January 7, 2015 at 9:36 am #8778SephStormParticipant
I found this post on LinkedIn, I thought it would be interesting to share for anyone who is interested:
A lot of people have been asking what it takes to start getting into pen testing and how to go about getting started. I have seen others post on this as well but the questions keep being asked, so either people don’t know how to use the Googles or don’t understand what they are reading. So instead of writing a giant paper on it again I will just post the Q&A from my previous discussions.
Q. What skills do I need to know to become a pen tester?
A. This is really a very vague question. I feel to truly be great at pen testing you have to have a good understanding of all the disciplines in Cyber. Don’t worry though if you don’t, because no one masters them all. For example, a programmer is going to be able to have a better understanding of the exploits and how they work. They will excel when it comes to tailoring an exploit for a custom scenario (ie. changing the name pipe because a AV catches the exploit in its current state). A network admin would have a better understanding of the networks it operates in and be able to have a better understanding of why the network was built the way it was. He will excel at finding the high value targets and understanding admin methodologies.
Q. Where do I go to get started?
A. PTES is a great starting point. (http://www.pentest-standard.org/index.php/Main_Page) This gives you a layout of how the pen test should go and what should be completed at each step. It does not reference tools because as we all know, tools come and go, and can be replaced on the fly.
Q. What do I need to get started?
A. First off you need a client, this can prove to be the toughest part as with most clients they will want to see a portfolio. “Pro Bono” work is always a good start. Once you have the client you will need to draft up a Scope Of Work, the easiest way to do this is send them a questionnaire to find out what they are wanting out of the pen test. I have found best to keep it to a small number of questions and keep the questions a simple as possible. Once you have a signed Statement Of Work from the client then you can get into the pen testing.
For the actual testing I have found using a decently fast laptop to be the best for starting off, I would recommend at least 16gig ram (do to VMs and testing), an I7 or equiv processor, and lots of storage. As you grow you can move things off to servers and off load the processing. For wireless engagements you will need a card that can inject traffic, just beware. Software you will need (trying to keep costs cheap)… VirtualBox, KaliLinux, Windows Box (recommend 8.1 or something running latest version of PowerShell).
You will need something to hold all you data in a centralized point. I recommend LAIR by fishnetsecurity. Mainly because it is free and supports reading data in from MSF, NMAP, BURP, NEXPOSE, NESSUS, WireShark, p0F, and easily expandable to support others. A pricey alternative is MSF Pro.. you can get a free trial to check it out … it is great.
Q. What other tools should I be familiar with?
A. There are so many and everyone has their own arsenal. But here is mine which will focus on pricing.
Central Database: LAIR by FishNet
Scanner: NMAP with NSE scripts, NC for bannering, MSF for vulnerability
Exploitation: MSF, CobaltStrike
Social Engineering: WhiteLightning (google WhiteLighning Bryce Kunz), setoolkit, BlackSquirrel.io
Persistence: ThrowBack (google ThrowBack BlackHat), Beacon (CobaltStrike), PoisonIvy (This is used by hackers alot, gets flagged alot, but is pretty easy to use and great for showing what hackers can do to a network)
Enumeration Tools: Skys the limit, I find searching github to be the best for one off tools. Mine is https://github.com/Cr0n1c and has custom stuff I use as well as forks from others.
January 7, 2015 at 6:50 pm #54077impelseParticipant
Good explanation, that question is over and over.
- You must be logged in to reply to this topic.