Getting the most out of your Pentest

Did you receive a good Pentest? Do you know the difference? Could you have gotten a better one? In this talk we will briefly review what makes up a pentest, the differences in 'types' of assessments, and what information you should end up with at the end of a good test. Not all pentest are equal and with a few basic upfront questions you can identify the type of work you can expect to receive. It's not all abstract, I will also show a few simple techniques that are often out-of-scoped that pose a huge risk to organizations. I will demonstrate the differences between having scanners ran and actual pentesters preforming real-world threats. I will also cover various ways to get the most out of the time and work purchased and identify areas often overlooked that every company should concern themselves with.