.

Penetration Testing Areas & Popularity - Starting Out

<<

Invidicous

Newbie
Newbie

Posts: 2

Joined: Sat Jan 05, 2013 6:49 am

Post Sat Jan 05, 2013 7:16 am

Penetration Testing Areas & Popularity - Starting Out

Hi everyone - first post here I tend to make long posts so sorry in advance! Looks like a great community.

I'm an engineer with a growing interest in security related computer topics. I'm not scared to read a ton, and I know that's required to learn anything in this field. I've also looked over awesome threads in your forum such as skills required for pen testers etc, which gives a nice high level overview for the basics that are required. In other words, I have looked around a lot for this question I'm asking, please do your best not to tell me to search  :( I promise I have.

After reading several books such as (sorry to list them all off)

  • "Backtrack 4, Assuring Security by Pen Testing"
  • "Grey Hat Hacking"
  • "Metasploit - The Pen Testers Guide"
  • "Google Hacking for Pen Testers"
  • "The Basics of Hacking and Penetration Testing"
  • "The Web Application Hackers Handbook"
  • "Backtrack 5 - Wireless Penetration Testing"

Currently Reading "TCP/IP Illustrated"

I feel as though I have a solid fundamental grasp of how different areas of security function, and unfortunately for me, how wide this area is for learning. I really feel like I want to knuckle down and learn more topics in depth (i.e. like learning about TCP/IP from the current book I'm reading) but I don't know what area's in pen testing are important / more important than others; or if it's purely a preference thing. It seems you can go into forensics, network testing, wireless testing, web application testing, exploit writing etc.

Give your experiences - Do you feel there is a particular field is most used, or perhaps a topic that is most prevalent throughout? What should a beginner learn first? I understand the "soft" areas of security are important such as linux / windows / network protocols, but I'm curious if there is actually a security field that should be focused on?

If you had to recommend a certificate for someone starting out, what would you recommend?

I know it's hard to answer these questions, and sorry if there isn't a right answer, but any feedback you could give me on the topic would be greatly appreciated. If it does all come down to personal preference I can accept that, but at least I know I won't regret whatever I choose. I can also appreciate that it's hard to assign a right answer without knowing motivation and background, but for me really it comes down to really enjoying learning about security, fascinating how people can bypass / make things do unintended things and gaining access to systems.

Thanks so much if you've read this far. I look forward to participating in the community :)
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jan 05, 2013 10:39 am

Re: Penetration Testing Areas & Popularity - Starting Out

First off, welcome!

As far as a learning 'order', I could answer that in so many ways.  However, I'd suggest that your immediate desire to go deeper in TCPIP is a wise choice.  IMHO, if you don't have a good understanding of protocols, communication in general, etc, it doesn't generally allow you to be well-rounded.  Knowledge of protocols and packet / traffic analysis is a solid and fundamental skill to have in your arsenal.

As for 'first' certifications, I'd lean towards eLearn Security's eCPPT, assuming you feel comfortable enough to dive in.  That cert is nice because it lays many if the foundational blocks, and then progresses nicely, while also allowing you some hands-on practice. While I've never taken the exam for it, I've reviewed the courseware for both the older and current revision, and Armando and his team have done a great job with it.

As far as area of security that you pursue, it's a matter of preference.  If you enjoy making things work in ways they shouldn't, pentesting is fun!  If you aren't as comfortable 'modifying' things, yourself, but can analyze what others have done, then malware analysis and / or forensics may be more to your liking.  Then there's more management positions / study tracks...  Just depends on you.

Regardless, keep us informed on how you choose to progress, and good luck!
Last edited by hayabusa on Sat Jan 05, 2013 10:41 am, edited 1 time in total.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

cd1zz

User avatar

Recruiters
Recruiters

Posts: 566

Joined: Sun Oct 03, 2010 9:01 pm

Post Sat Jan 05, 2013 11:18 am

Re: Penetration Testing Areas & Popularity - Starting Out

but I don't know what area's in pen testing are important / more important than others; or if it's purely a preference thing. It seems you can go into forensics, network testing, wireless testing, web application testing, exploit writing etc.


I'll break each out separately based on how much time I spend on each. Keep in mind though, this is a field where you should really try to learn everything you can. However, hopefully this helps you prioritize...

Forensics: 0%, we have a dedicated forensics guy, that is all he does. I think this is normal, but others can correct me if I'm wrong.
Network testing: TONS of TIME, a typical pen test in my company is some flavor of a network pen test, i.e. external, internal
Application Testing: TONS of TIME, I spend equally as much time on web apps as I do on network PT. In fact, on almost EVERY network pen test, you'll run across web apps that may/may not help you with the objectives of the pen test. You need to know both network and web apps equally.
Wireless: SOME, these are usually "bundled" into internal pentests our company sells, but it's not the norm. Not near as much time is spent here. Wireless  is pretty easy stuff though, it really doesn't take all that much time to get up to speed on the basics, as well as enterprise wireless stuff.
Exploit writing: (as a hobby, LOTS) (for work, much LESS) If a company has a true research group, you might be doing this all the time. Similarly if you worked at a place like Metasploit, you would be writing sploits all the time. We have a lot of guys at my place that have never written an exploit, its not a "critical" skill for basic pen testing.

In my opinion, I think you should start with network and web apps, study them equally, become a bad ass at both. The rest will come easy if you master those two.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Sat Jan 05, 2013 11:26 am

Re: Penetration Testing Areas & Popularity - Starting Out

Do you have any sort of home lab? It's going to be difficult to develop serious skills and retain knowledge simply by reading books. Get VMware Workstation or ESXi and a Technet subscription and create an AD environment with various Microsoft servers. Add in *nix servers, web apps, etc. as you desire.

Also, there are tons of great resources on blogs. Check out sites like Carnal 0wnage and Iron Geek. Recreate the setup and exploit the configuration. Always try to branch out and learn about something you're not already familiar with.
The day you stop learning is the day you start becoming obsolete.
<<

m0wgli

User avatar

Sr. Member
Sr. Member

Posts: 308

Joined: Fri Jul 20, 2012 3:34 pm

Post Sat Jan 05, 2013 12:06 pm

Re: Penetration Testing Areas & Popularity - Starting Out

Following on from ajohnson, these additional resources are useful for getting hands on experience:

http://g0tmi1k.blogspot.co.uk/2011/03/v ... esign.html

http://blog.taddong.com/2011/10/hacking ... tions.html
Security + | OSWP | eCPPT (Silver & Gold) | CSTA
<<

Invidicous

Newbie
Newbie

Posts: 2

Joined: Sat Jan 05, 2013 6:49 am

Post Sat Jan 05, 2013 5:32 pm

Re: Penetration Testing Areas & Popularity - Starting Out

Hi everyone. Wow what awesome responses, guess I'll be hanging around here for a while. Thanks for being so kind to the newbie :)

Hayabusa - Thanks for your input. With regards to protocols I believe what you say about knowing the way things work in depth. I guess what I should start doing is learning how everything works at a deep level before I start worrying about how to break it in any significant way, as many security targeted books and courses will let me do. Without solid foundations any knowledge I gain will always have lots of holes that need fixing.

On that note, after TCP/IP - and then I'm assuming in depth knowledge of Windows & Linux, would you recommend any particular area? If nothing comes to mind don't worry, I imagine I've just flippantly given three area's with a huge amount of information in them which will take me quite a while to get through and bring up 10's of questions I will need to continue answering on my own :P

With certifications I'll defiantly check out eCPPT. I don't "need" certs in the sense I'm happy in the field I am currently in, but I find I learn well with a structured framework so I'll still look into it. Pen testing sounds the most fun :) but who knows with experience I may learn to enjoy something else! Thank you for your awesome response.

cd1zz - Thanks for breaking it down for me like that. It's just what I was after. Helps me see what area's are really useful and what are the 'core' foundations to pen testing. Don't get me wrong, I appreciate that ALL area's of knowledge are definitely useful, but with everything some are used more than others. I'll definitely be focusing on networking and web applications (TCP/IP study ftw!)

ajohnson - Just a range of VM machines I've set up myself. Windows XP, Metasploitable / Metasploitable v2, De-ICE Challenges, OWASP BWA - the basics. I'll check out what other labs people have set up and take that on board for what I can integrate myself :) Thanks for your reply.

m0wgli - Thanks for the links, I'll definitely check them out!

Thanks again everyone, really appreciate the quality posts and it helps me a lot more with the directions I'll be taking (Networking / Web App focus, studying the knowledge in depth first before worrying about security concerns, then studying security aspects while testing out practical knowledge in a VM lab.)

Cheers!
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat Jan 05, 2013 7:16 pm

Re: Penetration Testing Areas & Popularity - Starting Out

I think your assessment from the responses is 'spot on.'

You'll do well, if you deep dive into the basics, first, then progress into the more detailed parts of each, as you've noted.  Each person learns differently, but in general, that's a very 'sound' approach, and one that many of us have taken.

Good luck, stay involved, and keep us in the loop, as you progress!  (A lot of us like to help, as much as to learn for ourselves, so it's rewarding to see others progressing, too.) :)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Sat Jan 05, 2013 8:05 pm

Re: Penetration Testing Areas & Popularity - Starting Out

Invidicous wrote:ajohnson - Just a range of VM machines I've set up myself. Windows XP, Metasploitable / Metasploitable v2, De-ICE Challenges, OWASP BWA - the basics. I'll check out what other labs people have set up and take that on board for what I can integrate myself :) Thanks for your reply.


The advice in this thread is really good. I would also suggest at some point that you include some hardware in your lab, so you can understand how to exploit network protocols / network hardware... it's pretty fun showing a client you own their entire network.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Jan 06, 2013 10:17 am

Re: Penetration Testing Areas & Popularity - Starting Out

PS to the OP - I've never taken Grendel's Hacking Dojo courses, but there'd also be something to be said about working your way through progressive courses, like his.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH

Return to General Certification

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software