fmiller86

Thank you so much! I will absolutely look all this over tomorrow so that I can feel ready to continue the pentest Monday. I'll keep your advice in mind and try to tackle this from a different angle. God bless!

Yeah, I get it, that’s fair, and honestly I pretty much felt the same way when I realized what the point of this pentest was. But the truth is that I've only started pentesting recently and I thought I could at least use this as a learning experience. Might be a bit overextending myself, but I'll never go beyond junior pentesting if I don't challenge myself. So I get it if you don’t feel like giving your time to companies that care more about checking boxes than being secure, but if you can help a new guy out, it’d be really appreciated. Even if its just pointing me to ressources you’ve used in the past that helped you up your skills or links you think would be relevant to what im facing right now 😊

I’ve been hired by a company to pentest one of their websites. They are doing this for compliance reasons and not really because they want their website to be as secure as possible... Thing is, I don’t actually have that much experience when it comes to firewall evasion. They preferred not whitelisting my IP even though we recommended the opposite to get a clearer picture of the websites' vulnerabilites (and not the efficiency of the WAF). So I was wondering if anyone could help when it comes to evading imunify360. I’ve already thought about flipping my IP with TOR but it will really slow down the pentest considerably and I only have 3 days to complete it. I'm pretty new to pentesting so any help would be really appreciated :) PS: I've already tried to upload files larger than 10MB to bypass the default "max_cloudscan_size_to_scan" but the website already limits files to max 4MB.