So how do pentesters and cyber terrorists actually discover exploits?

Question

So how do pentesters and cyber terrorists actually discover exploits?

Chase Hill

So how do pentesters and cyber terrorists actually discover exploits?
Is there some backlog of it on the dark web or something?

Attached: hacker-news.jpg (560x200, 21K)

June 5, 2018 - 04:39

Other urls found in this thread:

news.ycombinator.com/item?id=17173922
sites.google.com/site/testsitehacking/-36k-google-app-engine-rce
twitter.com/NSFWRedditGif

Adrian Gonzalez

Sometimes it's a
>huh, that was weird...what happens if I...

June 5, 2018 - 04:40

Logan Gonzalez

They either do intensive research on the infrastructure they intend to exploit, or leech off of someone else's research like a script kiddie.

June 5, 2018 - 04:41

Landon Rodriguez

Anything better than trial and error? Any tendencies, good books on the subject? Or do pentesters rely on a massive foundation of knowledge?

June 5, 2018 - 04:47

Ryder Rogers

Yes.

Attached: 4L_zk9pc6FJ.jpg (1200x1687, 323K)

June 5, 2018 - 05:00

Jayden Walker

I'd imagine 99% of the time it's via sitemap.xml or robots.txt.

June 5, 2018 - 05:03

Matthew Hall

So, what you be sayin is, I gotta be smart for pentesting and not just hackermann my way through it with python scripts like in mr robot?

June 5, 2018 - 05:03

Owen Fisher

It's called programming you faggot.

June 5, 2018 - 05:03

Oliver Jenkins

Looking for mind blowing stupidity in patches for critical crypto code is an obvious start. Did you check out ?

June 5, 2018 - 05:25

Brody Powell

Why are some programmers so bad

June 5, 2018 - 06:04

Jose Jenkins

They use Metasploit.

June 5, 2018 - 06:15

Aaron Taylor

A good amount are from people in the field. They leave holes exposed, leave the company or tell a friend, then collect that sweet bounty

June 5, 2018 - 06:19

Chase Cruz

Automated trial and error. Fuzzing and grep -r 'strcpy'

June 5, 2018 - 06:33

Jose Hernandez

most vulnerabilities are found by mere accident. They just exploit or sell them.

June 5, 2018 - 07:00

Anthony Morgan

reverse engineering is pretty useful at times. go learn that.

June 5, 2018 - 07:27

Kayden Jackson

thats just a buzzword that can mean 100 different things though

June 5, 2018 - 07:28

Jacob Peterson

then learn the things that apply to what you want to hack.

June 5, 2018 - 07:31

Elijah Foster

Humans cannot write perfect code by nature. Developers are generally lazy, if they throw something together and it works and mr shekelstein is happy with it then they get their wagebucks. Then when it doesn't get tested rigorously enough or something is overlooked, an exploitable state can be found.

June 5, 2018 - 07:45

Ethan Hernandez

Statistics mean half are less than average intelligent. Trouble really arises when consider themselves smart and ascend the great heights of Dunning-Kruger.

June 5, 2018 - 08:04

Xavier Wright

>Statistics mean half are less than average intelligent

Attached: you.png (1190x906, 251K)

June 5, 2018 - 09:47

Colton Bailey

Funny how the answer can be found on the website in your pic, OP.
news.ycombinator.com/item?id=17173922

June 5, 2018 - 09:52

Jacob Miller

sites.google.com/site/testsitehacking/-36k-google-app-engine-rce

June 5, 2018 - 10:00

Gabriel Parker

Intensive research/reverse engineering/luck
Most of the time they sell these, for example a really bad Windows exploit can go for hundreds of thousands of dollars

June 5, 2018 - 10:02

James Williams

google fuzz testing

June 5, 2018 - 15:03

Camden Myers

>inside job

Hate to say it, but you're probably right.

June 5, 2018 - 17:14

Alexander Davis

>the dark web
WHOOAAAAA

Attached: matrix.gif (636x265, 2.24M)

June 5, 2018 - 17:16

Samuel Mitchell

yes Cathy

June 5, 2018 - 17:18

1 2 3 Next

So how do pentesters and cyber terrorists actually discover exploits?

Last threads