The Ethical Hacker Network - Help me understand

Preestar

Newbie

Offline

Posts: 14

Help me understand

« on: September 24, 2011, 04:09:45 PM »

First off, hello all I have some questions about what skills network pen testers have to have and which you need to be able to do you job effectively.

Should I be learning programming? Can a network pen tester find exploits in a network, fix them and know how to avoid more attacks in the future or would that require the pen tester to know a programming language, write some code and apply the fix?

A prime example are a group such an anonymous or lulzsec who hack into networks and websites, gain access to databases and all sorts.

When I think of programming I think of making applications but with so many applications out there already, why would you need to make your own?

I think 90% of hackers exploit websites in order to get into servers and databases? So maybe a strong understanding of a web based language would be good to learn so I can search for exploits, patch them and avoid more attack in the future?


	Logged

Preestar

Newbie

Offline

Posts: 14

Re: Help me understand

« Reply #1 on: September 26, 2011, 07:25:00 AM »

Anybody?


	Logged

cd1zz

Recruiters
Hero Member

Offline

Posts: 561

Re: Help me understand

« Reply #2 on: September 26, 2011, 10:29:45 AM »

This is a very common question on the forums. Do some searching and pay particular attention to Sil's post. He's spent time compiling a long list of what you need.


	Logged

OSCE | OSCP | GXPN | OSWP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com

3xban

Hero Member

Offline

Posts: 608

Re: Help me understand

« Reply #3 on: September 26, 2011, 11:04:50 AM »

Good short answer, in my opinion, a good pen tester should have experience in many disciplines since it is never known what you will be asked to do. As for remediation, absolutely, if you discover vulnerabilities that are exploitable then your report should include steps to fix or prevent exploitation of the vulnerabilities. Some are not simply fixed by patching but configuration. As for knowing how to program, well knowone expects you to code Operating systems, but if you have that knowledge on top of networking and web app testing, well you may have a pretty good arsenal to throw at the environment. I think now-a-days most IT security folk come from one background or another, there are few that come right out of gates as security pros. Though if we were all doing our first jobs correctly, many of us could say we've been practicing security for how ever many years. But now we get to concentrate on it and our opinions tend to mean more to management when they come from someone with a Security title.

So learn some code, learn about networking and learn your systems. Learn how to use some tools to help you figure out the best path of exploitation. Learn how to hack people. If you are lucky enough to be part of a pen testing team, well then you can concentrate more on an aspect of the job.

And yes, anything posted by Sil is always worth the read. He has a great writeup on getting into ethical hacking.


	Logged

Certs: GCWN
(@)Dewser

WCNA

Full Member

Offline

Posts: 187

Re: Help me understand

« Reply #4 on: September 26, 2011, 12:19:19 PM »

Your question is similar to "what skills does an administrator need"?

And the answer is- It depends. There are a lot of specialties already and it is becoming more specialized every day. Networking? Wireless? Database?

Web applications? Learn programming...but what programming? ASP, Cold Fusion, SQL, AJAX?

As pointed out, pentesters usually have a wide range of experience with specializations in certain areas.


	Logged

ISC2 Associate, WCNA, CWNA, OSCP, Network+

YuckTheFankees

Sr. Member

Offline

Posts: 324

Re: Help me understand

« Reply #5 on: October 10, 2011, 07:28:34 PM »

Ever since I started my pentesting/ Info Assurance journey, I feel like the list of stuff you need to know is endless. I thought "hey, Ill learn to hack in a year, get some certs, then bam! job here I come". Wow, was I sadly mistaken. There is so much to learn and the learning never stops.

Once I started learning about exploits, I needed to learn programming and assembly language (which doesnt happen over night). And to go along with WCNA, there are so many different types of languages..you need to figure out exactly what you want to do, then someone can tell you whats the best language to learn.


	Logged

OSCP in progress

rance

Full Member

Offline

Posts: 212

Re: Help me understand

« Reply #6 on: October 11, 2011, 03:26:03 PM »

Quote from: YuckTheFankees on October 10, 2011, 07:28:34 PM

There is so much to learn and the learning never stops.

This statement is true. Very, very true. I usually tell people they need to know a little bit about everything.


	Logged

Poking at security since 1986. +++ATH

impelse

Hero Member

Offline

Posts: 565

Re: Help me understand

« Reply #7 on: October 11, 2011, 05:30:08 PM »

I begin three years ago:

Go deep in windows servers
Security and Cisco certifications
I read somebooks about pentest (I never did one outside of my lab yet).
Now Linux
Later some programing and script
After some scripting/programming OSCP
Everytime I said, I need to learn more of this......


	Logged

CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/

millwalll

Guest

Re: Help me understand

« Reply #8 on: October 13, 2011, 05:17:28 AM »

I agree this has been answered so many times and there are lots good resources about.

However
having some programing languages skills would be good
Understanding TCP/IP
OSI 7 layer model
over a good understanding of kit like CISCO stuff windows,Linux etc
Understanding and being able to use tools like nmap, wireshark etc


	Logged

Pages: [1] Go Up

« previous next »