Re: [PEN-TEST] How to "break into" the Pen-Testing field

[Bob Radvanovsky <rsradvan () UNIXWORKS NET>]

At 04:06 PM 9/8/2000, you wrote:
> I am wondering how did the readers of this list get into the pen-testing
> field? What steps did you take to get from where you started in the field to
> where your at now? Did employers train you? Did you get promoted into it?
> Did you create the position yourself?

Some people would say that they learned it during their years as hackers
breaking into Pentagon and NORAD systems in the 70's and early 80's.  Other
people would say that it comes easy to them.  While still others have been
"elmered" (mentored by a master hacker) in the Art of Hackerdom.

I consider penetration testing & analysis a form of hacking, but highly
controlled and very focused on its objective.  To those who love
challenges, have a keen sense of vision (have a macroscopic view on life as
opposed to microscopic view) and could/would sometimes be considered
"paranoid" (always looking over their shoulders even though they've not
done anything wrong) -- then this field is the type for those people.  Give
them room -- LOTS OF ROOM -- give them a task and a final objective or
accomplishment, and you'll have your answer(s).

I consider hacking an artform, one in which it is a fluid-like study,
constantly changing and altering to mankind's current paranoias or states
of mind.  The artform is a form of expression, one that allows every person
who partake in it, to express how they would perform a certain task, in a
different method, or attack/approach the subject from different
perspectives (think of the phrase "thinking outside of the box").

It's not something that many feel that you learn within a classroom, though
there have (in recent years) been classroom settings which have attempted
to show/demonstrate how hacking works.

DISCLAIMER: I know that there are some that will be quick to correct me on
the term "hacking", as there some purists who feel that "hacking" is the
exploration for data/information in its truest sense (to find out knowledge
about something to its finite degree); whereas, others feel that "hacking"
is an extension of "cracking" "phreaking" and "pen-testing".  Forgive me
(to those who are the purists) -- as I am using the term loosely.

> Pen testing & security is a very interesting area of the IS field I would
> like to break into but many positions posted are requiring years of
> pen-testing skills which I just don't have outside of my personal lab at
> home (combo of Win95,NT Srv, RH Linux). Would you recommend starting at a
> big 5 firm? A small firm? Fortune 500's? Has anybody heard of any
> pen-testing firms in St. Louis?

Security and auditing companies are still attempting to figure the mindset
required for "pen-testing".  Quite simply put, I feel (in my humble
opinion) that in order to "catch a thief, you have to think like a
thief".  Now... whether or not this implies that you first have to be a
"blackhat" first before becoming a "pen-tester" (I feel) may be irrelevant
to why such companies are looking for these types of people.  Similarly, I
would use the following analogy: many "soldiers of fortune" went into
security fields after the various wars and skirmishes that have been found
since Vietnam; how did those people learn?  Simple.  They learned by doing
it, by being there, by experiencing it -- first hand -- and seeing all the
techniques and methods used, and using them against "combative targets" in
real-time, real-life.

To be honest, it would be difficult to practice for such techniques, as our
laws prohibit (obviously, that's why you're reading the articles here) such
activities.  Under a "lab environment", it would be difficult to simulate
such activities, unless you've recorded every single network packet
captured over <x> period of time.  This is costly (time, resources,
materials, etc.), so something such as this may also be out-of-the-question.

In closing, I don't know.  Study a few books and get an idea first of what
it means to be a hacker, a cracker, a deviant, a pen-tester...a
thief.  There are a number of good books that will allow you to get your
studies done.

Remember: it's not just the technique that you want to study, but the
mindset -- the psychology that goes behind the artform.

Start first, with acquiring the book about warfare techniques: The Art of
War by Sun-Tsu.  Worthwhile if you want to know how warfare techniques are
used -- even today.  Believe it or not, this is required reading for
military officers (or at least, was required reading) who went into
combative situations.  A compliment to this would be "Information Warfare"
by Win Schwartau, though a bit outdated on some of the tactics, still
worthwhile reading for strategic -level reading.

Next, look at "Hacking Exposed" by McClure Scambray Kurtz; also look at a
more recent book called "Hack Proofing YOUR Network" by Kevin Poulsen.

I know that some of this thread may have gone around the subject, but first
know your audience first before engaging under combative situations.  This
will not get you "killed" if you have some guidance.

Hope this helps...

Bob Radvanovsky
rsradvan () unixworks net


-------------------------------------------------------------------------
This email server is running an evaluation copy of the MailShield anti-
spam software. Please contact your email administrator if you have any
questions about this message. MailShield product info: www.mailshield.com