• sugar_in_your_tea
    link
    fedilink
    English
    arrow-up
    7
    ·
    1 month ago

    Wait, they weren’t already? I guess I already assumed that many (most?) black hats were white hats in the daytime. You gotta get that knowledge from somewhere

  • ulterno@programming.dev
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 month ago

    I’m guessing the ransomware gangs would be giving better payments than regular companies asking for pen-testing.

    But with this, comes other concerns:

    • Will the pen-tester be enticed to use the “authorised hacking” as an opportunity to install a backdoor of their own or do they maintain strict borders between both jobs?
      • I’m thinking, not so much, as, if they’re already doing something illegal, they might as well just go the extra mile.
    • At the same time, pen-testers working for one company might also be used for industrial espionage efforts, by competitors