[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pen testing beginner

I'll caveat my response by saying I'm not in this field - I'm a lowly sysadmin :)

On Oct 30, 2016 00:01, "David Christensen" <dpchrist@holgerdanske.com> wrote:
> On 10/29/2016 11:50 AM, emetib wrote:
> > have been a linux only person since before 2000 (late 2.2 early 2.4
> > kernels), yet haven't done much with it in the last ten years. ...
> > i'm looking at getting back into it and into pen
> > testing.
> I assume you mean penetration testing.  Given that computers and
> networks are built from many hardware, firmware, and software work
> products, I would expect that there are specialties.  It might help to
> pick one, and then find the knowledge and skill dependencies.

It really would, but I assume he'll find some subset he enjoys more than others after some learning. You'll either learn enough to run tools and scan for known issues or find it more enjoyable to research all the myriad of ways our tech is broken.

Either way, you want to know (at least) the basics of programming. I touched bash, python, ruby, and perl and json, yaml and ini last week (mainly at work) and I can assure you they're all pretty much the same, so don't really worry about learning multiple until you must - pick one and learn it. Pick something useful (ie, most people don't use Smalltalk so you support community and modules won't be as large so maybe not the best - fun language though) and maybe you find yourself using a tool a lot - might consider learning the language it's written in. To be more precise - Metasploit is ruby, recon-ng is python, nmap is c (with an o object passed everywhere), volatility is python, etc.

Pentesting - start staying up to date with CVEs and netsec on reddit and darkreading and the like. Learn the tools and what they do. Lots of CTFs are downloadable after the event (and people often do writeups that you can look for when you run into trouble). And learn your tools  - this includes basic Unix like strings, grep, file (know the limitations of magic though), find but also nmap, msf, Wireshark, volatility, recon-ng, sqlmap, etc. This isn't to say you shouldn't know how the tools you run work, but I find it useful to learn the tool and look at what it's doing. Ie, start Wireshark and capture and run a basic nmap and see what happens.

Exploit dev - so you can either go down the network path - I'd start by gripping the RFCs for the word "should" and "may" and see which daemons have issues with that part of their implementation (also be aware networks love time and some errors may lead to leaks). If you go down the normal x86 exploit dev path, I'd start by looking at old viruses and malware and PoC exploits and understand how they work. Also probably want to setup setup cuckoo sandbox and mastiff.

All of this said, I'd strongly suggest having a good rounded base of knowledge. So get ready for the real reading list - not just to sit on the couch with - read them while in front of a computer:
PC asm (freely available online - nostarch also publishes a much bigger / more in depth / pricier assembly book I have and haven't gotten around to reading yet)
Hacking the art of exploitation

And depending on which route you go:
Practical malware analysis

You'll notice a trend - other than pc assembly, they're all published by nostarch. I'm unaware of any books on malware dev - which is why I recommend looking at prior malware and an analysis book, though I'm sure your gov can provide tons of literature here if you ask nice enough ;)

Most conferences also post talks on YouTube - for the most part, I suggest being active as you watch them (pause, Google, read, return, repeat).

> > from what i have been reading lately i'm going to have to know quite
> > a bit about a couple of different things that i didn't jump to deep
> > into before, programming and networking especially. ...
> > i have given myself a four year window on this learning cycle and am
> curious about going about it. ...
> > please just give advice and not right or wrong opinions on what i
> > maybe trying to do with my options and if i should actually take some
> > classes to augment my self learning.
> If you are serious about this, go get yourself a degree in computer
> science.  I preferred and recommend the old-fashioned university
> approach -- professors, planned sequence of courses, classrooms, labs,
> textbooks, homework, projects, and especially the camaraderie of other
> students.

I'll preface this by saying I have 30 hours of community college credits. I've also had this discussion a few times - mixed reviews.

Most schools won't teach you computer security. I think CMU might have the best program in the states though. But basically, if you go this route, read up on what the professors do when not teaching - if none have been in industry for years or don't have any research industry is talking about...

So given the expense (both time and money), I recommend against this. If this interests you enough, you'll find tons online and pick it up. If it doesn't, drop it - it'll give you headaches even if you enjoy it sometimes (like spending 8+ hours banging your head against one flag and not going to sleep until 0600 because of it) so if you don't you will hate life and suck at it.

A word on certs - don't get them until someone is paying you to do so (with the exception of RHCE and OSCP). If a job wants you to have X cert, they can hire you with the contingency of you gaining said cert within some reasonable time frame. And most are multiple guess, so just pick up the shortest, highest rated book on the cert and write flash cards while you read, memorize them, take the test and be done with it.


Reply to: