sudo apt.
[Kyser Clark] (19:17 - 19:46)
Nice. So yeah, I have messed with Certify a little bit, but I didn't do the hardcore research like you did to take advantage of that kind of stuff. And I know you did a lot of research on it, because the fact that you memorized the whole CVE, that's the most wild
est thing to me.
You had the whole number memorized. I'm like, man, we know you did the research.
[Kristopher Johnson] (19:46 - 19:56)
Yeah. Especially when I'm explaining to clients how it happened, I usually just send them the CVE number, because that's got all the links as to how to remediate it. Nice.
[Kyser Clark] (19:59 - 20:07)
So what training are you focused on right now? What's your primary thing you're doing at the moment?
[Kristopher Johnson] (20:09 - 20:50)
With OSCP done, I'm kind of taking a break, but also not at the same time. So I probably gave myself two days, and then I was like, okay, I'm bored. It feels weird not studying for something.
So I'll just go and find a random Hack the Box room right now and finish those up. And I've been really sticking to the non-retired machines, just to see how I do and see what's new, if there's anything going on, like a new CVE-wise. But it's pretty much it.
[Kyser Clark] (20:50 - 20:55)
So do you think training in your free time is required to be a successful offensive security professional?
[Kristopher Johnson] (20:56 - 20:56)
Yeah, absolutely.
[Kyser Clark] (20:58 - 21:13)
Yeah, I 100% agree with that. Yeah, I have run into people that say they don't train in their off-time, and I'm like, that seems dangerous as far as your career growth goes.
[Kristopher Johnson] (21:14 - 21:21)
Yeah, because something vulnerable now isn't going to be vulnerable in five years, maybe even 10 years or a year.
[Kyser Clark] (21:21 - 22:03)
And that's what the struggle is for me, because I feel like OSCP and these other certifications, they're teaching you what worked in the past. And then you get into real-world ethical hacking, and you're like, wow, this isn't working here like I thought it was going to work. And so with that being said, so you got a handful of certifications.
What certification or even like Hack the Box, ProLab, do you think is the most realistic in terms of real-world ethical hacking?
[Kristopher Johnson] (22:04 - 23:04)
I would have to go with Zephyr from Hack the Box. So it's one of their ProLabs, and it's, what is it? I want to say it's three networks that you have to go through.
It's completely Active Directory based. So you have MSSQL enumeration, you have, there's no like local privilege escalation since it's all Active Directory based, but it's, you're forging inter-trust tickets. There's three domain trusts, you got to go through each one.
I'm trying to think of what else there was, I did this a few, what do I want to call it, a month and a half ago now. But that one definitely felt the most realistic in terms of what I'm actually seeing in environments. And I've definitely learned the most too.
I didn't know how to forge tickets, be it like across trusts. And now that I did that, it was like, wow, that was way too easy.
[Kyser Clark] (23:07 - 23:54)
Yeah. So I know you haven't watched or listened to the previous episodes because the previous episodes are not public yet. But the Hack the Box ProLabs is like brought up all the time.
So it seems like it's like probably the most quality training out there right now. So I definitely need to get on that because I haven't done a ProLab yet. And I was like, you know, after I get this certification and that certification and that certification, I was like, I'm a huge fan of certifications, but maybe I need to just take the time and do the ProLabs because everybody loves them.
And literally the last episode we were talking about ProLabs too. So it's great. ProLabs, Hack the Box, if you're listening to this, man, you are doing stellar.
[Kristopher Johnson] (23:57 - 24:20)
Yeah. I mean, also like $50 a month, you could get two, maybe three, if you really put the time in, done in a month. But yeah, Zephyr hands down was my favorite ProLab that I've done so far.
I'm planning on doing more too. Just need to like settle down for at least a month before I...
[Kyser Clark] (24:22 - 24:33)
Yeah. You've been going crazy. You got to take your break.
So how's your break been going? Like, has it been weird, not like just relaxing for a little bit or what?
[Kristopher Johnson] (24:33 - 25:51)
Yeah, very weird. Especially with OSCP, it was like six months straight. So the first three months was just doing everything on TJ Noll's list.
So like the old list, the new list, even tried some of the OSCP boxes just to see like how challenging that would be. And then I want to say it was like that first week of February, I bought the course, went through the first two challenge labs that they had, finished those, went through the actual course material to get the 10 bonus points, went back, did OSCP A and the final like non-OSCP like exam style challenge lab. Took like a week break because I was like, okay, I have nothing to do right now and I still got some time.
And then finished the last two OSCP exams that they have. So the OSCP A through C is just old exams that they had. And then from there, scheduled the exam, relaxed for, I don't know, two days, and then took the exam.
[Kyser Clark] (25:52 - 26:45)
Nice. Yeah. Those OSCP mock exams, A through C, those would help me pass OSCP because I was doing Hack the Box, like the current machines every week.
But I felt like at the time I was studying, like those machines wasn't really relevant to like OSCP studies. So those mock exams were like my go-to when it came to like learning how to get past the OSCP certification. If it wasn't for those mock exams, I definitely wouldn't have passed my first try.
So yeah, those mock exams are nice. I didn't even do TJ Noll's list at all, the older or the new one. That was like, oh, if I fail the first time, then I'll go do that list.
But I passed on the first try. So I didn't go out and do his list.
[Kristopher Johnson] (26:47 - 26:58)
Right. Yeah, I found the list to be very helpful, especially because I was still, you know, getting used to Active Directory. So that definitely helped a lot.
[Kyser Clark] (27:01 - 27:36)
Yeah, I heard good things about the list. It's like, it's one thing that constantly comes up in conversations, kind of like the Hack the Box ProLabs, like TJ Noll's list. So TJ Noll, if you're listening, your list is stellar.
So yeah, if someone was listening to this podcast and they're also a college student, or maybe they're not a college student, they're just someone that wants to become an offensive security professional. So what advice would you give them if they wanted to become an offensive security professional? What's like the most important thing?
[Kristopher Johnson] (27:39 - 28:20)
It's a good question. You're going to struggle, you're going to fail. Absolutely.
That's all part of the process. Don't give up because, you know, I'll give you an example. I failed EJPT the first time, because I couldn't figure out how to set up a pivot.
And I was like, oh my God, what am I doing? I shouldn't be like anything, or like anywhere near this field. What am I doing?
I took the retake and passed and I was like, okay, that wasn't so bad. So it's all about failure. And as long as you can pick yourself back up and keep moving, you're going to be okay.
[Kyser Clark] (28:23 - 31:15)
Yeah, that's good advice. I have failed the OSWA twice now. And I'm trying to figure out how to get a third.
I'm trying to figure out a time frame to get the third attempt in. But yeah, you just don't want to phase you like I failed the first time. And honestly, you know, with so many certifications on my belt, I guess I try to rapid-fire them sometimes.
I'm like, because all the certifications I got, I took before I would like knew everything because a lot of the time, like you don't need to know everything about everything to pass certification. Most certifications like a 70%. And OSCP was probably one of those things like I actually took the OSCP a week earlier than I wanted to.
Because I don't know if you know, Chris, but I was active duty Air Force before I'm doing what I'm doing now. And I had OSCP date scheduled. And then they told me like, yeah, you got to go to Japan for a week.
And I'm like, that's what my exam was. So I didn't want to push it back because there was no way I was going to be able to study while I was in Japan because of what was going on and just traveling in general. So I pushed, I made my exam a week earlier.
And
I seriously thought I was going to fail that. And I was like, man, like, we'll just see what happens. You know, and I guess my point I'm trying to make is like, don't be afraid of failure.
Like, especially if you got exam retakes, you know, if you purchase the packages that give you the free retakes, definitely don't be afraid of failing that first exam. Because oftentimes when you fail, that's when you learn the most. Because another certification I failed was the CCNA.
And I failed it by one question. I'm kidding. Like it was a half a percent I failed by.
And I was devastated. But I used that and I just went back to the drawing board and I did all the coursework again. And I really, you know, that's how I really learned networking.
I saw a meme. It's like the best network engineers fail their CCNA the first time. So I feel like you can apply that same mentality to any certification you want.
Like, oh, yeah, the best pentesters fail OSCP the first time. Because when you fail, you go back to the drawing board. So that's really good advice.
Okay. So I'm going to direct you to our final question. It's that time.
I can't believe we've already been talking for a half hour. This has been good. Do you have any cybersecurity hot takes or additional hidden wisdom you'd like to share?
[Kristopher Johnson] (31:17 - 31:38)
Hot takes. Probably really isn't a hot take. But a vulnerability assessment isn't a pentest.
Running Nessus or, you know, a web app vulnerability scanner is not a pentest. And just because you want that checkmark ticked, there's still plenty of underlying issues.
[Kyser Clark] (31:40 - 31:46)
Yeah, that's definitely not a hot take for other offensive security professionals.
[Kristopher Johnson] (31:46 - 31:49)
I feel like outside of that realm, yeah.
[Kyser Clark] (31:49 - 33:32)
Outside of that realm, a lot of people don't understand. I think the real problem with, you know, differentiating a pentest and a vulnerability assessment is that people who sell vulnerability assessments as pentests, those people, they're almost like scammers. I guess they're almost on the scammer level.
It's like they're doing a vulnerability assessment and calling it a pentest and then charging the company, you know, pentest money to get it done. And then, you know, there's some customers out there. For example, let's say a customer, they, you know, are going to several pentesting firms to get a pentest done.
And then one company quotes them like far under what a pentest should be, you know, priced at. And they're like, why can't you do it for that price? And it's like, well, that's because they're not doing a pentest.
They're doing a vulnerability assessment and calling it a pentest. And it is a serious problem in our field, for sure. And yeah, so definitely if you're getting into offensive security or you're new, like you definitely need to learn how to speak about, you know, what the difference between a vulnerability assessment is and a pentest.
And I mean, to anybody in the field, it's like second nature to us, but it's a, yeah, it is a common thing that you have to explain, unfortunately, just because customers definitely can get confused. Especially if it's like a customer that, you know, we're like, hey, we have this app. We want to get tested.
We don't know how much about security. Yeah.
[Kristopher Johnson] (33:35 - 33:37)
They need to just go away.
[Kyser Clark] (33:39 - 34:43)
Yeah. I don't think they're going to go away anytime soon. I think it's going to be a problem for the foreseeable future.
Unfortunately, it's just, it's just going to be us to educate, which is, you know, what part of this podcast is about to educate people on, you know, pentesting and ethical hacking and offensive security. So it's definitely good that you mentioned that because yeah, they're not the same. They are very different.
And then also a lot of people run there between pentesting and red teaming. That's a whole nother discussion. That's a whole nother, that's a whole nother thing.
There's definitely, there's a difference between red teaming and pentesting too. And even people within the field, you know, get confused on the differences sometimes like maybe not a red teamer on a pentester, but you know, maybe like a cybersecurity analyst, like they don't know the difference. So it is, it is one of those things where, where we do have to educate the community on.
And that's part of our job as offensive security professionals. Right. So yeah, thanks for bringing that up.
That was a good, that was a good thing to add in there.
[Kristopher Johnson] (34:44 - 34:45)
Absolutely.
[Kyser Clark] (34:45 - 34:51)
So where, if the audience wants to get ahold of you or contact you, what's the best way to do that?
[Kristopher Johnson] (34:53 - 35:02)
My LinkedIn is probably the best way because I'm always on it. So it's, the username is kjohnson422, I believe.
[Kyser Clark] (35:06 - 36:25)
Okay. Yeah. I will put your, your link in, in the show notes of this episode for the audience to reach you.
And then yeah, for me, closing out, the best way to reach me is also LinkedIn. I'm on LinkedIn every single day. And that's actually how I hit up Kristopher Johnson.
So LinkedIn is where it's at, man. That is, I'm on one of these days, I'm gonna do a whole episode on LinkedIn because LinkedIn is super powerful. And I, I spent so much time on LinkedIn because I feel like it has accelerated my career to the maximum.
Matter of fact, that my current job now I got because of a random LinkedIn connection. So LinkedIn connections, you never know where it could go. It can only, it can definitely accelerate your career.
So that's another piece of advice I would throw in there for anybody that's new to the field. And another way to reach me is, is my website kyserclark.com. And if you are, whatever platform you're watching this on, please do me a favor, leave a review and give me some, some constructive criticism and some feedback and let me know what you want to see on the show going forward.
Thanks for watching. Thanks for hanging out with us and hopefully I'll see you on the next episode. Until then, peace out, take care, have a good one.
Kyser out.
[Kristopher Johnson] (36:25 - 36:26)
Thank you everyone.