Break things on purpose, then document exactly how you did it.
Penetration testers simulate adversaries against web apps, networks, and cloud environments. The job blends technical exploitation with disciplined reporting clients can actually action — and respecting scope is non-negotiable.
Tools in scope
Consultancy
Lab assessment is standard — expect a 24-48h HTB-style box plus a report.
In-house red team
More scenario-based: assumed-breach exercises and detection-evasion thinking.
// Sample question
You've found an SSRF on an internal admin panel hosted in AWS. How do you escalate to cloud credentials?
Confirm the SSRF reaches internal endpoints, then target the IMDS at 169.254.169.254 — IMDSv1 lets you fetch the instance role credentials directly; IMDSv2 requires a token via PUT. Once you have temp keys, enumerate with `aws sts get-caller-identity` and pivot based on attached IAM permissions.
AI-graded, role-specific, feedback on every answer. Free to start.