February 5, 2012 at 9:59 pm #7326DetermParticipant
Penetration testing covers lots of different segments (WiFi, SE, Web app, …). I have been wondering, have anyone specialized himself for doing only one niche pen test segment (For example only RFID or only one type of web app; biometric access control etc.).
Being (black-box) expert and most of the time pursue only one niche segment of pen testing could be beneficial.
February 6, 2012 at 9:42 am #45764AnonymousParticipant
I think pen tester have wide range of skills learning a demanding area and being really good at that is all well and good but the jobs tents to require you to be more flexible. However if you can learn a skill that will be in high demand it cant hurt
February 6, 2012 at 1:36 pm #45765MaXeParticipant
Try to have a good base within most areas, esp. the practical ones if you’re going to do real penetration testing and not just audits where you have a checklist and full access to the computers.
With that base, specialize in one topic, not something as small as “RFID” only, but rather Exploit Development (programs), Web App Sec (websites), Reverse Engineering (e.g., RFID but also other things), Malware Research (this includes reverse engineering, at least at a basic to preferably intermediate level), Social Engineering (“human hacking”), Wireless Security, Mobile Security, and so forth.
You can also specialize in the more theoretical part that includes reading tons of RFC’s about e.g., how protocols, like TLS and SSL works along with all the other protocols, so you can e.g., instantly spot if a protocol has been incorrectly implemented in embedded devices such as mobile phones. (Just an idea.)
It’s impossible to know everything for starters, and we all have our blind spots as you should also know about technology (e.g., server architecture) in general, meaning that having a good base around computers, is a good idea.
If you’re really good, then you can specialize in just one topic, but then you have to focus on that and only take the basics of the other areas in to aid you with your specialization and e.g., expand upon that. Being really good means you know pretty much everything there is to know about a topic on at least a basic level, and then have a lot of knowledge on intermediate level, but also some expert knowledge that perhaps you’ve discovered yourself through research, which often takes from a week to several months (or longer).
Becoming the “basic hacker” that just runs tools, is something almost anyone can become nowadays with so many resources available, videos, very good books, a huge set of tools that hasn’t always existed (except nmap? ;D ), etc. Two teens in my home country recently discovered a gaping security hole in a program used for printing or system info, within this program was the master password to the entire infrastructure that control the entire school system, and these two teens are 14 years old.
Often I consider myself as a noob when I compare myself with those that almost speaks gibberish to me, because it’s on such a high level that I have trouble keeping up, one area where I’m honestly somewhat blank is kernel overflows in Windows, and diffing binaries such as Windows patches, where an introduced part of assembly fixes the problem, but the complete meaning is hard to get.
Another would be reading the entire WiFi IEEE specs, and e.g., discover Hole 196, it’s stuff like this that is either: “How the.. Did they discover this?” or “I wish I knew what all this meant” (and sometimes I sit for hours reading about various topics in e.g., a blog post, trying to understand the inner workings of certain topics that’s outside my area of expertise.)
It’s just my 2 cents for the day 🙂
February 6, 2012 at 3:46 pm #45766TribanParticipant
I would think you can specialize in say Wireless communications, this would include Wi-Fi, Bluetooth and RFID. But like MaXe said, you would still need to have a much broader understanding of other topics to be a good pen tester. Otherwise you may be out of work a lot if SOWs don’t include Wireless testing. If you work for a larger company, the specialization may be more useful. But trying to freelance, it may be much more difficult to get work.
February 7, 2012 at 12:22 pm #45767DetermParticipant
Exactly what Maxe point out … for example, reading RFCs and being expert in one or few protocols is my point of topic. I have done some team-work pen tests and what I can say is, that there are a lot of basics, working with out-of-box tools, using msf, core impcat, nessus. I think those tools should be used by security engineers inside company.
I would think you can specialize in say Wireless communications, this would include Wi-Fi, Bluetooth and RFID.
I don’t think so. Wireless communications are much more than Wi-Fi, BT etc. For example, there are some known attacks on GSM and GPRS. You can attack it with available technology but this is not black-box expertises. Being that mean, that you can built your own attacks or slightly diverse current attacks. Both demand great knowledge in cryptography (specially in stream ciphers), cryptanalysis and also sound knowledge in physical quantities.
But trying to freelance, it may be much more difficult to get work.
This can be a matter of discussion. Anyway I think that being black-box http://en.wikipedia.org/wiki/Black_box expert should give you more work as freelancer.
- You must be logged in to reply to this topic.