.

To be A pen tester

<<

it experts

Newbie
Newbie

Posts: 4

Joined: Fri Aug 06, 2010 10:46 am

Post Fri Aug 06, 2010 11:06 am

To be A pen tester

To be a pen tester, shall i go for SANS 504 or 560 training and othre than that what is the best book you cab advice me to read before and after the training ??
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Fri Aug 06, 2010 11:12 am

Re: To be A pen tester

Can you let us know your skill level ? this can include degrees, certs, experience, age etc.
It has become appallingly obvious that our technology has exceeded our humanity.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 06, 2010 11:24 am

Re: To be A pen tester

Funny... I just asked 'kind of' similar in response to his other post. 

Please do your best, 'it experts' to find a specific forum section, relative to your needs, and post once, only.  It saves repetition...  additionally, those of us who are regulars on here see posts in ALL forums, anyway, so I can assure you, we'll see it, whichever forum you post it in, and if it's NOT in a proper section, don or the moderators can move it...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

it experts

Newbie
Newbie

Posts: 4

Joined: Fri Aug 06, 2010 10:46 am

Post Fri Aug 06, 2010 12:08 pm

Re: To be A pen tester

Thanks for the reply and sorry for posting the subject twice.

my experience in security is manly with network security, i have lots of certification in this side (CCIE Security, Juniper Specialist, and others) you can say in the security as a (firewall, IPS, VPN, ..etc) i am expert in most of the top vendor.
Also i am expert in information security (I am CISSP, and CISM certified) and I am specialized in ISO 27001.
The week point I have is I do not have any experience in programming  :( .
Related to OS I have little knowledge
I am working as security consultant and would like to enhance my knowledge and be Penetration tester. For the pen testing I know the basic theory part but no hands on experience at all 
My plan is to be a network pen testing then focus on application and DB pen testing. I start reading the bible in network security for Eric Col. And planning to go for SANS training  after 2 months.
Now to achieve my aims to be expert in Pen testing. I need your support and guide of what to do and which training to take (SANS 504, 560)
BTW, my company depends on me to add this service to our customer. So please I do not want to let them down.
I hope thing become clear now :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Fri Aug 06, 2010 12:22 pm

Re: To be A pen tester

No worries, on the duplicate posts... was more or less just noting it, as a common courtesy!  ;)

As for your knowledge range, you've got quite the resume there.  With the knowledge you have, my personal experience says you could go ahead and go with the 560.  I know you said you had little OS or programming experience, but if you truly have achieved CCIE Security and some of the others you've listed, I think you'll be OK, and you can come up to speed, quickly enough, to go at 560. 

Are you looking at vLive, or classroom?  Obviously, the face-to-face experience, especially if you get Ed Skoudis teaching you, would be 'best possible scenario.'  (Not that other instructors or methods wouldn't suffice, as well, just that, coming in, cold, sometimes, having the instructor at your fingertips can be of benefit.) 

Pentesting, full-time, you'll eventually want to delve more into programming and such, as well as learning more of web application and programming languages, but I think the concepts and knowledge you'll need will continue to build, with experience and further education / learning, as you grow with it. 

Now, to be fair, I WILL say, I think you'd have an easier go at either of the SANS courses, if you first had Security+ and / or CEH, and had more fundamental base knowledge specific to this field.  However, again, if you're capable enough to hold the certs you list, I think you'll be alright.

My opinions, anyway...  ;D
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Aug 06, 2010 11:22 pm

Re: To be A pen tester

*sigh*

I swear, whenever I end up responding to a duplicate post, it's always the one that isn't popular.

You really shouldn't have a problem with GPEN. It's more network based than anything, and if you have a CCIE, the material should come to you quickly.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Aug 07, 2010 7:33 am

Re: To be A pen tester

LOL...  Good morning, dynamik!  ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

COm_BOY

User avatar

Full Member
Full Member

Posts: 129

Joined: Tue Feb 03, 2009 10:40 am

Post Sat Aug 07, 2010 11:31 am

Re: To be A pen tester

I would recommend you going for the PWB course by offsec , its way better and cheaper than other courses out there also its not a spoon-fed course and you need to refer to quite a lof of guides/books/tuts inorder to get things settled down so I would say you can enjoy much more in PWB then in GPEN
It has become appallingly obvious that our technology has exceeded our humanity.
<<

it experts

Newbie
Newbie

Posts: 4

Joined: Fri Aug 06, 2010 10:46 am

Post Sat Aug 07, 2010 4:46 pm

Re: To be A pen tester

Thanks all for the reply.

Actually, the 504 course will be run by: Ed Skoudis, and the course 560 by someone else and I am planning to go for SANS in Singapor , I am thinking to take the basic with Ed in 504 and I can continue self study and practice, and since he is the author of 560, defiantly I will get benefit and he will guide me to the right direction. The 560 course will be in London by some one else (that’s why I do not want to take it). Any way my concerns is if I take the 504 course with Ed, can I start doing pen-test for network or I need to attend 560???

Also can you help me in the following?
1. What is the best list of books to start and become expert in pen testing?
2. Any video or other resources  I need?
3. What is the offsec course.

Thanks again for your support and guide.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Aug 07, 2010 5:39 pm

Re: To be A pen tester

While there's a lot of technical overlap between the two courses, they are taught from different perspectives. The difference is responding to someone attacking you and performing the attacks yourself. If you are going to be performing penetration testing, I strongly encourage you to take the 560. It covers other non-technical items that are important for penetration testers to know. Report writing, legal issues, providing value to organizations, etc. You can view a day-by-day breakdown of the topics covered at each course's website. If you cannot attend locally, there are also vLive and On-Demand options where you can take the course remotely.

http://www.amazon.com/Professional-Pene ... 361&sr=8-1 would be a good book to start with.
The day you stop learning is the day you start becoming obsolete.
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Aug 07, 2010 7:02 pm

Re: To be A pen tester

I am currently reading Counter Hack Reloaded, and am finding that it's basically the Sans 560.
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sat Aug 07, 2010 9:04 pm

Re: To be A pen tester

Dark_Knight wrote:I am currently reading Counter Hack Reloaded, and am finding that it's basically the Sans 560.




Is it not to old (2006)?

I never read the book that why I am asking.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Aug 07, 2010 9:39 pm

Re: To be A pen tester

dynamik gives good advice.  If you're looking to do more of the pentesting, then 560 is definitely more along that line, based on what I've heard and read.  (Again, I haven't taken either, yet, so...)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Sat Aug 07, 2010 10:49 pm

Re: To be A pen tester

impelse wrote:
Dark_Knight wrote:I am currently reading Counter Hack Reloaded, and am finding that it's basically the Sans 560.




Is it not to old (2006)?

I never read the book that why I am asking.

Just a tad :) It covers up to windows server 2003. However the attack principles are more or less the same.

To the OP, check out the OSCP offered by offsec. 
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com

Return to GPEN - GIAC Certified Penetration Tester

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software