The folks of Pauldotcom Security Weekly podcast inspired me to write something about using 0day exploits for pentesting.

The question was, whether or not it's a good idea or fair to use those in a pentest.

My take on this is like "hell yeah!". But there are some more aspects to that topic of course, otherwise I wouldn't have considered writing a blogpost on it.

So first off, let's discuss what the intention of using 0days in pentesting might be. For me…