.

Getting into Pentesting, using this strategy?

<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Mon Mar 26, 2012 12:41 pm

Getting into Pentesting, using this strategy?

I read this and was intrigued. I have decided to learn from the ground up again, and I'm on the networking books currently. Just wondering what you guys think with the pathway this guy set out to become a competent pentester, as its the first time I've seen someone actually take the time to set out a complete pathway with specific examples and references. While there is no right answer to the question, it sure does help to have someone experienced who has layed out like this.
http://www.infiltrated.net/pentesting101.html
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Mon Mar 26, 2012 1:43 pm

Re: Getting into Pentesting, using this strategy?

Most of that guide is about building IT skills generally rather than pentesting skills specifically.

There is a big jump in difficulty from Step One (learn the OSI layer) to Step 2 (read five non-introductory Cisco books).  I'd recommend getting the CCNA study guides from Cisco (two volumes) and also Practical Packet Analysis (once you get further in).  Once your Cisco and TCP/IP skills are solid, pick up the Cisco security titles the guide author mentions.

I don't know what Linux books are considered good right now, but get Absolute BSD if you want to learn FreeBSD.  For programming, check out http://programming-motherfucker.com/become.html .  Learn Python or Perl to start.  Along the way, plan to learn C and SQL to a basic degree.  You need to understand how to read code, craft SQL statements, and automate basic tasks.  If you want to be a good programmer and develop complex tools, put aside everything else and just program for a couple of years.

The guide author suggests building a lab and learning to hack them from Bugtraq posts, but I think you should start with a book so that you have a little more structure.  I've read several Hacking Exposed volumes and enjoyed them.  Others have recommended Counter Hack, and Professional Penetration Testing Vol. I by Thomas Wilhelm.  Professional Pen Testing is probably your best bet to start: it actually focuses on setting up a lab and learning with it.  After you've read one book, read another and spend more time reading the mailing lists.  Read lots of articles, Google, play.
Last edited by unicityd on Mon Mar 26, 2012 2:58 pm, edited 1 time in total.
BS in IT, CISSP, MS in IS Management (in progress)
<<

Dark_Knight

User avatar

Sr. Member
Sr. Member

Posts: 294

Joined: Mon Aug 11, 2008 7:03 pm

Post Mon Mar 26, 2012 2:00 pm

Re: Getting into Pentesting, using this strategy?

hmmmm why not direct your questions to the author himself.........Sil where u at  ;D ;D ;D ;D
CEH, OSCP, GPEN, GWAPT, GCIA
http://sector876.blogspot.com
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Mar 27, 2012 9:12 am

Re: Getting into Pentesting, using this strategy?

unicityd wrote:Most of that guide is about building IT skills generally rather than pentesting skills specifically.



Curious to know what you perceive as being an overall good pentester? My definition of a thorough, good, and reliable pentester is someone who is versatile, can adapt and is experienced in a wide array of technologies. Because SECURITY is nowadays a broad term, I noticed that far too many pentesters are nothing more than tool-testers. Tool testers who know little about the layers associated with what they are doing. This is why many fail and this is why the current market is saturated with individuals running metasploit, Nessus, GFI and other tools passing themselves off as pentesters.

Books like Counterhack Reload, Hacking Exposed and Professional Pentetration Testing offer you examples on "staged" systems. Systems that are loaded for you to be able to compromise. While they have their place, they are minimal in real world exploitation and often the exploits used in those books are worthless. Many are written from the LAN perspective as nmap'ing a CIDR nowadays gets you nowhere.

When I wrote penetration testing 101, it was meant to introduce people to systems administration, networking and then security. Many in fact, I want to say 75% of the so called penetration testers I have met, spoken with, picked their brains are little more than tool jockeys. Without their tools, they're lost. They know little about what to do in the event they become tool-less so what is their real value?

Let me put you in a "cyberwarfare" scenario right now. You're deployed to a foreign country, your platoon is under fire and the enemy is jamming your signals. You managed to get a hold of an enemies laptop. Its a Tadpole running Solaris... What do you do? Call it a day because 1) you don't know Solaris 2) You don't know the common tools on Solaris 3) Call it a day because you don't know or understand what IKE and or aggressive versus main mode is? What do you do?

Let me give you another real world example, you're thrown into ANY environment that is contained on say a C2 style level of security. You cannot install ANYTHING, IPS is logging via syslog remotely. How do you get in and out undetected without using your favorite tool of choice?

The reality is, most SYSTEMS contain all the tools you would need, you just have to know what tools are doing what and have a thorough understanding about different layers of the OSI. How things interconnect, what is responsible for what. This is the reality of pentesting. Not a quick nmap scan followed by metasploiting. This is real world when in the real world, the system you are analyzing/testing/compromising will have security mechanisms to detect you, there may be a live individual halting or slowing down your progress. Not some "fire and forget" voodoo you see in a book.

It takes more than labs to make a good pentester. Labs are like shooting fish in a barrel. Trying to "replicate" your target is worthless since you will NEVER have the same configuration files, accounts, network layout and so forth. So while you can wet your feet with content in books like CounterHack reloaded, that's all they're really good for.

When I took my RWSP exam, for those who've done the OSCP, think of it as the OSCP with an enemy on the fly countering you. Was a seriously hard exam. While I took it, no one could figure out what I was doing and where I was coming from because I followed NOTHING from a book. Everything was improvisation. I still accomplished my objectives during that exam and that to me makes a good pentester. Someone who you can plop into a drop zone with zero that can accomplish their objective. Not someone whose proficicient at metasploit, or scapy, or Nessus. On the counter, I would see those tools a mile away and you'd be stopped dead in your tracks.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Mar 27, 2012 10:05 am

Re: Getting into Pentesting, using this strategy?

I want to spend a day with Sil  ;D  Alot of folks believe they can just jump into pen testing, but it is not an entry level environment.  You need a good base to build on and that base comes from working the trenches and building up a good chunk of knowledge.  OSI is a great example, it is reviewed in every entry level cert and even in some higher level certs.  It is everything we work with.

One thing I would like to say about tools like nmap and such is it makes the job easy for those who know how to do it the hard way.  Time savers I suppose.  Way back when I would teach teachers how to build web pages.  First thing I would do is give them a primer on coding HTML.  I explained it that if you know the code, then it is much easier to tweak your pages.  Learn the code and use the tools like Dreamweaver to save you time.  Then go in and tweak.

The advanced attackers are not always using pre-maid tools.  They are writing custom code and in some cases doing it on-the-fly.  This is why the defenders are having a tough time catching some of these targeted attacks.  Tools will not always help.  Knowledge will.  Oh why is that packet attempting to go out on TCP 53???  etc...
Certs: GCWN
(@)Dewser
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Mar 27, 2012 10:42 am

Re: Getting into Pentesting, using this strategy?

3xban wrote:I want to spend a day with Sil  ;D


Maybe the next monthly giveaway should be a dinner date ;)
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Mar 27, 2012 10:59 am

Re: Getting into Pentesting, using this strategy?

ajohnson wrote:
3xban wrote:I want to spend a day with Sil  ;D


Maybe the next monthly giveaway should be a dinner date ;)


I'm actually working and have been working on getting some stuff together a-la Moodle and GoToMeeting to train people but its not based on any cert. More like a "hacking without borders" type of class using Rosetta Stone like methods of penetration testing, forensics and counterforensics all rolled in one. Zero fluff and no re-hashed information but not sure of the appeal it would have since there would be no cert to achieve in taking the course.

Been throwing the idea around for some time, actually made the Moodle site, some modules, and so forth, just been swamped with other training priorities.modules, and so forth, just been swamped with other training priorities.
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Tue Mar 27, 2012 11:44 am

Re: Getting into Pentesting, using this strategy?

Most of that guide is about building IT skills generally rather than pentesting skills specifically.


Curious to know what you perceive as being an overall good pentester? My definition of a thorough, good, and reliable pentester is someone who is versatile, can adapt and is experienced in a wide array of technologies.


I didn't mean to imply that general IT skills weren't necessary. I was only commenting that  your tutorial assumes that someone is starting from the beginning rather than from a strong networking/sysadmin skill base.

So while you can wet your feet with content in books like CounterHack reloaded, that's all they're really good for.


No argument there.  I think the road you laid out would be a little hard-going for a beginner and many people would be better served by reading a book or two first to give them a bit of a foundation.  I wouldn't expect anybody to become a professional anything just by reading a book.
BS in IT, CISSP, MS in IS Management (in progress)
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Mar 27, 2012 12:06 pm

Re: Getting into Pentesting, using this strategy?

unicityd wrote:
I was only commenting that  your tutorial assumes that someone is starting from the beginning rather than from a strong networking/sysadmin skill base.



I did label it "Pentesting 101" and I did start off by stating: "so you want to break into..." (which now that I think about it, is Ironic)... There was no assuming when I wrote it, was to give people a primer on which route to go.

Even if I had NOT done so (started with the "newb") commentary, weeks 19 and up covered a lot more than most networkers and sysadmins know about and I based that on experience.

I've been meaning to actually update and or modify that entire thing, but my ADD/ADHD and cluster***k schedule won't allow for it
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Mar 27, 2012 7:11 pm

Re: Getting into Pentesting, using this strategy?

sil wrote:
I'm actually working and have been working on getting some stuff together a-la Moodle and GoToMeeting to train people but its not based on any cert. More like a "hacking without borders" type of class using Rosetta Stone like methods of penetration testing, forensics and counterforensics all rolled in one. Zero fluff and no re-hashed information but not sure of the appeal it would have since there would be no cert to achieve in taking the course.

Been throwing the idea around for some time, actually made the Moodle site, some modules, and so forth, just been swamped with other training priorities.modules, and so forth, just been swamped with other training priorities.




That actually sounds pretty cool.  Certs are just a bonus to some of those decent technical courses, honestly the main reason I am currently taking eCPPT is just for the knowledge.  In my market it is not that well known of a cert.  But the content is decent and a great way to get a better understanding of the material.

As for what you are trying to do, I think that would be a great way to learn.  Then afterwards the students can take that knowledge back to their current jobs and making their pen tests worth that much more or for the beginners to go and maybe pursue some entry level certs.  I look forward to hearing more about this when you find time in the busy schedule.
Certs: GCWN
(@)Dewser
<<

lynoharvey

User avatar

Newbie
Newbie

Posts: 7

Joined: Wed Nov 30, 2011 6:25 am

Post Wed Mar 28, 2012 8:06 am

Re: Getting into Pentesting, using this strategy?

Hi,
As someone trying to break into security I have found this thread really insightful.
I have an MSc in forensics but it is not enough on its own. I look at all the certificates there are and all the areas of knowledge and it is hard to decide which to do or look at first.
After reading this thread I realised that I am often overwhelmed because there is so so much to learn. However that is the nature of the beast and probably any of the certificates help.
I appreciate Sil's comments on the importance of knowing the technologies and think that is a very important point.
all the best
<<

RichFalcon

User avatar

Newbie
Newbie

Posts: 13

Joined: Thu Jul 22, 2010 11:28 am

Post Wed Mar 28, 2012 9:00 am

Re: Getting into Pentesting, using this strategy?

Hi lynoharvey,
I agree with you. There is so much to learn. I am at a crossroad right now. I'm trying to get my foot in the door but do not know what direction to go in or where to start. App Security and Forensics are the most interesting to me. So I may continue on the EC-Counsil route and get the CHFI or get a Masters. Where did you go for your Masters?
The advice Sil offers at his site is great. Thanks Sil.
C|EH, MCITP-SA, Sec+
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Wed Mar 28, 2012 9:24 am

Re: Getting into Pentesting, using this strategy?

You guys need to focus on getting into the professional market place ASAP and stop trying to land your dream job right out of the gate. It will probably be extremely humbling to go for an entry-level position when you have an advanced degree, but the sooner you can start gaining any experience, the better (i.e. even saying you spend 20% of your time configuring access controls or managing firewalls is going to look better than someone that only has certs or college coursework). A certification or degree isn't just going to magically open doors for you, and honestly, you're going to be selling yourself short if you move right into a very focused security position without first establishing a well-rounded background.

Edit: If you're feeling overwhelmed, you're more concerned with reaching a destination (i.e. knowing everything about everything) than simply enjoying the journey. You're never going to achieve the former, so quit wasting your time worrying about unrealistic goals and focus on enjoying whatever you can learn by the end of the day. It's about attitude and perspective. If you're making yourself miserable, you're doing something very wrong.
Last edited by dynamik on Wed Mar 28, 2012 9:27 am, edited 1 time in total.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Mar 28, 2012 10:27 am

Re: Getting into Pentesting, using this strategy?

^ ++1  :)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Wed Mar 28, 2012 10:40 am

Re: Getting into Pentesting, using this strategy?

ajohnson wrote:Edit: If you're feeling overwhelmed, you're more concerned with reaching a destination (i.e. knowing everything about everything) than simply enjoying the journey.  ... If you're making yourself miserable, you're doing something very wrong.


Just reminded me about a post I recently read on another forum. Individual wants/intends on spending 7 days a week on CCIE labs (avg of 3-5 hours per with weekends at 8-11 hrs per day). I felt sad for the person because he will likely fail from burnout. I'm still (yes still after a decade) on CCIE Security studies and jump in and out of CCDE studies but I am not even planning on taking either cert (evar!). I went that approach about 6 years ago (20+ hours studying) and it got tiring very fast and there was so much lost from jumping too quickly into things.

But I agree, starting off small if you have zero experience is the best approach. I still feel the methodology I wrote was a great approach in the sense that whomever would follow it has a lot more options than falling flat on their behinds... They learn systems, networking and so forth. Even at work I still play the role of Network Admin/Network Engineer/Network Architect, Systems Admin/Engineer/Arch, VoIP Architect/Admin/Engineer/Analyst, Forensic IR/Analyst/Investigator... But I work at an MSSP so its different for me.
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software