Question for the pentesters on here. How do you manage to keep your tools available and ready?

VM on your corporate laptop with Kali/Parrot?
Cloud-based infrastructure?
Separate device not joined to the corp domain/network that you have to lug around in addition to your regular machine for email/report writing?

I know many of the big corporates have strict controls on that pick up legit tools and we end up asking for exclusions on our specific machines.

like
Posting as :
works at
You are currently posting as works at

Dedicated laptops. The presence of "hack tools" on your corporate laptop will get you phone calls from your SOC pretty fast.

like

My own servers at home.

You store client information on your personal devices?

like

I use a completely separate laptop. I once, accidentally, connected a USB flash drive containing some training material with malicious scripts to my corporate laptop. By the end of the day my corporate laptop was locked out and I had to get it rebuilt to use it again.

Mine have dedicated testing laptops which they put their tools on. Then use Citrix to get to a corporate build to write it up.

Related Posts

In how much time do we get provisional relieving letter from LTI on LWD after submitting laptop? Need some insight to plan my travel.

like

Thoughts on Cuomo’s decision to reopen schools?

like
like

I have just immigrated to worth, Illinois from the Middle East. I have 6+ years of experience (proofed by a certificate) from Four Seasons Hotel Amman. Can anyone recommend a 5 stars hotel with front desk supervisor vacancy?

Starting a new role as a lead ux designer in a mid-size b2b product company. This will be my first time leading a 3 people design team for a major feature of the product.

I am always on the agency or consultancy side. Not sure how can I navigate or manage someone who is probably more experienced than me.

Looking for suggestions and tips to survive.

like

Larsen & Toubro Infotech If I get a Citi Bank project in LTI will I get manyata tech park as a work location ? Larsen & Toubro Infotech

like

What’s the best structure for a Creative Brief? I’m trying to train my account team + our main client into sticking to a one pager (right now it’s all over the place)

McKinsey & Company Hey guys - what is the range of the bonus at McKinsey as a % of your salary in Dubai? Thanks McKinsey & Company

like

Happy Valentine’s Day teachers!

Post Photo
likefunny

I’m bringing my confession to you all: I want a poly relationship with someone emotionally available. More flirty than a friendship, no sex, but I’ll domme you if you’re into that

likefunny

Deloitte India - What's the tentative date for return to office. Also what is the office location in Bangalore. Is there multiple offices.

like

Anyone recently join Guidehouse as an experienced hire Manager? I have an interview coming up and am curious what kind of salary/benefits package i should expect. TIA!

Can anyone please case me today?

like

Are there any game spots left in Arlington / DC? See punch bowl is closed and now Kick Axe

like

If i reject accenture offer, how long can i reapply again

like

Wells Fargo vs EY gds, exp - 7 years. Tech - .Net full stack. pkg offered from both -30+ fixed Wells Fargo EY

like

Hello I’m new to this app. And I’m looking for interview tips. Right now I’m interviewing for CX/CS roles. Let me know what are your thoughts.

like

Best Prenatal Vitamin?

like

Can anyone help me with what could be the approx CTC for a Consultant with 3 years of experience in the Finance Transformation team of KGS?

like

Hi my firm recently laid me off with many because they had to close our project as they had no funds left.
Yesterday was my last day
I am a Network Service Operations Associate with 1 year of experience in customer service
Would like to get into a Project Management roles.
Any leads would be very useful.
Thanks!

like

Additional Posts in Cyber Security Bowl

EY TAS still hiring? 5 years In Deloitte Cyber specializing in ITRM work. Interested in due diligence.

like

Thoughts on the future of Cyber Threat Intelligence as a specialization? Is it a discipline that will continue to grow?

like

How are DBA privileges provisioned within AWS? How do you prevent SOD conflicts???

like

EY vs. Accenture for cyber security consulting? Have an opportunity with both. Let’s hear it.

like

Everyone says that getting a Master's in cyber isn't worth the time/money. Certs are better. But surely an MS in cyber could benefit in some way. In what career path would a degree like this help?

like

🐟 any suggestions on next move? Have offers from following
1) Deloitte - 175K
2) PwC - 160K
3) EY - 165K
Role - M , HCOL, PAM/IAM.
Which one to go with? D has better comp but not sure how WLB is ?

likehelpful

What would be better move to continue getting good technical exp but also move up over 3-4 years before going to steady industry role towards security architecture? Currently new M in big4 cyber trying to figure out next step. Go to another big4? MBB? Cyber focused company? FAANG?

like

Anyone do cyber strategy work at EY and available for questions? 😊

like

Anyone work in cyber insurance that could lead me in the right direction of “must-go” insurance conferences?

like

Which siems are you guys playing with for fun?

likefunny

How often have you all jumped between cyber roles? What are your thoughts on consistently jumping to keep getting pay bumps?

I am in US based cyber practice team working towards my promotion for year 2021. I am currently a System Operation Engineer II which is equivalent to Advisory Consultant. If I get promoted next year, what’s the estimated raise if I get promoted to Lead System Operation Engineer I that is equivalent to Senior Consultant/ Specialist senior?

like

Anybody at Crowdstrike open to a discussion? Currently a Senior Consultant in an Advisory practice.

funny

Any PwC 🐠 willing to refer for an identity and access mgmt role?

Anyone familiar with Kratos Defense and Security Solutions?

like

Anyone here a cloud expert? Looking to learn a new skill.

like

Hi all this is my second week with Deloitte, I wanted to ask how long does it usually take to go from consultant to senior consultant ? I’m apart of Cyber GPS

like

Anybody that works in Penetration Testing and can tell a bit how it is, what is your day-to-day and do you recommend it?

like

Interested in opportunities in pen testing. Anyone who could give me more information/a referral?

Any good security related sub redit pages that we folks can follow?

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone

OR

Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal