Re: Info about Pen Testing

From: Christoph Puppe (puppe@hisolutions.com)
Date: Sat Mar 10 2007 - 08:13:29 EST


Salve,

I've started, 8 years ago, by reading from start to end the accumulated
volumes of "Hacking Exposed". Just by understanding past exploits, you can
see the various vectors of intrusion. Then you need to try a lot of the
stuff in this books, get a VMWare Workstation with many different targets
and hack them. Put a firewall between you and the targets to get a more
real live experience. Then read full-disclosure and bugtraq to learn about
new stuff. Read and analyse the exploit code found for example in
metasploit. Subscribe to feeds from it sec sites, to get new papers on new
vectors and types of exploits. Loads of stuff to try in your lab.

Ah, and the first two volumes of "How to own the ..." are very good as
well. Next books depend on what you specialize. Get the books that help you
to understand the services you want to attack in depth. Hacking is imho
always an example of understanding a software better than the programmers
of said binary.

Good luck ;)

Gerrit @ DeadSet Internet Technologies wrote:
> Hi
>
> I am new to the list so if I ask the wrong the wrong questions or in the
> wrong way, please excuse me ;)
>
> I have recently done the CEH course, but what I would like to know is
> what the best way is to actually learn the skills required to do
> penetration testing. I know that actual practice is best, but are there
> any good material like tutorials that can assist in this learning process.
>
> Thank you in advance
>
> GK
>

-- 
Mit freundlichen Grüßen
Christoph Puppe
Security Consultant
We secure your business.(TM)
_______________________________________________________
HiSolutions AG     Phone:    +49 30 533289-0
Bouchéstrasse 12   Fax:      +49 30 533289-99
D-12435 Berlin     Internet: http://www.hisolutions.com
_______________________________________________________
Mindestinformationen im geschäftlichen E-Mail-Verkehr nach §37a HGB:
Sitz der Gesellschaft / registered office:
Berlin
Handelsregistereintrag / Commercial register:		
Amtsgericht Berlin Charlottenburg - HRB 80155
Vorstand / Management Board:		
René Grosser,  Torsten Heinrich, Timo Kob, Michael Langhoff
Vorsitzender des Aufsichtsrates / Chairman of the supervisory board:
Prof. Dr. Klaus Müller
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:39 EDT