.

What do you think it takes to be a Pen Test Ninja?

<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Thu Jul 01, 2010 4:10 am

What do you think it takes to be a Pen Test Ninja?

What do you guys think you need to know or be to be a Pen Test Ninja?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Thu Jul 01, 2010 8:28 am

Re: What do you think it takes to be a Pen Test Ninja?

Everything :lol:

Programming, Windows and *nix systems, networking, web apps, databases, etc.
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Thu Jul 01, 2010 9:05 am

Re: What do you think it takes to be a Pen Test Ninja?

dynamik wrote:Everything :lol:

Programming, Windows and *nix systems, networking, web apps, databases, etc.


<ramble>
Jesus... I've been going through AT&T syntax Assembly now for a few months interspersed with JNCIS-SEC (fast track leisure study) and a hodge-podge of other things... Definitely time consuming.
</ramble>

I'd have to say the following in order:

Operating Systems
Networking
Creativity
Programming
Applications
Databases

Operating Systems
Operating systems - You'd want to obviously know your way around most common operating systems. Any and all you can learn is beneficial. I had to puke RACF stuff for a while as it wasn't commonly used. I suggest for *nix based systems, familiarizing yourself with Rosetta Stone (http://bhami.com/rosetta.html). For Windows - whatever you can get your hands on. I'm definitely not as strong as I should be for Windows based systems from the administrative side however, from the compromise side I have no problems.

The difference in this (strength/weakness) is, on a *nix box, I'm versatile and stealthy. Penetration comes easier believe it or not via way of system administration. I'm familiar with the system itself. I know what perms, groups, filetypes, etc., to target. On a Windows machine there are many variables many don't take into account (DLL's, OCX, misconfigured groups, etc.)

Networking
If you don't know HOW it's connected. HOW would you know how to escalate throughout the network. Understanding networking topology, traffic patterns, packets, etc., can save you an enormous amount of time and resources not only from a penetration testing perspective, but also from a troubleshooting perspective. Imagine performing a pentest WITHOUT the usual network enumeration tools (netmap, hping, etc.) Can you garner information about another machine? How? TTL, Window Size, DF and TOS are your friend. Each OS has their own parameters, e.g.:

Linux 2.2.x TTL 64 Window Size 32120 DF n TOS 0
Windows 9x/NT TTL 32 Window Size 5000 thru 9000 DF Y TOS 0

This is information that could be gathered using tcpdump, Wireshark... *Sniffer of choice* without having to run nmap. So think about this for a moment... Do you ALWAYS need to use NMAP? Not really. Versatility!

Creativity
Life is too short, yet too long to be doing the same old same old. Use your brain and have fun with what you do. Don't be afraid to break from the herd and try out your own thing from time to time.

Programming
Must... Any language, any time, all the time. Pick your poison. Don't let zealots stop you from learning a particular language. Each has their own pro and cons and I don't believe any specific one is better than another. There are preferences. I use a combination of perl, python, expect, shell and ruby for "scripting" and automation. Depending on what I need done, I pick one suitable for the moment. From a pentest perspective, you may need to be this versatile. For example, suppose on a pentest you escalate to a machine where you don't have a specific language - say perl or python... Then what? Can you accomplish your task with normal system commands, awk, sed, etc?

From a "security research" point of view... Assembly (at least understanding it) helps immensely if you're into bug hunting, creating oh day, etc.

Applications
You don't necessarily need to be a grandwizard in applications however, I suggest learning about the OSI layer instead and understanding at which intersection do programs play with each other. Session Layer, Presentation Layer, Application Layer. Each has a distinct role at the end of the day and each WILL have a weakness.

DB/SQL
Personally, I feel this falls into programming. SQL syntax is pretty common across the board. Setting out to study say Oracle would be a full time job. Not to mention, for that might as well become an Oracle DBA (they make a killing!). I say, understand the general syntax.

Last but not least... Again, have FUN with what you learn. If you're doing it solely for the money, you'll fail. Sure there is money to be made as a pentester, security professional, ethical hacker, NAME_YOUR_ROLE however, when you're passionate about what you do and you enjoy it, you're likely going to retain more of what you learn and it will become easier to accomplish what you set out to do.
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Sun Sep 05, 2010 4:07 am

Re: What do you think it takes to be a Pen Test Ninja?

Thanks again for the information above Sil, you are on the same lines at Keatron.  For those interested check out what he thinks at the link below..

http://resources.infosecinstitute.com/i ... n-testing/
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Sun Sep 05, 2010 8:05 pm

Re: What do you think it takes to be a Pen Test Ninja?

As a bit of completely shameless self promotion, you could always check out the book that Tom and I wrote  ;D

http://www.amazon.com/Ninja-Hacking-Unc ... 970&sr=8-1

It'll be out toward the end of this month.
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Mon Sep 06, 2010 3:51 am

Re: What do you think it takes to be a Pen Test Ninja?

mmm.... interesting...

Maybe we could get one of the guys on EH to review it?
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Mon Sep 06, 2010 1:18 pm

Re: What do you think it takes to be a Pen Test Ninja?

jason wrote:As a bit of completely shameless self promotion, you could always check out the book that Tom and I wrote  ;D

http://www.amazon.com/Ninja-Hacking-Unc ... 970&sr=8-1

It'll be out toward the end of this month.


I know I'm looking forward to getting it. It's just going to be a while before I get to read it. Still trying to find time to read Tom's build a lab book.
OSWP, Sec+
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Sep 06, 2010 11:18 pm

Re: What do you think it takes to be a Pen Test Ninja?

I read this post but I did not pay atention to this book.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Tue Sep 07, 2010 2:07 am

Re: What do you think it takes to be a Pen Test Ninja?

@impelse

It does look good though doesnt it....:)
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Sep 07, 2010 8:00 am

Re: What do you think it takes to be a Pen Test Ninja?

Yes, it looks a nice book to read.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Tue Sep 07, 2010 3:41 pm

Re: What do you think it takes to be a Pen Test Ninja?

Operating Systems
Networking
Creativity
Programming
Applications
Databases


@Sil: A few months ago, I would have been shocked to see "creativity" in third place. But now, I almost feel it should be in second place... (I miss a lot of that...)

For Operating Systems, what would you say is better: Know about 20% of 10 different OS or knowing very, very well Windows and Linux/Unix? (Although Windows XP and Windows 2008 Server are quite different!)

I ask this question because I know Windows and Linux "enough", maybe 50% of each. I am about to get my hands durty with FreeBSD and then focus more on the network side (online Cisco courses!!).

While this is certainly not a waste of time, could I use my time on more important things? (it depends of course, but still...)
Last edited by caissyd on Tue Sep 07, 2010 3:43 pm, edited 1 time in total.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Sep 07, 2010 4:28 pm

Re: What do you think it takes to be a Pen Test Ninja?

You should put a proportionate amount of emphasis into whatever OS based on how much you work with it (or anticipate you'll work with it). The majority of our customers make heavy use Windows-based OSes and hardly any use Solaris. Guess which one I know pretty well and which one I ask stupid questions about on online forums.

That's not to say you shouldn't learn new things and broaden your horizons just for the sake of increasing your knowledge, but it would be foolish to gloss over things that are immediately beneficial or necessary for the sake of doing so. As you said, "it depends."
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Sep 07, 2010 8:21 pm

Re: What do you think it takes to be a Pen Test Ninja?

H1t M0nk3y wrote:"For Operating Systems, what would you say is better: Know about 20% of 10 different OS or knowing very, very well Windows and Linux/Unix?"


Seriously a tough call here so I will explain my take on this. For what it's worth and where it counts more, I say *nix based systems with my reasoning for this answer following.

Browse over to Netcraft and have a look at what most Fortune 100's are running. Take a pick at a specific industry and have a serious look at what's powering them. If you answered Windows + MSSQL, you're way off base.

Oracle + Linux or Solaris move data around for some of the biggest companies on the planet. Citigroup - Solaris, Major League Baseball which pushes some serious databases, Solaris + Oracle,

Chase - Solaris
http://searchdns.netcraft.com/?host=chase.com&x=0&y=0

Citibank - Solaris
http://searchdns.netcraft.com/?restrict ... on=limited

Bank of America - Solaris
http://searchdns.netcraft.com/?restrict ... on=limited

Chevron - Linux
http://searchdns.netcraft.com/?restrict ... on=limited

AT&T - Linux
http://toolbar.netcraft.com/site_report ... ww.att.com

And the list goes on. This is not to say that Windows isn't used, but it's not truly used where the cash is flowing. This is where you'd want your client-base, where they won't balk at your fees as a pentester. Government work? Solaris + Other nix variants all the way.

With that said, this is the server side. Where the most precious data is housed/stored/transmitted. In the office environment, Windows rules but the harsh reality is, somewhere along the lines you WILL need to know *nix based systems. So ask yourself, do you want to pentest a webserver or some local desktops for a "fistful of dollars" or would you rather go with where you'll not only earn some serious money, but get around to playing with "big boy toys"
<<

T_Bone

Full Member
Full Member

Posts: 199

Joined: Sat Feb 21, 2009 7:11 am

Post Wed Sep 08, 2010 3:20 am

Re: What do you think it takes to be a Pen Test Ninja?

I know this response is not within the scope of this thread but just have to say.. SIL is like a god... everywhere I see a post from SIL on EH I just have to read it even if I am not specifically interested in the topic  :)... what does SIL stand for SECURITY I LIVE?
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Wed Sep 08, 2010 8:28 am

Re: What do you think it takes to be a Pen Test Ninja?

Oracle + Linux or Solaris move data around for some of the biggest companies on the planet. Citigroup - Solaris, Major League Baseball which pushes some serious databases, Solaris + Oracle,


That's exactly what I though. In the government, I have seen many internal servers using Windows/MSSQL Server while their internet facing boxes have Solaris, Linux or AIX, all backed by Oracle.

But what about FreeBSD, OpenBSD and NetBSD? Have you seen them at least a little bit around? I haven't...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
Next

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software