What pentesters do
Simulate real attacks on client systems with written authorization. Find vulnerabilities, exploit them, document impact, recommend fixes. Web, network, mobile, cloud, AD domains.
Beginner learning path
Web OWASP labs (Cyfotok) → Linux fundamentals → network scanning → HTB easy boxes → report writing → junior pentest intern.
Legal practice only
Never pentest without signed scope. Cyfotok sandboxes are always in scope.
Indian pentest market
Growing demand from startups going SOC2, banks, e-commerce. Chennai, Bangalore hubs for MSSPs.