Re: Beginner Pen Tester Blog

[admin <admin () propergander org uk>]

Hi Dave,

I tried posting comments to your blog but being a paranoid privacy freak and blocking javascript,cookies etc. Those 
comments will probably never
hit your blog.

Script kiddying is easy, any retard can run other people exploits and compromise the systems of those lax on security. 
Metasploit will only
provide exploits for those systems that have not been patched against known vulnerabilities. Although getting your head 
around metaploit is no
bad thing, all you will learn is how to use metasploit. Surprises me that people call themselves pentesters because 
they can use Metasploit.

Linux is what you should pentest from. The real skill comes from reading all those RFC's and finding an avenue for a 
potential exploit, fuzzing
web apps, frameworks and exe's etc. hack from a Linux box Understand netcat, perl, the TCP/IP protocol and write your 
own tools and find new
exploits. I don't know your skill level but it is a long road that shifts constantly. I found 
http://www.hackthissite.org a pretty good starter
for web application hacking. It really helps the understanding of web application penetration and SQL injection etc. 
Most hacking these days is
done through the internet. Or socially engineering a user to a spoofed logon page or getting them to download a 
trojaned <insert name of celeb
hearthrob> screen saver or bound codec/pdf. Curiosity kills more cats these days than IIS worms.

Checkout honeynet.org too and perhaps setup a honeynet, that is a good learning exercise and entertaining.

I will happily post to your blog but not if I have to let the javascript and cookies of half a dozen corporations run 
on my box ;-)

good luck
feel free to contact me off list

regards
another security dude based in the UK


ps Virtualbox is cool.

On 12/09/2011 17:04, tentpester wrote:o
> Hi All,
> I'm probably opening myself up for a lot of ridicule here but I thought I
> would share a link to a new blog I've created:
>
> http://tentpester.blogspot.com/ http://tentpester.blogspot.com/ 
>
> The idea behind it is to describe my experiences while attempting to become
> a pen tester. Thought it might be of use to anyone else in the same boat as
> me at some point in the future.
>
> Alternatively it might be good for a laugh for all you professionals! Any
> (constructive!) comments welcome
>
> Cheers


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------