Re: Where to start?

[krymson () gmail com]

Honestly, I could ramble on this topic for days, but I'll try to just offer up a slice.

I already read the post about pentesting really requiring some programming and experience and such. This is true, and I 
would first recommend reading some books about the subject and getting the mind wrapped around the difference between a 
vulnerability assessment and a real pen-test (too often actual pen test shops still use the terms wrong!). For 
instance, a pen-test may do some programming whereas a vuln assessment may run scanners against things and that's about 
it.

Tate Hansen posted an excellent diagram a while back 
(http://blog.clearnetsec.com/articles/2006/09/19/competing-for-network-based-security-assessments). Consider the Basic 
and Intermediate columns to be a vuln assessment and the Advanced steps to be a pen-test.

Anyway, get used to scanning and seeing all kinds of stuff and just practice, practice, practice!

Get to a point where you can do a pen-test/vuln assessment and know whether you are going to impact system uptimes. 
This is amazingly valuable and, in my books, the mark of a superior tester/assessor. "Oh, I didn't know a full Nessus 
scan with DoS testing would potentially freeze your Windows box...sorry!" is not a good pill to swallow. Do the 
breaking in your network or your friends' networks! :)


<- snip ->
Hello everyone,

I'm looking forward to a career in the security field. Specifically, I'm interested in Pentesting. I concider myself 
"early" in my education, and have alot to learn, but my biggest concern is, where do I need to start?

I mean, what do I need to learn about to become a pentester, and where can i gather and explore my knowlage?
...
So, what information do i need to study to start getting a grasp of what I would be doing in my job? (other than just 
start hacking random computers, which I'd rather not do)

I appreciate your help,

Michael