Penetration Testing mailing list archives
Re: Beginner Pen Tester Blog
From: admin <admin () propergander org uk>
Date: Sat, 17 Sep 2011 22:48:09 +0100
Hi Dave, I tried posting comments to your blog but being a paranoid privacy freak and blocking javascript,cookies etc. Those comments will probably never hit your blog. Script kiddying is easy, any retard can run other people exploits and compromise the systems of those lax on security. Metasploit will only provide exploits for those systems that have not been patched against known vulnerabilities. Although getting your head around metaploit is no bad thing, all you will learn is how to use metasploit. Surprises me that people call themselves pentesters because they can use Metasploit. Linux is what you should pentest from. The real skill comes from reading all those RFC's and finding an avenue for a potential exploit, fuzzing web apps, frameworks and exe's etc. hack from a Linux box Understand netcat, perl, the TCP/IP protocol and write your own tools and find new exploits. I don't know your skill level but it is a long road that shifts constantly. I found http://www.hackthissite.org a pretty good starter for web application hacking. It really helps the understanding of web application penetration and SQL injection etc. Most hacking these days is done through the internet. Or socially engineering a user to a spoofed logon page or getting them to download a trojaned <insert name of celeb hearthrob> screen saver or bound codec/pdf. Curiosity kills more cats these days than IIS worms. Checkout honeynet.org too and perhaps setup a honeynet, that is a good learning exercise and entertaining. I will happily post to your blog but not if I have to let the javascript and cookies of half a dozen corporations run on my box ;-) good luck feel free to contact me off list regards another security dude based in the UK ps Virtualbox is cool. On 12/09/2011 17:04, tentpester wrote:o
Hi All, I'm probably opening myself up for a lot of ridicule here but I thought I would share a link to a new blog I've created: http://tentpester.blogspot.com/ http://tentpester.blogspot.com/ The idea behind it is to describe my experiences while attempting to become a pen tester. Thought it might be of use to anyone else in the same boat as me at some point in the future. Alternatively it might be good for a laugh for all you professionals! Any (constructive!) comments welcome Cheers
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Beginner Pen Tester Blog tentpester (Sep 16)
- Re: Beginner Pen Tester Blog arvind doraiswamy (Sep 17)
- Re: Beginner Pen Tester Blog Mahesh Kukreja (Sep 17)
- Re: Beginner Pen Tester Blog admin (Sep 17)