Does this count as APT?

So, I got offer to do a test for some medium sized business and wired thing is the IT department tells me you have to provide us with exactly how long you could be undetected or have access to their network and then says I would like to see a stay of over two months. I shook my head and left. Why would someone ask me to stay for X amount of time when its just a pentest? :confused: I will probably decline the offer because I do not have 2 months to spend on one attack.

Does this seem fishy?

ADvAnceD PeRSisTenT tHrEAt.

Honestly, I don’t even know what the definition of this term is anymore. People throw it around so frequently for a wide variety of scenarios including just simple targeted attacks. I’d like it if people just set a proper, universal definition for these kinds of things. Seems like something computer people have trouble with in general.


No idea what you mean about APT?

But if the client is willing to pay you for 2 months work of work at your rate, why not?

That’s serious cash. 250x8x80

One pentest lasting two months on same network is gonna be very boring, just collecting data for 2 months. I mean I might let me my friend do the collection and I do the pentest but if he doesn’t agree, shit I’m gonna decline the offer.

Also @dtm IMHO an APT is an attack that is not only targeted but also the goal is to gather as much data and have access for a long period of time without being found. So, not just an targeted attack, a go for a trip attack.

I feel like that’s possible for any random hacker. Doesn’t necessarily make them “APT”.

1 Like

Idk man, a 2 month full scope engagement sounds like heaven to me.

Preform recon and osint on every employee, craft a series of very good well thought out phishing emails building rapport.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.