.

Advice for a newbie please

<<

bigron10

Newbie
Newbie

Posts: 1

Joined: Thu Feb 14, 2008 11:03 am

Post Thu Feb 14, 2008 11:51 am

Advice for a newbie please

Hello,

I'm looking to get started in the world of Penetration Testing with the aim to make it my career. The company I work for has indicated that it may be able to help out with training and finances as part of my development as they are looking to bring some pen testing in house but while this is being sorted I'd like to put myself in the best possible position.

I currently work as a manual tester and am mainly involved in testing UNIX server software and applet based GUI's. I have a good working knowledge of UNIX (currently use Solaris) and SQL as well as VB. I have also dabbled with Linux at home.

So far I've browsed the forums here as well as looking at the Offensive Security and Remote Exploit websites. I've downloaded and just started playing with BackTrack 2 as well as begun readig a book on pen testing (can't remember the title). I've also ordered a book on TCP/IP (TCP/IP: Jumpstart by Andrew Blank) as I've read a good knowledge of networking is fundamental.

Can you suggest anything else in terms of websites/books/free or cheap online courses that I can be looking at that will help my progress. Also, can you recommed the best certsto be looking at for when I get something sorted through my work.

Thanks in advance
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sat Feb 16, 2008 1:25 pm

Re: Advice for a newbie please

Hello bigron10 & welcome to the site.

Well your starting off in a good place. There's alot of knowledge offered in this forum. I suggest taking the Offensive Security 101 v2 Course. As for some books that might help you out in furthering your study, you may want to check the Book Review Section offered on the forum. Links below:
http://www.ethicalhacker.net/component/ ... oard,10.0/
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

Dengar13

User avatar

Sr. Member
Sr. Member

Posts: 380

Joined: Tue Sep 20, 2005 8:43 am

Location: The Steel City

Post Sun Feb 17, 2008 9:53 am

Re: Advice for a newbie please

Yes, welcome to this site!  I agree with KrisTeason, this is an excellent place to start and a lot of people here are quite knowledgeable and are willing to help out.

Two books I highly recommend to you are:  Hacking for Dummies and Hacking Exposed (pick your poison).

Again, welcome to the forum.  ;D
A+, Net+, MCP, CEH
MCSE: Security/Messaging
MCSA: Security/Messaging
Former U.S. Marine and damn proud of it!
<<

kabal

Newbie
Newbie

Posts: 4

Joined: Sun Feb 17, 2008 1:30 pm

Post Sun Feb 17, 2008 2:17 pm

Re: Advice for a newbie please

i found that if you want to make Pentesting your main carreer, you need some MAJOR experience with all and yes i mean ALL technologies out there.

The serious Consultants have 5-10 years experience minimum and have all certs thinkable.

I think you just scratched the surface in knowledge you are trying to aquire. My advice is make a long term plan and stick to it and get a firm base FIRST.
TCP/IP books are very boring to read. My experience with Cisco courses is very good. You start off with a CCNA cert and is very accesible for everyone and you get tons if detailed info on TCP/IP and other major protocols.
To be a security expert you need expert knowledge on major operating systems. And SQL seems to be THE html of the future. lol

I hope you dont think im too pessimistic  but there is a lot of info out there to assimilate....lol.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Feb 19, 2008 4:35 pm

Re: Advice for a newbie please

This might seem like I am being sarcastic at first glance, but I am not at all. Perhaps the very first skill to learn in hacking is Google!  Seriously. If you really know how to use it beyond the norm, its amazing what you can find. Not only is there so much info available on how to hack, but you can locate a large amount of sensative data. So much so that Bill Gates had mentioned one time Google should be out lawed! You can even locate vulnerable servers to attack. 

This is a good site to spend some time on:

http://johnny.ihackstuff.com/forums/ind ... 7f026f2f76
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Feb 19, 2008 5:32 pm

Re: Advice for a newbie please

Kev's 100% correct. You'd be suprised all the information you could find on Google. Along with the link that Kev provided, you may want to look into the book entitled "Google Hacking for Penetration Testers" - I've provided a link below:
http://www.amazon.com/Google-Hacking-Pe ... 1931836361
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Wed Feb 20, 2008 10:56 am

Re: Advice for a newbie please

kabal wrote:
..snip..

And SQL seems to be THE html of the future. lol

../snip



Not to get nitpicky, but I wouldn't want someone mislead.  SQL really has nothing to do with HTML.  SQL is a database technology (MS-SQL, MySQL, Postgresql, etc) and lives on the back end.  Data in SQL is accessed through programming languages such as PHP, Perl, Python, Ruby, etc.  HTML and SQL actually don't communicate at all.  Code can be embedded (server side includes) in HTML to poll SQL databases, but HTML has nothing in the markup language to work with databases.

Just wanted to clear that up.
Poking at security since 1986.  +++ATH
<<

bigwhiff

Newbie
Newbie

Posts: 14

Joined: Mon Jan 28, 2008 2:29 am

Location: Alaska

Post Wed Feb 20, 2008 2:41 pm

Re: Advice for a newbie please

Rance while you are correct in your explanations of HTML and SQL I think you missed the point.  I think the assertion is that with so many dynamic web sites pulling from back end databases SQL information is replacing flat HTML web page development.  If I got your point wrong Kabal let me know.
Jack Campbell
CCNP CCDP GCIH GHTQ C|EH
http://secauditor.wordpress.com
<<

kabal

Newbie
Newbie

Posts: 4

Joined: Sun Feb 17, 2008 1:30 pm

Post Thu Feb 21, 2008 5:24 pm

Re: Advice for a newbie please

thx Bigwhiff, that was exactly what i meant.lol. I almost thought i was on the wrong forum.  ;-)
Even HTML can be generated straight from the database. Dont forget all kinds of database-injection techniques and cross-site-scripting
Last edited by kabal on Thu Feb 21, 2008 5:31 pm, edited 1 time in total.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software