hi everyone,
I have some questions about pentesting:
does anyone get a contract to pentest a company in another country from where they live, actually I am in algeria, and I would like to know if a companies can accept pentester outside of their country.
do I have to have everything about a network and system and coding knowledge, if not which are the importante one to begin with, I understand http, little dns, I know little coding in PHP, I have a basic knowledge in C, I am CCNA certified, I have basic knowledge in linux. but I still find myself a insanely beginner and ignorant about pentesting world, well the probleme is when I try to pentest a live virtual host such as metasploitable its blank in my mind, is it normal ??
I want to know if pentesting is only for smart people, which they have the mindset of hacking, what I mean, is can I learn to think like a pentester ?
does anybody can tell me which are the most useful techniques to use in pentesting, or which one did you use many times ?
does a pentester use nessus or openvas for scanning ?, why I ask this question is because nessus is heavy in network traffic, is there some drawback in using them ?
does a sniffer still useful ?, what I mean is when you sniff a network traffic you can have a network topology but for passwords are little hard because the output is heavy and maybe the keylogger do the work better than a sniffer.
I asked the question before but I will ask it again in different form, what are the skills must I mean must any pentester have ?
is an exploit of open port of service which is accessible from the internet is the only way to get in in the company network ? what I mean is it only bruteforce the vpn and exploit a vuln of http or ftp or dns server.
thanks :)