> For the complete documentation index, see [llms.txt](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/intelligence-base/all-about-penetration-testing.md).
# All About Penetration Testing
## What it is penetration testing?
Penetration testing is a security testing process that involves simulating cyberattacks against a system, application, network, or server to identify security vulnerabilities that could be exploited by malicious actors. This activity aims to evaluate the system’s security level, identify potential risks, and provide recommendations for improvements to make the system more secure and protected from cyberattacks. In practice, penetration testing is typically conducted by professionals using various specialized methods and tools that mimic the techniques used by hackers, but are carried out legally and under controlled conditions to enhance information security.
### Why is necessary?
Penetration testing is important because it helps organizations and individuals identify security vulnerabilities in their systems before those vulnerabilities are discovered and exploited by malicious actors. By conducting penetration tests, companies can identify potential risks, prevent data breaches, maintain information confidentiality, and minimize the likelihood of cyberattacks that could harm their operations or reputation. Additionally, penetration testing plays a role in enhancing user trust in system security, ensuring compliance with security standards, and assisting IT teams in conducting ongoing security evaluations and improvements.
## Components of penetration testing
When conducting penetration testing, there are several components you need to be aware of. Below, I’ll explain a few key points about these components.
### Penetration testing approach
**Planning and Reconnaissance**
The initial phase involves gathering information about the target, such as domains, IP addresses, services, and technologies in use. This information is used to understand the system’s structure before testing begins.
**Scanning**
In this phase, the system is scanned using specific tools to identify open ports, active services, and potential security vulnerabilities that can be exploited.
**Gaining Access**
The exploitation or attack simulation phase, where attempts are made to gain access to the system by leveraging previously identified vulnerabilities.
**Maintaining Access**
After successfully gaining access to the system, the pentester tests how long access can be maintained to determine the impact if the system were actually compromised by an attacker.
**Analysis and Reporting**
The final stage involves analyzing the test results and creating a report containing findings on vulnerabilities, risk levels, and recommendations for improving system security.
### Penetration testing method
Penetration testing methods are types of security testing approaches used to evaluate how secure a system is based on the information and access given to the pentester. These methods determine how the testing process is carried out to simulate different types of real-world attacks.
In general, penetration testing methods are divided into several types:
**Black Box Testing**\
In this method, the pentester is not given any internal information about the system being tested. The testing is performed like an external hacker trying to find security weaknesses without knowing the system structure. This method is used to test security from an outsider’s perspective.
**White Box Testing**\
In this method, the pentester is given full access to system information, such as source code, network architecture, configurations, and certain credentials. The testing is done in depth to identify vulnerabilities that may not be visible from the outside.
**Gray Box Testing**\
This method is a combination of black box and white box testing. The pentester is given limited information or partial access to the system. This approach is used to simulate attacks from internal users or parties who already have some level of access.
### Penetration testing scope
Before the penetration testing process begins, the scope is defined to explain which systems, applications, networks, or assets are allowed to be tested by the pentester. This helps ensure that the testing process is focused, safe, and does not disrupt the organization’s operations.
Defining the scope is very important because it helps avoid testing unauthorized systems, reduces the risk of downtime, and ensures that the pentest aligns with the company’s goals and requirements. The scope is usually agreed upon by the client and the pentesting team before the testing starts.
Some common elements included in a pentest scope are:
**Testing Targets**\
Defines the assets to be tested, such as websites, servers, mobile applications, APIs, internal networks, and wireless devices.
**Testing Limitations**\
Explains which areas are not allowed to be tested, such as certain production databases, critical systems, or services that could cause operational disruptions.
**Testing Methods**\
Determines the type of testing used, such as black box, white box, or gray box testing.
**Testing Schedule**\
Defines the timeline and duration of the pentest to avoid interfering with the company’s business activities.
**Rules of Engagement**\
Contains the rules and agreements during the penetration testing process, including allowed techniques, reporting procedures, and how to handle critical vulnerabilities if they are discovered.
In the SDLC (Software Development Life Cycle), there are several common development methods, such as Waterfall and Agile. Each method works differently, including how security and penetration testing are applied.
### SDLC (Software Development Life Cycle)
**Waterfall Model**
The Waterfall method is a linear and sequential SDLC model. Each phase must be completed before moving on to the next one.
**The typical stages are:**
* Requirement (gathering requirements)
* Design (system design)
* Development (coding)
* Testing
* Deployment
* Maintenance
**Relation to Pentesting:**\
Penetration testing is usually done in the Testing phase (at the end of the process). This means security is checked only after the application is fully developed.
The drawback is that if major vulnerabilities are found, the project may need to go back to earlier stages, which can take a lot of time and cost.
Waterfall is suitable for systems with clearly defined requirements from the beginning, but it is less flexible when dealing with dynamic security needs.
**Agile Model**
The Agile method is an iterative and flexible SDLC model, where development is done in small cycles called sprints.
Each sprint usually includes:
* Planning
* Light design
* Development
* Testing
Then the cycle repeats for the next features.
**Relation to Pentesting:**\
Penetration testing can be done in every iteration (continuous security testing). Security is not delayed until the end of the project but is tested step by step.
This approach fits well with modern practices like DevSecOps, where security (including pentesting) is integrated from the beginning. If vulnerabilities are found, they can be fixed quickly because development is still ongoing in small cycles.
### Checklist assesments
A checklist assessment in penetration testing is a list of security aspects used as a reference to comprehensively evaluate the security level of a system. Frameworks such as OWASP Web, OWASP API, and OWASP MASTG are used to ensure that every layer of an application—whether web, API, or mobile—meets established security standards.
In the **OWASP Web Application Security Assessment**, the main focus is on web application security such as access control, data encryption, input validation, system configuration, and protection against common vulnerabilities like injection, XSS, and misconfiguration. This checklist helps ensure that web applications do not contain exploitable security gaps.
Meanwhile, the **OWASP API Security Assessment** focuses on the security of Application Programming Interfaces (APIs). This assessment covers object authorization, authentication, access control, business logic security, and protection against API endpoint abuse. This is important because APIs are often primary targets in modern service-based systems.
On the other hand, **OWASP MASTG (Mobile Application Security Testing Guide)** is used to evaluate mobile application security. This assessment includes on-device data protection, communication security, resistance to reverse engineering, as well as anti-tampering and anti-debugging mechanisms. The goal is to ensure that mobile applications remain secure even when operating in environments that cannot be fully controlled.
Overall, these three frameworks are used as standards in security assessments to ensure that web, API, and mobile applications meet industry best practices and are capable of defending against evolving cyber threats.
Here the related checklist
OWASP WSTG
{% embed url="" %}
OWASP API
{% embed url="" %}
OWASP MASTG
{% embed url="" %}
AD (Active Directory)
{% embed url="" %}
{% embed url="" %}
Cloud
{% embed url="" %}
ATM and KIOSK
{% embed url="" %}
### NDA (Non-Disclosure Agreement)
An NDA (Non-Disclosure Agreement) is a confidentiality agreement made between a pentester and the system owner (client) before security testing is carried out.
The main purpose of an NDA is to ensure that all information obtained during the penetration testing process remains confidential and cannot be shared with other parties without permission.
#### Functions of NDA in Pentesting
**1. Protecting Data Confidentiality**\
All information found, such as security vulnerabilities, system configurations, or sensitive data, must not be disclosed.
**2. Protecting the Client’s System**\
Pentest results can be very sensitive, so the NDA ensures that this information is not misused.
**3. Defining Information Access Limits**\
The pentester is only allowed to use data within the agreed scope.
**4. Legal Protection**\
An NDA has legal force if a violation occurs, protecting both parties.
#### Common Contents of an NDA in Pentesting
An NDA usually includes:
* Types of information considered confidential
* Prohibition of sharing pentest results with third parties
* Duration of confidentiality (e.g., 1–5 years or permanently)
* Legal consequences if the agreement is violated
* Ownership rights of the pentest report
#### Relationship Between NDA and Pentesting
In penetration testing, an NDA is very important because:
* Pentesters may access sensitive systems
* They may discover important data such as databases, credentials, or system weaknesses
* Leaked reports could seriously impact a company’s reputation
## What it is corelation in OSINT?
Why is penetration testing related to OSINT? In OSINT, especially for security testing, information gathering is used to analyze a target or application. For example, platforms like Instagram can be used for OSINT purposes.
Instagram can be utilized to collect publicly available information, such as user relationships (followers and following), bio information, and other visible profile data. In some cases, publicly exposed APIs or misconfigured endpoints may also unintentionally reveal additional information, including data related to private accounts or internal account relationships.
The goal is not to hack the system, but to understand the system’s behavior, business logic, or flow that can be analyzed and used as an OSINT data source.
In cybersecurity, OSINT allows you to discover more information about a target. For example, during analysis you may find vulnerabilities such as:
* Subdomain takeover
* Credential leaks
* Misconfigurations
* Leaked business documents
* Exposed assets such as JavaScript files
* Known vulnerabilities (CVE-related issues)
With OSINT, you can perform a full reconnaissance of a target to map its digital footprint and identify potential security weaknesses before deeper testing is conducted
Example case about OSINT and enumeration
For example, when identifying your target’s attack surface—such as looking for clues like credential formats, APIs, or documentation—you can search YouTube, social media, and GitHub. For instance, if you find login credentials in YouTube content or people complaining on Facebook, those clues can be used for enumeration
Or, for instance, if you find an API key leak, a hardcoded key, or sensitive information within your target application, you can investigate further—for example, to see if there’s a connection to Firebase or an LLM API—and try parsing the keys, APIs, or information you’ve discovered from these various points to identify the attack surface
## Requirement skills
To become a competent penetration tester, especially in utilizing OSINT (Open Source Intelligence) techniques as an information source, there are several fundamental skills that need to be mastered. These skills form an important foundation before moving on to more advanced security testing techniques.
### Knowing Attack Surface
Understand the attack surface by mapping all aspects of the target or conducting reconnaissance. For example, gather information on IP addresses, DNS, Whois, document leaks, data leaks, and credential leaks, as well as the assets used and even the employees. The goal is to identify potential vulnerabilities that can be exploited as entry points and to understand the relationships between assets. Essentially, you’re conducting a more in-depth analysis of the target to identify potential security gaps.
### **Basic Programming**
A pentester needs to understand basic programming in order to read, understand, and sometimes modify scripts or simple exploits. Commonly used languages such as Python, Bash, or JavaScript are very helpful for automating testing processes and analyzing data.
### **Basic Impact and Risk Rating**
Understand the vulnerability's impact and risk rating, for example, using the CVSS or OWASP calculator. For example, if SQL Injection with full privileges and writable access allows an attacker to perform Remote Code Execution (RCE) and steal the database, then this risk is considered critical. Then, you should proceed based on the CVSS or OWASP calculator.
**OWASP CALC**
{% embed url="" %}
**CVSS CALC**
{% embed url="" %}
#### The Difference Between the OWASP and CVSS Risk Calculators
OWASP focuses more on management and the big picture—for example, understanding the system, the number of users, business systems, and business risks. OWASP is more risk-oriented and business/application-oriented. For instance, it examines why a vulnerability is dangerous, how an attacker exploits it, and the impact on the business and reputation
CVSS is more technically oriented, such as determining whether a vulnerability is critical or low. CVSS is more technical and quantitative; its exploitability and impact are more technically focused. In contrast to OWASP, it does not include user, business, or reputation factors in its calculations or explanations when assessing risk levels.
### Basic Database
Learning the basics of databases such as RDBMS (Relational Database Management System), DBMS (Database Management System), and NoSQL is one of the important foundations in cybersecurity and penetration testing. This knowledge helps someone understand how data is stored, processed, managed, and accessed by applications or servers. In addition, understanding database structures, SQL queries, table relationships, database authentication, and user permissions is essential for analyzing the security of a system.
In the context of security, database knowledge is used to understand how security vulnerabilities can occur, such as SQL Injection, insecure queries, database misconfigurations, privilege escalation, and sensitive data leaks. Furthermore, understanding the differences between relational databases (such as MySQL, PostgreSQL, and SQL Server) and NoSQL databases (such as MongoDB, Redis, and Cassandra) helps a pentester adapt testing techniques to the technologies used by the target.
By learning basic database concepts, a security practitioner can better understand application backend workflows, analyze data communication, and identify potential security risks related to data storage and management within a system.
### **Basic HTTP Requests**
Understanding how HTTP/HTTPS works is essential because most modern applications are web-based. Pentesters must understand requests such as GET, POST, cookies, headers, and responses in order to analyze communication between client and server. Example JWT, cookie auth, Http security headers, http request body e.g json, url form ecnoded, multipart form data
### **Basic Networking**
Basic computer networking concepts such as TCP/IP, DNS, subnetting, ports, and routing are important to understand how data moves across networks and how attacks can be performed or prevented.
### **Basic Reconnaissance**
Reconnaissance is the initial stage in pentesting used to gather information about a target. This includes domain and subdomain discovery, IP addresses, technologies used, and publicly available information gathered through OSINT.
### **Basic Reporting**
A pentester must be able to create clear and professional reports. The report should include vulnerability findings, risk levels, proof of exploitation, and remediation recommendations that can be understood by both technical and non-technical teams.
### **Ethics**
Ethics is very important in penetration testing because all activities are performed on someone else’s system. Pentesters must work legally, respect confidentiality agreements (NDA), and never misuse the access they have.
### **Basic OWASP Checklist**
Understanding the OWASP Top 10 is essential to recognize common web application vulnerabilities such as SQL Injection, XSS (Cross-Site Scripting), Broken Authentication, and others.
### **Understanding Web Application Architecture**
Pentesters must understand how web applications work, including the frontend, backend, database, APIs, and how these components interact with each other.
### **Understanding Business Logic**
In addition to technical skills, pentesters must also understand the business flow of an application. This is important for identifying non-technical vulnerabilities, such as business logic flaws, which occur due to design or workflow mistakes in the system.
### **Non-technical skills (soft skills)**
Non-technical skills (soft skills) are abilities related to how a person interacts, communicates, thinks, and collaborates with others in both the workplace and everyday life. In a professional context such as penetration testing or the technology field, soft skills are very important because they are not only focused on technical abilities, but also on how someone presents results, works in a team, solves problems, and maintains work ethics and responsibility. These skills include good communication, critical thinking, problem-solving, time management, and the ability to adapt to changing situations.
### **Understanding common pentesting tools**
Tools is the ability to recognize, use, and understand the functions of various tools used in security testing, such as tools for scanning, enumeration, and vulnerability analysis. In addition, a pentester also needs to understand how to properly use each tool. For example, in Burp Suite, it is important to understand features such as Proxy for capturing and modifying HTTP requests, Intruder for automated testing of parameters, Repeater for manually testing requests, and Scanner for detecting vulnerabilities in web applications. By understanding these features, the penetration testing process can be carried out more effectively, in a structured way, and aligned with the security testing objectives.
### **Basic system operation (OS)**
Basic knowledge of operating systems for cybersecurity or pentesting refers to a fundamental understanding of how operating systems such as Windows and Linux work, including how they manage files, processes, users, permissions, and networking. This knowledge is important because most security activities and system testing are performed directly within operating system environments.
In this basic area, a person needs to understand file system structure, basic command-line (terminal) commands, user management and access rights, as well as how processes and services run within the system. In addition, understanding system logs, network configuration, and how the operating system communicates is also very important for analyzing suspicious activities or performing security testing.
By mastering the basics of operating systems, an aspiring pentester or cybersecurity practitioner will find it easier to conduct investigations, run tools, and understand how an attack or security vulnerability can occur at the system level.
### **Hardware penetration testing**
Hardware tools in penetration testing for basic-level pentesting are physical devices used to support the process of security testing in networks, devices, and physical environments. In addition to a laptop with sufficient specifications to run pentesting tools and a bootable USB such as Kali Linux, there are several other commonly used devices.
For example, a Raspberry Pi can be used as a mini server, a network monitoring tool, or a portable device for attack simulation and security testing. Then there is a Wi-Fi adapter with monitor mode, which is used for wireless network analysis, packet capturing, and Wi-Fi security testing. In addition, an RTL-SDR (Software Defined Radio) is often used for radio signal analysis, such as wireless communication frequencies, RFID, or IoT devices.
Other relevant tools include a USB Rubber Ducky, which can be used to simulate automated keystroke injection attacks on a system, as well as a network cable tester to analyze and ensure the physical condition of wired networks. There are also devices like HackRF One, which are used for broader radio signal exploration and testing.
By understanding and using these hardware tools, an aspiring pentester can perform more comprehensive security testing, covering networks, systems, and even physical devices that support technological infrastructure.
## Intermezzo
During my career and study of IT as a developer (web) 2 ++ years and IT Security consultant for approximately 3 ++ years. I studied IT in early 2019 Q1, I first learned about programming, before I entered university I studied a little programming languages such as basic HTML, C, C++ then in college I studied more things such as algorithms and data structures, networks, IoT, development, IT security and business management. FYI I majored in information systems. In this section, I'll discuss how I studied and landed my dream job. Many people, especially students and the general public, have asked me about this, so I'll provide some tips based on my personal experience. Here are some things you can do:
### High commitment (is key)
You must be committed. IT is a vast field, especially since this field is segmented. For example, in IT security, if you dive into this field, there are several skills you must understand. IT is very broad, even if you choose a field like IT security or development. Commitment is the first step to starting and diligently learning in this field.
In 2019 I often stayed up late to study, I don't recommend you to stay up late because it's unhealthy, but for me personally I spent all night and stayed up late to pursue my skills and knowledge, for example I learned about the programming languages Php, Python and java script, and I only used time on Sundays to rest to relieve stress and play hobbies
You can follow my way of studying by always setting an alarm every hour, for example, when I was in college, I always used my time to study, for example, in the afternoon, if the lectures were finished, I always finished my assignments first, after that I studied new things that I wanted to know, for example, at 8 pm I set an alarm for studying until I got bored, I always tried little by little first, for example, trying to read articles or books, then I watched tutorials in the form of videos, then I tried to apply what I had learned.
### Supportive environment
To learn penetration testing optimally, a supportive environment is needed to support the learning process and personal development, such as family and parents who provide moral support and motivation, a healthy and supportive (non-toxic) circle of friends, positive communities with an interest in technology or cybersecurity, and schools or educational institutions that have adequate facilities. With these supports, the learning process can run in a more focused, consistent, and structured way in understanding the field of penetration testing.
Having a supportive environment will make you feel comfortable while studying. For example, if you have a supportive or well-off family, use that privilege. Don't be embarrassed; this is your advantage. Take advantage of a supportive environment to learn. Find friends and a community that supports you and provides encouragement and motivation to learn.\\
### Do a something (is key)
Do something, such as starting your own community or trying to create a web-based application for your portfolio. Or, try starting small, such as creating a small community and becoming a speaker. Don't be afraid or embarrassed; it's normal to make mistakes or be nervous at first. Or, if you feel like you're not up to it, try writing an article based on your learning and publishing it on your blog.
There's a lot you can do. You can also take a free certification or a promotional one first. Certifications tend to be expensive, but if you have the financial means, I recommend getting a prestigious certification like OSCP, CPSA, CEH, and others. However, if you're on a tight budget, I suggest looking for free options like CICSO Academy, Udemy, or EC Council, or taking a promotional or free certificate to test your skills.
I'm not a bug bounty player, but if you can't do all of those things, try trying bug bounties. For example, you can register on platforms like Hackerone or Yes We Hack to start your portfolio as a bug bounty. Look for bug bounties starting from small ones, such as business logic, input validation, broken access control. This bug bounty experience will be useful when you apply for jobs.
By doing something, I'm sure you'll find opportunities, such as job opportunities, broader connections and relationships, gaining recognition, gaining trust, and building your reputation. I emphasize this point. If you're working in the IT field, I recommend starting small, like writing, becoming a speaker, or building a community. The goal is to find opportunities and your dream job.
### Privilege (is key)
Privilege in the context of finding a job in IT security refers to advantages or certain access that a person has through professional networks, experience, communities, or relationships with people in the industry, which can provide added value in career development. In real cases, this privilege is often seen when someone more easily gets job vacancy information from connections in cybersecurity communities, receives direct recommendations from seniors or mentors working in technology companies, or is invited to job interviews because they are known through networking, forums, or contributions to open-source projects.
In addition, privilege can also help students or job seekers who are trying to enter the IT security field, for example by receiving guidance from experienced practitioners, gaining access to information about in-demand industry skills, and even opportunities to join internships or training programs through recommendations from their network. In some cases, “insider” connections can also provide more realistic insights about recruitment processes, company work culture, and the expectations needed to compete in the IT security job market.
However, this privilege must still be balanced with technical skills, a strong portfolio, and professional ethics, because the IT security industry ultimately prioritizes competence and proven ability. In other words, networking and privilege can help open access to opportunities, but effort, consistent learning, and skill readiness remain the main factors for students or job seekers to grow and succeed in the IT security field.
### Mindset
Mindest tries to do things like problem-solving and critical thinking. For example, if you're lazy about conducting recconisase, you can create your own tools to monitor and do that work. Also, cultivate the mindset that friends are new information and knowledge that will form the foundation of your own knowledge.
### Leveraging AI for IT learning development
Artificial Intelligence (AI) and Large Language Models (LLMs) can serve as important foundations in learning IT because both help in understanding concepts, speeding up the learning process, and improving problem-solving skills more efficiently. AI plays a role in analyzing data, recognizing patterns, and automating processes, while LLMs, such as language models, help in understanding, explaining, and generating technical text as well as programming code.
In the learning process of IT, AI and LLMs can be used as learning assistants that help explain basic concepts such as networking, programming, operating systems, and cybersecurity in a more understandable way. In addition, LLMs can also assist in coding practice, debugging, and simulating technical questions that often appear in the IT industry.
By utilizing AI and LLMs, learners can accelerate their understanding of complex concepts, explore technology more independently, and improve analytical and logical thinking skills that are highly needed in the IT field. Therefore, AI and LLMs can act as strong supporting foundations in building knowledge before moving into more specific fields such as software engineering, data science, or IT security.
### Study what you are interested in
Learn what interests you. The world of IT is vast, so filter and segment what you like to learn. For example, if you like malware or OSINT, then do that. With interest, your enthusiasm and motivation to learn will be quick and easy to understand, and reduce things that you don't need to learn in depth. You can focus on what you like to learn, learn slowly, for example, try to commit to reading, watching tutorials, and practicing to apply what you learn in one month.
### What should I do when I'm already have a job?
Some people have asked me about switching careers, for example, from developer or business management to IT consultant. There are several things you can do:
#### Take your time
Find free time to learn, for example, after work, use that time to learn. Start small, for example, read books or articles before you try to practice, understand little by little for your new knowledge, for example, today I will learn OWASP about access control, then the next day OWASP business logic flow
#### Join the community
Find a community in your area. Look for positive, supportive communities. Ask them questions to learn new things. Join seminars and webinars to broaden your knowledge.
#### Networking
Build and expand professional connections with people in the technology and cybersecurity industry, such as fellow pentesters, security engineers, cybersecurity communities, and practitioners in technology companies, with the aim of exchanging information, finding job opportunities, and improving knowledge and experience in the field. With good networking, a person can more easily find career opportunities, receive recommendations, and understand the latest developments in the IT security world.
### Commitment (is key)
Commitment, with commitment you will get used to what you do. Try to learn little by little, don't rush it, especially since you've been working, there will definitely be times when you're tired. My suggestion is to try to commit, for example, study every hour per day to understand something. If you have, try to do more than 1 hour, repeat it every day so you will continue to learn.
#### Privilege (is key)
If you have privilege, take it. This is your advantage, for example, if you have a good boss, a family with sufficient financial means, or supportive parents. For example, if you have a good boss, don't work overtime every day and use your free time to learn new things, or take a few days off (take a leave) to catch up. A good boss is a beautiful thing in the professional world. A good boss is someone who always supports their staff.
Or, you can use your privilege to quit your job if you have enough financial means to try a career switch and start from scratch. For example, quit your job and focus on learning IT for six months full-time, after which you can try this IT career.
#### Certification
Start saving to buy certification in the IT field, for example, try taking a cheap certification first, for example PNPT from TCM or BSCP from portswigger to test your skills and your new knowledge, if you feel it is enough, try looking for a job and start your new career in the IT consulting or end user field.
### Tired and struggling?
Yes, I'm understood, many people have confided in me about being tired and complaining when looking for work and the many jobs. This is normal, every human being has a low point in their life, but you should not give up. To be honest, I also sometimes complain and feel tired "but not often, for example, in 1 month I get a difficult job or learn something difficult" I will definitely complain, but I don't complain every day, I try to face it slowly. As I get older and I realize that I am not a person with a lot of money, limited connections, parents with limited connections, with this I continue to try to strive and commit to facing the problems I experience. Usually I try to be quiet, relax, turn off all devices and the internet or read books and entertainment to forget for a moment the problems I experience, try to hang out with my friends and do hobbies such as airsoft and skateboarding or visit nightclubs to relieve my stress
If you're feeling tired and struggling, try taking a break and accepting the hard truth. Admit your mistakes, accept them, and try to correct them one by one. Reduce the intensity of your studies or work if you feel stressed.
In my opinion, IT work is very stressful, especially when you're dealing with clients, external parties, cybercrime cases, and other things. This can be stressful and draining. The way to manage it is to temporarily relieve it. This depends on your method of stress relief. However, if your stress persists, contact your boss or a psychiatrist to discuss your concerns. There will undoubtedly be a solution and an agreement to resolve your issues.
## Conclusion
I'm simply providing insight, and I don't think I understand everything. I'm also constantly learning to improve my skills. However, in this article, I simply intend to share information and my experiences during my career in IT without offending anyone. Regardless, adapt your own way of learning and dealing with problems, as long as you do it correctly.
Throughout my IT studies and career, from college to working in the banking and consulting industries, it's been stressful and time-consuming. Everyone has their own way of managing their learning and finances. I believe nothing in this world is instant. You can't understand everything quickly or quickly. Everything takes time and trial and error. There are considerations you can make, such as sacrifices in terms of time, energy, and money. This is a harsh reality, but despite all that, I believe every human being will always strive to survive, regardless of whether the method is right or wrong. This is how the world works. We are obliged to strive and strive at all times and remain on the right (non-illegal) path.
As a writer, I always express my gratitude to everyone who has supported me throughout my studies and career. Therefore, I try to commit to sharing my experiences and what I've learned with the public (not everyone), but doing so makes me happy, especially with my friends who always provide feedback. Thank you for your support, everyone. Happy learning and always strive.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/intelligence-base/all-about-penetration-testing.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.