Jump to content

OPSEC in Pentesting

Recommended Posts


Hello everyone,

a colleague introduced me to the topic of OPSEC in pentesting and after some "research and reading" I can tell that it's a very interesting topic to dig into.

I'm pretty surprised to see that in the PTP course there's no quick reference to it, considering the importance of the topic.

Can I ask, maybe to Dimitrios, Armando and other people of the staff, why such a topic is missed in the course? I know there's the "Anonymity" section, but it seems not enough for OPSEC.

Also, anyone has some references to read? I'm interested in dig more into it, especially in functionalities like metasploit paranoid mode and other possibile technique/tools to achieve the right anonymity level.


Thanks to everyone

Share this post

Link to post

I can't speak for the others, but OPSEC is more on the defensive side of the house, whereas pentesting is offensive. OPSEC is kind of the other side or what an organization might do to prevent OSINT (Open Source Intelligence). That might explain why it's not specifically covered in PTP whereas information gathering is.

Hope that helps,

  • Like 1

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in

Sign In Now