Re: Aspiring Pen-Tester Seeking Advice

["Peter Manis" <manis () digital39 com>]

I am also working towards a career in security and I am getting ready
to start the training for the Offensive Security certification.  Is
the link Krymson provided in the beginning of his post a general
procedure layout for a pen test?  It looks like a very thorough list
and somewhat overwhelming, is it more of a standard of what needs to
be done and the order or just a list some testers have compiled?

- PM

On 10 Aug 2007 18:02:19 -0000, krymson () gmail com <krymson () gmail com> wrote:
> Get used to seeing this link:
>
>
> http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
>
>
> Like Sectools.org, check out this list of steps/tools and start picking out ones you want to try. A good book like 
> CounterHack Reloaded will give good guidance on the steps of a pen-test (attacker), but nothing beats getting your 
> hands bloody with the tools. Make it a personal goal to at least read up on every tool in those lists, if not 
> actually trying them all out. You might not become an expert in them in a week or tinkering, but it gives you the 
> ability to apply those tools to real-job situations which then starts to beef up your "expertness."
>
>
> In the process of setting up scenarios in your lab, pay attention when you set up things like Apache or other 
> services. Even as you test tools against them, you can very much learn how they work and how to configure them to fix 
> any openings you create. Standing up a SQL server? Take some time to learn a bit of SQL yourself and how to 
> manage/admin the system as you poke and prod it.
>
>
> You could also try out some purposely vulnerable setups like:
>
> Damn Vulnerable Linux
>
> HackMe series
>
> OWASP's WebGoat
>
>
> And try to poke at, and read the solutions to, various puzzles online, like challenges at the Ethical Hacker's 
> Network. Even if you're stumped, you can still learn a ton!
>
>
> I'll let you Google those yourself, as Google-fu is going to serve you forever.
>
>
> That is all fun, and not really getting too mired in something that might turn you away quick, like programming and 
> memory forensics (which admittedly isn't for everyone). But eventually you'll probably scratch the itch to learn some 
> scripting/coding language like Python, Ruby, or even the venerable Perl.
>
>
> Use Metasploit for ease of penetrations (kinda like lube for...err...cough) and try to scan everything you can with 
> nmap and nessus and vuln assessment tools. Get used to the output.
>
>
> If you're up to it, start a sniffer somewhere in your network anytime you do stuff, and check out the packets. You 
> don't necessarily need to understand every flag and bit, but the more you see it all, the more easily it will 
> eventually make sense. I bet you get some of this with your IDS now anyway! :) If so, try packet crafting!
>
>
> That should be a good year's worth of personal time invested!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------