Re: Aspiring Pen-Tester Seeking Advice

From: krymson@gmail.com
Date: Fri Aug 10 2007 - 14:02:19 EDT

Next message: security curmudgeon: "Re: RE: Anyone have a copy of SCTPSCAN ????"
Previous message: Shenk, Jerry A: "RE: External Pentests Obsolete?"
Maybe in reply to: Ryan: "Aspiring Pen-Tester Seeking Advice"
Next in thread: Peter Manis: "Re: Aspiring Pen-Tester Seeking Advice"
Reply: Peter Manis: "Re: Aspiring Pen-Tester Seeking Advice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

('binary' encoding is not supported, stored as-is) Get used to seeing this link:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Like Sectools.org, check out this list of steps/tools and start picking out ones you want to try. A good book like CounterHack Reloaded will give good guidance on the steps of a pen-test (attacker), but nothing beats getting your hands bloody with the tools. Make it a personal goal to at least read up on every tool in those lists, if not actually trying them all out. You might not become an expert in them in a week or tinkering, but it gives you the ability to apply those tools to real-job situations which then starts to beef up your "expertness."

In the process of setting up scenarios in your lab, pay attention when you set up things like Apache or other services. Even as you test tools against them, you can very much learn how they work and how to configure them to fix any openings you create. Standing up a SQL server? Take some time to learn a bit of SQL yourself and how to manage/admin the system as you poke and prod it.

You could also try out some purposely vulnerable setups like:
Damn Vulnerable Linux
HackMe series
OWASP's WebGoat

And try to poke at, and read the solutions to, various puzzles online, like challenges at the Ethical Hacker's Network. Even if you're stumped, you can still learn a ton!

I'll let you Google those yourself, as Google-fu is going to serve you forever.

That is all fun, and not really getting too mired in something that might turn you away quick, like programming and memory forensics (which admittedly isn't for everyone). But eventually you'll probably scratch the itch to learn some scripting/coding language like Python, Ruby, or even the venerable Perl.

Use Metasploit for ease of penetrations (kinda like lube for...err...cough) and try to scan everything you can with nmap and nessus and vuln assessment tools. Get used to the output.

If you're up to it, start a sniffer somewhere in your network anytime you do stuff, and check out the packets. You don't necessarily need to understand every flag and bit, but the more you see it all, the more easily it will eventually make sense. I bet you get some of this with your IDS now anyway! :) If so, try packet crafting!

That should be a good year's worth of personal time invested!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Next message: security curmudgeon: "Re: RE: Anyone have a copy of SCTPSCAN ????"
Previous message: Shenk, Jerry A: "RE: External Pentests Obsolete?"
Maybe in reply to: Ryan: "Aspiring Pen-Tester Seeking Advice"
Next in thread: Peter Manis: "Re: Aspiring Pen-Tester Seeking Advice"
Reply: Peter Manis: "Re: Aspiring Pen-Tester Seeking Advice"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:00 EDT