So, I got offer to do a test for some medium sized business and wired thing is the IT department tells me you have to provide us with exactly how long you could be undetected or have access to their network and then says I would like to see a stay of over two months. I shook my head and left. Why would someone ask me to stay for X amount of time when its just a pentest? I will probably decline the offer because I do not have 2 months to spend on one attack.
Does this seem fishy?