To be A pen tester

Viewing 13 reply threads
  • Author
    Posts
    • #5440
      it experts
      Participant

      To be a pen tester, shall i go for SANS 504 or 560 training and othre than that what is the best book you cab advice me to read before and after the training ??

    • #34363
      COm_BOY
      Participant

      Can you let us know your skill level ? this can include degrees, certs, experience, age etc.

    • #34364
      hayabusa
      Participant

      Funny… I just asked ‘kind of’ similar in response to his other post. 

      Please do your best, ‘it experts’ to find a specific forum section, relative to your needs, and post once, only.  It saves repetition…  additionally, those of us who are regulars on here see posts in ALL forums, anyway, so I can assure you, we’ll see it, whichever forum you post it in, and if it’s NOT in a proper section, don or the moderators can move it…

    • #34365
      it experts
      Participant

      Thanks for the reply and sorry for posting the subject twice.

      my experience in security is manly with network security, i have lots of certification in this side (CCIE Security, Juniper Specialist, and others) you can say in the security as a (firewall, IPS, VPN, ..etc) i am expert in most of the top vendor.
      Also i am expert in information security (I am CISSP, and CISM certified) and I am specialized in ISO 27001.
      The week point I have is I do not have any experience in programming  🙁 .
      Related to OS I have little knowledge
      I am working as security consultant and would like to enhance my knowledge and be Penetration tester. For the pen testing I know the basic theory part but no hands on experience at all 
      My plan is to be a network pen testing then focus on application and DB pen testing. I start reading the bible in network security for Eric Col. And planning to go for SANS training  after 2 months.
      Now to achieve my aims to be expert in Pen testing. I need your support and guide of what to do and which training to take (SANS 504, 560)
      BTW, my company depends on me to add this service to our customer. So please I do not want to let them down.
      I hope thing become clear now 🙂

    • #34366
      hayabusa
      Participant

      No worries, on the duplicate posts… was more or less just noting it, as a common courtesy!  😉

      As for your knowledge range, you’ve got quite the resume there.  With the knowledge you have, my personal experience says you could go ahead and go with the 560.  I know you said you had little OS or programming experience, but if you truly have achieved CCIE Security and some of the others you’ve listed, I think you’ll be OK, and you can come up to speed, quickly enough, to go at 560. 

      Are you looking at vLive, or classroom?  Obviously, the face-to-face experience, especially if you get Ed Skoudis teaching you, would be ‘best possible scenario.’  (Not that other instructors or methods wouldn’t suffice, as well, just that, coming in, cold, sometimes, having the instructor at your fingertips can be of benefit.) 

      Pentesting, full-time, you’ll eventually want to delve more into programming and such, as well as learning more of web application and programming languages, but I think the concepts and knowledge you’ll need will continue to build, with experience and further education / learning, as you grow with it. 

      Now, to be fair, I WILL say, I think you’d have an easier go at either of the SANS courses, if you first had Security+ and / or CEH, and had more fundamental base knowledge specific to this field.  However, again, if you’re capable enough to hold the certs you list, I think you’ll be alright.

      My opinions, anyway…  ;D

    • #34367
      dynamik
      Participant

      *sigh*

      I swear, whenever I end up responding to a duplicate post, it’s always the one that isn’t popular.

      You really shouldn’t have a problem with GPEN. It’s more network based than anything, and if you have a CCIE, the material should come to you quickly.

    • #34368
      hayabusa
      Participant

      LOL…  Good morning, dynamik!  😉

    • #34369
      COm_BOY
      Participant

      I would recommend you going for the PWB course by offsec , its way better and cheaper than other courses out there also its not a spoon-fed course and you need to refer to quite a lof of guides/books/tuts inorder to get things settled down so I would say you can enjoy much more in PWB then in GPEN

    • #34370
      it experts
      Participant

      Thanks all for the reply.

      Actually, the 504 course will be run by: Ed Skoudis, and the course 560 by someone else and I am planning to go for SANS in Singapor , I am thinking to take the basic with Ed in 504 and I can continue self study and practice, and since he is the author of 560, defiantly I will get benefit and he will guide me to the right direction. The 560 course will be in London by some one else (that’s why I do not want to take it). Any way my concerns is if I take the 504 course with Ed, can I start doing pen-test for network or I need to attend 560???

      Also can you help me in the following?
      1. What is the best list of books to start and become expert in pen testing?
      2. Any video or other resources  I need?
      3. What is the offsec course.

      Thanks again for your support and guide.

    • #34371
      dynamik
      Participant

      While there’s a lot of technical overlap between the two courses, they are taught from different perspectives. The difference is responding to someone attacking you and performing the attacks yourself. If you are going to be performing penetration testing, I strongly encourage you to take the 560. It covers other non-technical items that are important for penetration testers to know. Report writing, legal issues, providing value to organizations, etc. You can view a day-by-day breakdown of the topics covered at each course’s website. If you cannot attend locally, there are also vLive and On-Demand options where you can take the course remotely.

      http://www.amazon.com/Professional-Penetration-Testing-Creating-Operating/dp/1597494259/ref=sr_1_1?ie=UTF8&s=books&qid=1281220361&sr=8-1 would be a good book to start with.

    • #34372
      Dark_Knight
      Participant

      I am currently reading Counter Hack Reloaded, and am finding that it’s basically the Sans 560.

    • #34373
      impelse
      Participant

      @Dark_Knight wrote:

      I am currently reading Counter Hack Reloaded, and am finding that it’s basically the Sans 560.

      Is it not to old (2006)?

      I never read the book that why I am asking.

    • #34374
      hayabusa
      Participant

      dynamik gives good advice.  If you’re looking to do more of the pentesting, then 560 is definitely more along that line, based on what I’ve heard and read.  (Again, I haven’t taken either, yet, so…)

    • #34375
      Dark_Knight
      Participant

      @impelse wrote:

      @Dark_Knight wrote:

      I am currently reading Counter Hack Reloaded, and am finding that it’s basically the Sans 560.

      Is it not to old (2006)?

      I never read the book that why I am asking.

      Just a tad 🙂 It covers up to windows server 2003. However the attack principles are more or less the same.

      To the OP, check out the OSCP offered by offsec. 

Viewing 13 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2021 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?