Re: Aspiring Pen-Tester Seeking Advice



hello rajat,

Frankly even i was in ur groove when i started out...trust me.. this
and many mailing list have seen a flood of my questions..and people
got so bored answering.. pheww.....

but let me give u a little tip.... 1) the people who reply to u in
this mailin list are pretty much experienced..so take thier word for
it.
2) U need a really broad idea of the big picture.... i mean.. hacker's
mindset is a good place to start....but as u go up...(in a 1st or 2nd
pen-test)..u must be able to switch between a hacker's and a
Management's and a sysadmin's Mindset... its easier said than
done.....
3) technical knowledge of CONCEPTS and the tip above (2) is very very
important especially when u write a high quality pen-testing report.(
its the report that counts and makes the difference between the money
they spend on u and money they spend on burgers)

4)tools are good... for starters tools are god-like...... dont
worry... with experience u will become a tool-independent pen-tester.

5)the holy grail of hacking is getting "root"...but holy grail of
pen-testing is ANALYSING the 'HOW' of getting root. Also we need to
give cure

joel


On 8/10/07, rajat swarup <rajats@xxxxxxxxx> wrote:
On 8/8/07, Ryan <phaleproof@xxxxxxxxx> wrote:
Hello all - long-time lurker, first-time poster,

I'm about 2 quarters away from finishing my education (majoring in
network security and systems administration), and I'm currently
interning at a company, doing monitoring IDS and SOX compliance.

I've always been interested in security, and now that I've got some
spare time I would really like to start getting prepared for a potential
position doing penetration testing.

My school offers a few courses in security, however I've always been of
the mind-set that it's better to explore it yourself than try to have
someone teach it to you.

That being said, I was wondering if anyone would be kind enough to give
a novice some helpful pointers on how to get started.

I've downloaded VMware and I've got a Windows XP, Ubuntu, and shortly a
Fedora Core 7 VM - I also plan on downloaded Windows Server 2003 with my
MSDNAA license. I've downloaded a copy of BackTrack2 and I'm in the
process of trying to turn that into a VM as well.

I installed nmap on both systems, as well as nessus, and soon
metasploit. I've played around with the former a little bit at work (I
must say, it's the most amazing tool I've used - not that I have much
experience).

I'm really interested in getting into the 'hacker' mindset and walking
through the steps they use to find, conduct, and cover-up their attacks.
Surely, it's not all point and chick, and I'm having a little difficulty
getting into the groove.

I was also hoping the more experienced users might suggest a few tools
to check out first (I've already bookmarked the sectools.org list but
there is just so many).

Additionally, can anyone suggest a bunch of good books to read
pertaining to penetration testing? Someone recommended Counter-Hack, and
another person said Hacking Exposed, as well as a few others.

All that being said, are there some limitations of VM that I should be
aware of when conducting my research? I would be very interested in
seeing if there's a way to get router and network-like functionality
from a VM since it would seem like currently VMware is essentially
acting like a hub and a lot of the attacks (ARP spoofing, etc) don't
seem possible the way I've currently got it implemented.

I know there is a "Basics" mailing list, however since I am interested
specifically in pen testing, I figured it was probably more appropriate
to post to this list. If I am incorrect, then I apologize. If not, then
thanks in advance for tolerating my noobiness and for helping out an
aspiring pen-tester!

Best Regards,
Ryan



i liked reading http://www.phrack.org/ when I started off.
also check out http://sectools.org/

--
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




--
As soon as men decide that all means are permitted to fight an
evil, then their good becomes indistinguishable from the evil
that they set out to destroy.
- Christopher Dawson, The Judgment of Nations

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • Re: groove server 2007
    ... Mary Sauer MSFT MVP ... As we can't find the actual trial server software to download, ... Groove Server 2007 Manager Server Administrator's Guide, ...
    (microsoft.public.office.setup)
  • Re: testing an installer
    ... sandboxie to run it in a sandbox ... I am new to penetration testing and am doing security testing on an ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: testing an installer
    ... I am new to penetration testing and am doing security testing on an ... Cenzic finds more, "real" vulnerabilities fast. ... buy it or download a solution FREE today! ...
    (Pen-Test)
  • Re: Groove 2007 free trial: only if you have a US zip code?!
    ... If you click on the name of the country on the upper left of that page and change it to United Kingdom and Remember this... ... Why is the Groove 2007 60 day free trial not available in the UK? ... zip code (i.e. post code) was invalid. ... Is there any plans afoot to enable users to download the Groove 2007 free ...
    (microsoft.public.office.misc)
  • Re: Lost my USB Controller
    ... In article, Groove ... Mailed Nir to ask if he did a .zip with all the utilities to save having ... to download each one individually, ... there is some seriously useful stuff there. ...
    (uk.comp.homebuilt)