Penetration Testing mailing list archives
Re: Info about Pen Testing
From: Christoph Puppe <puppe () hisolutions com>
Date: Sat, 10 Mar 2007 14:13:29 +0100
Salve, I've started, 8 years ago, by reading from start to end the accumulated volumes of "Hacking Exposed". Just by understanding past exploits, you can see the various vectors of intrusion. Then you need to try a lot of the stuff in this books, get a VMWare Workstation with many different targets and hack them. Put a firewall between you and the targets to get a more real live experience. Then read full-disclosure and bugtraq to learn about new stuff. Read and analyse the exploit code found for example in metasploit. Subscribe to feeds from it sec sites, to get new papers on new vectors and types of exploits. Loads of stuff to try in your lab. Ah, and the first two volumes of "How to own the ..." are very good as well. Next books depend on what you specialize. Get the books that help you to understand the services you want to attack in depth. Hacking is imho always an example of understanding a software better than the programmers of said binary. Good luck ;) Gerrit @ DeadSet Internet Technologies wrote:
Hi I am new to the list so if I ask the wrong the wrong questions or in the wrong way, please excuse me ;) I have recently done the CEH course, but what I would like to know is what the best way is to actually learn the skills required to do penetration testing. I know that actual practice is best, but are there any good material like tutorials that can assist in this learning process. Thank you in advance GK
-- Mit freundlichen Grüßen Christoph Puppe Security Consultant We secure your business.(TM) _______________________________________________________ HiSolutions AG Phone: +49 30 533289-0 Bouchéstrasse 12 Fax: +49 30 533289-99 D-12435 Berlin Internet: http://www.hisolutions.com _______________________________________________________ Mindestinformationen im geschäftlichen E-Mail-Verkehr nach §37a HGB: Sitz der Gesellschaft / registered office: Berlin Handelsregistereintrag / Commercial register: Amtsgericht Berlin Charlottenburg - HRB 80155 Vorstand / Management Board: René Grosser, Torsten Heinrich, Timo Kob, Michael Langhoff Vorsitzender des Aufsichtsrates / Chairman of the supervisory board: Prof. Dr. Klaus Müller ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Info about Pen Testing Gerrit @ DeadSet Internet Technologies (Mar 09)
- Re: Info about Pen Testing Security Guy (Mar 10)
- Re: Info about Pen Testing Christoph Puppe (Mar 10)
- Re: Info about Pen Testing - how to tackle complexity? Petr . Kazil (Mar 13)
- Re: Info about Pen Testing - how to tackle complexity? Gadi Evron (Mar 13)
- Re: Info about Pen Testing - how to tackle complexity? Petr . Kazil (Mar 13)