.

I wanna realize it

<<

pushaaaz

Newbie
Newbie

Posts: 11

Joined: Fri Jan 27, 2012 10:47 am

Post Fri Jan 27, 2012 11:23 am

I wanna realize it

Hi everybody, im new here. Im a student (21 years old) and studying Computer Science at University of Trento Italy. I subscribe to this forum today after i've read some topics and i think this could be the right place to ask some questions (and continue to follow the forum's topics).

I graduate this summer and before to start the master (3-4 months) i wanna try to get a certification in penetration testing. My background is "normal" like a IT graduate, but i focused more, in the last months, on studying C and Networks. Unfortunately i've never learned scripting language (during university i not found the extra-time to study it, and here there arent courses). 
I wanna ask you if there are any chance to get a certification in pentesting with my background. I saw a lot of certifications, but i dont know if i could be ready for these.
I think maybe eccpt could be the first step (cheaper than other and seem good) but someone told me that opst is better. (i dont know, need an advice)

Another idea was to try to find an internship/apprenticeship (in penetration testing) somewhere in Europe (to improve my english too), but the issue is: who want me? im not a professionist pentester or network IT manager or something like that.

I dont know what to choose, i only know that i want to start to become a penetration tester but i dont know HOW. Needs advices, help me  :P

(ps: sorry for my bad english)
<<

pushaaaz

Newbie
Newbie

Posts: 11

Joined: Fri Jan 27, 2012 10:47 am

Post Fri Jan 27, 2012 11:26 am

Re: I wanna realize it

ps2: i've just started to study something about: man in the middle, how to use bt5, metasploit, and stuff like that. A few theory too. Is not so easy but im understanding all since now good or bad at conceptual level.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Jan 27, 2012 12:18 pm

Re: I wanna realize it

Ciao, Pushaaz. Welcome to the forums!

Before diving into pen testing, you should obtain a solid foundation in whatever technologies you're interested in (systems, networking, web apps, etc.). You're really going to be selling yourself short if you just learn how to use tools without having a solid understanding of why they work the way they do. A good approach is to start with systems/networking administration > take on additional security responsibilities > transition into a full-time security role.

Also, the Italian hacker community seems to be fairly active. You should look around for local events and people in your community. One of my colleagues (@jekil) runs http://www.lonerunners.net/, and his HostMap tool is featured in the eLearnSecurity course.

Speaking of which, I assume you're aware that eLearnSecurity is run by Italians. You might want to try getting a hold of Armando and see if he can't provide any direction for you.

To answer your other question, the OSCP course goes a bit more in-depth, and the exam is more challenging, than eLearn, but eLearn is still a great value for the money and is likely a better starting point for beginners.

P.S. Your English is pretty good :)
The day you stop learning is the day you start becoming obsolete.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Fri Jan 27, 2012 3:06 pm

Re: I wanna realize it

I'm currently working through eLearning and it is a decent course.  But like Dynamik said, shoot for getting a solid base in the areas that interest you most.  The best pen testers are the ones who understand how an organization is going to use the systems.  Mostly because they used to be that System admin or web master they are currently testing against.

If you like networking, look into following a Cisco track for further study.  Look into what types of vulnerabilities are out their for routers and such.  Get a job as a network admin of even helpdesk.  Gotta start somewhere and the tools will only get you so far.  The better your understanding the more useful the tools are.

Its like how I used to teach the teachers in my first job on how to build a website.  I taught them the basics of HTML coding and explained that the more you know about the code the easier it will be to tweak it.  Then you can use the apps like Frontpage (it was over 10 years ago :p ) or Dreamweaver to build your base site and then use your knowledge of code to tweak the particulars or add some nifty features.

Good luck and welcome to EH.NET.
Certs: GCWN
(@)Dewser
<<

pushaaaz

Newbie
Newbie

Posts: 11

Joined: Fri Jan 27, 2012 10:47 am

Post Fri Jan 27, 2012 6:14 pm

Re: I wanna realize it

Thanks for your answers :).. Well i'm not sure if my right direction will be networking or system, maybe both eheh. Anyway actually i'm doing an internship for University, i've to set a system using ntop and netflow probe to capture flows/packets and than after 2-3 months i'll have to analyze all the graphs and stats of ntop. I think is really interesting and i'm sure that anyone learn more at work then studying only. My network-base is not so bad i think, i know how many of the "well-known" protocol works but maybe your right saying i have to build myself a stronger background working during summer. Anyway i'll use the master course at University to understand better what's right for me and what i like. However i start to read tcp/ip illustrated (1-2-3 vol. Stevens) maybe could be a good start :).

However when i try to use some tools i know the concept and what i can do with this, but often i not realize the step-by-step process beyond the tool (I know the process in general but not "specifically specifically").

Other newbie questions:
have to know a penetretion tester HOW build a tool?
a pentester build exploit?

Yea maybe someone does both but usually?

ps: nice board! :)
<<

millwalll

Post Sat Jan 28, 2012 8:14 am

Re: I wanna realize it

I agree with all comments so far as for answer to your new question.

Does a Pentester need to know hot to build tools? I think a pen tester should be familiar with at least one language more if possible. Knowing how to build tool can save you time and also come in very handy in tricky situations.

Does a pen tester need to be able to build exploits? Again I think if you can learn how exploits work it just makes you a better tester. There are lots good pentester who write exploits hence metasploit.

Return to Greetings

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software