Pentester Diaries

This episode of Pentester Diaries is all about full-time freelance pentesting. I sat down with Core Pentesters Harsh Bothra and Parveen Yadav to talk about their lives as full-time freelancers. 

In this episode of Pentester Diaries, we sit down with a vetted Cobalt Core Pentester - Andreea Durga! This podcast includes insights on Andreea's journey into Reverse Engineering and Exploit Development.  Follow Andreea's work here: https://www.linkedin.com/in/andreea-cristina

In this edition of Pentest Diaries, we had the opportunity to sit down with the founder of TCM Security, Heath Adams! We wanted to chat about the evolving state of the pentesting job market and the role certifications play within that system. TCM Security has amassed 200k students and issued 675 vouchers in a short period of time. We'd like to know more about their impact as new entrants to the certification and education space. Follow Heath's work here:https://twitter.com/thecybermentorhttps://linktr.ee/thecybermentor

In this edition of Pentest Diaries, we had the opportunity to sit down with three of our distinguished Core members to talk Android Pentesting: https://twitter.com/harshbothra_https://twitter.com/pcastagnarohttps://twitter.com/b0rn2pwn1:00 What's your opening move when starting a pentest?6:00 What tools are they using?  11:00 Out of Static, Dynamic, API testing, which takes the majority of your time? 18:14 What are some of the blockers you discover in Android pentesting? 26:55 What sort of exploit chains have you personally found? 34:44 Is there a place to learn more about exploit chaining for Android?36:55 Takes on Windows 11 running Android native applications. 43:12 Why is Android pentesting important?Listen to the whole podcast to get the most out of the Core's amazing takes on this subject. 

Welcome back to Pentester Diaries. In this episode, Cobalt's Grahame Turner interviews Core pentester Stefan Nicula on customer communications. Exploring the importance of transparency, alignment, and empathy.  Guests:https://twitter.com/TheInstaGrahame https://twitter.com/stefan_niculaResources:SlackMicrosoft Teams

Welcome back to Pentester Diaries In this episode, longtime Core member and Cobalt Research Manager, Robert Kugler talks with Grahame Turner, an experienced security technical writer, about report writing, why it's important, and tips on how to improve your writing as a pentester.  Guests: https://twitter.com/robertchrkhttps://twitter.com/TheInstaGrahameResources:https://portswigger.net/burphttps://cheatsheetseries.owasp.org/https://developers.google.com/style/voicehttps://communicatehealth.com/wehearthealthliteracy/use-zombies-to-fight-the-passive-voice/https://www.mindmeister.com/http://textfiles.com/

Welcome back to Pentester Diaries, a podcast series that aims to take off the hacker hoodie and have a real conversation about this growing profession. In this episode, Jon Helmus talks with Joan Bono, a long-time Cobalt Core pentester. They will take a look at understanding pentest severity ratings.Guests:https://twitter.com/Moos1e_Moosehttps://twitter.com/joan_bonoResources:https://cobalt.io/blog/understanding-the-cvss-base-score-an-essential-guidehttps://nvd.nist.gov/vuln-metrics/cvss/v3-calculatorhttps://portswigger.net/web-security/cross-site-scripting/reflectedhttps://jquery.com/

In this episode, Jon Helmus talks with Shashank Dixit, a long-time cybersecurity professional with a love for the offensive side of security. Jon and Shashank will talk about Beyond Security Hygiene, diving into the fundamentals, and more.Guests:https://twitter.com/shashankdixitshttps://twitter.com/Moos1e_MooseResources:https://inservice.sumeru.com/cyber-security/https://www.virtualbox.org/https://www.iso.org/isoiec-27001-information-security.htmlhttps://owasp.org/www-project-top-ten/

In this episode, Jon Helmus talks with Matt Buzanowski, a longtime offensive security professional who has done everything from Red Teaming, mobile, physical pentesting, social engineering, and more. Jon and Matt talk about two important concepts related to pentesting: time management and pentest organization.Guests:https://twitter.com/mateusz_jozef https://twitter.com/Moos1e_Moose Resources: https://www.defcon.org/ https://www.blackhat.com/https://grayhat.co/https://owasp.org/www-project-web-security-testing-guide/https://trello.com/enhttps://www.securityinfowatch.com/cybersecurity/information-security/article/21211106/how-to-set-yourself-up-for-cyber-success

In this episode, Jon Helmus speaks with Harsh Bothra, a pentester with an appetite for learning and sharing his knowledge. In this episode, they'll examine Multi-Factor Authentication.Guests: https://twitter.com/harshbothra_ https://twitter.com/Moos1e_MooseResources:- https://harshbothra.tech/- https://hbothra22.medium.com/- https://blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab?source=friends_link&sk=bfd8bbbbbfe884f7e6016d4bf79e3034- https://www.mindmeister.com/1736437018?t=SEeZOmvt01

For our first episode,  Jon Helmus talks with Dan Beavin. A pentester with a passion for applying his architect background to security. In this episode, they will dig into business logic. Exploring the importance of understanding every aspect of an application before pentesting.Guests:https://twitter.com/danbeavinhttps://twitter.com/Moos1e_MooseResources mentioned:https://portswigger.net/burphttps://portswigger.net/burp/documentation/desktop/tools/intruder/usinghttps://portswigger.net/bappstore/f9bbac8c4acf4aefa4d7dc92a991af2f