This past semester I had the amazing opportunity to work with Klogix's Offensive Security Testing Team as a Consultant/Pentesting Co-op! My job was to find vulnerabilities in client applications and report back with mitigation strategies and suggestions for improving their overall security posture.
The majority of my tests were for web applications and APIs, but I also got to try my hand at infrastructure testing for internal networks and Active Directory environments.
My Highlights:
- Almost every web application vulnerability came down to authorization workflows, whether that was missing middleware checks or misuse of JSON Web Tokens. These issues usually cropped up after infrastructure updates where edge cases got missed.
- Internal network pen tests are hard. I felt the most out of my depth here since it wasn't something I'd covered in class, but using Bloodhound and its automated pathfinding was a very cool tool I got to try
- I got to see how privilege escalation and lateral movement work across a network through some really cool attack chains -> Multicast Network Poisoning for initial access, Kerberoasting for escalation up to forging a Golden Ticket to maintain Domain Admin.
- Enable SMB signing.
- I ran out of linkedin searches from doing passive recon
- Responder defaults to Intruder mode, so unless you want to set off a bajillion security alerts for your client, use the analyze flag...
Overall, I had a great time! The people on this team are incredibly talented and I never felt left behind. Whenever I was overwhelmed or lost, someone took the time to make sure I understood what was going on. It was a genuine pleasure to learn from them and I hope to work with them again someday.
That said, there were moments where pentesting felt a little too similar to auditing. A lot of what I was doing (like brute force credential harvesting) got repetitive fast. I'd love to try a red team engagement in the future, as it adds a layer of social engineering and more calculated, strategic attacks, which is not something I consider when pentesting.