RE: Aspiring Pen-Tester Seeking Advice



Books and path recommendation:

- HACK I.T - Security trough penetration testing. By Klevinsky, Laliberte,
Gupta. ISBN 0-201-71956-8.
Read and practice for a full year!

Then jump to:

- Gray Hat Hacking - The Ethical Hacker's handbook. By Harris, Harper,
Eagle, Ness and Lester. ISBN 0-07-225709-1.

Read and practice for a year, then attend CEH training and pass the cert.
Seek for a Jr. Pen-testing job and work for a year.

And jump to the governance and legal aspects of the job:

- CISA, CISSP or GSEC courses, books, and even certs to more advanced
security mindset.

Get a full time job!!!

I hope it could be easy :)

Cheers,
Serge


-----Message d'origine-----
De : listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] De
la part de Security Guy
Envoyé : jeudi 9 août 2007 15:52
À : Ryan
Cc : pen-test@xxxxxxxxxxxxxxxxx
Objet : Re: Aspiring Pen-Tester Seeking Advice

VMWare networking is not bad, the host OS has to be in promisc mode
for bridging to work properly so that's certainly a consideration. VM
is probably best for application- and OS-level attacks (where a good
chunk of effective, remotely exploitable vulnerabilities lie)

If you're really interested in playing with the local network-level
attacks (arp spoofing, arp mitm, etc), get a couple of really cheap
workstations and a Cisco managed switch (like a 2950), that way you
can get a feel for some of the attacks, as well as observe the affects
on the switch.

If you're interested in tools/techniques, take a CEH course, that
seems to be the most technique-laden avenue. Also the guys that did
backtrack have some courses (http://www.offensive-security.com) that
seem pretty good too. Deeper application-level training is from Dave's
Immunitysec classes
http://www.immunitysec.com/education-overview.shtml

HTH

-k

On 8/8/07, Ryan <phaleproof@xxxxxxxxx> wrote:
Hello all - long-time lurker, first-time poster,

I'm about 2 quarters away from finishing my education (majoring in
network security and systems administration), and I'm currently
interning at a company, doing monitoring IDS and SOX compliance.

I've always been interested in security, and now that I've got some
spare time I would really like to start getting prepared for a potential
position doing penetration testing.

My school offers a few courses in security, however I've always been of
the mind-set that it's better to explore it yourself than try to have
someone teach it to you.

That being said, I was wondering if anyone would be kind enough to give
a novice some helpful pointers on how to get started.

I've downloaded VMware and I've got a Windows XP, Ubuntu, and shortly a
Fedora Core 7 VM - I also plan on downloaded Windows Server 2003 with my
MSDNAA license. I've downloaded a copy of BackTrack2 and I'm in the
process of trying to turn that into a VM as well.

I installed nmap on both systems, as well as nessus, and soon
metasploit. I've played around with the former a little bit at work (I
must say, it's the most amazing tool I've used - not that I have much
experience).

I'm really interested in getting into the 'hacker' mindset and walking
through the steps they use to find, conduct, and cover-up their attacks.
Surely, it's not all point and chick, and I'm having a little difficulty
getting into the groove.

I was also hoping the more experienced users might suggest a few tools
to check out first (I've already bookmarked the sectools.org list but
there is just so many).

Additionally, can anyone suggest a bunch of good books to read
pertaining to penetration testing? Someone recommended Counter-Hack, and
another person said Hacking Exposed, as well as a few others.

All that being said, are there some limitations of VM that I should be
aware of when conducting my research? I would be very interested in
seeing if there's a way to get router and network-like functionality
from a VM since it would seem like currently VMware is essentially
acting like a hub and a lot of the attacks (ARP spoofing, etc) don't
seem possible the way I've currently got it implemented.

I know there is a "Basics" mailing list, however since I am interested
specifically in pen testing, I figured it was probably more appropriate
to post to this list. If I am incorrect, then I apologize. If not, then
thanks in advance for tolerating my noobiness and for helping out an
aspiring pen-tester!

Best Regards,
Ryan

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




--
--

Lasciate ogne speranza, voi ch'intrate

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------






------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages

  • RE: Bootable CD Attack disk
    ... Check out www.remote-exploit.org and download the Auditor Security ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ...
    (Pen-Test)
  • Re: Why Penetration Test?
    ... > I was wondering the usefulness of a penetration testing against ... > vulnerability assessment for a company. ... attacks come very often through PBX, RAS connected to a PSTN, backup ISDN ... other popular ways to fool your expensive security measures. ...
    (Pen-Test)
  • Re: Free Penetration Testing Workshop in Bristol, UK
    ... > This three-hour Penetration Testing workshop will introduce attendees to ... > penetration testing can make a huge difference in your security program. ... > Attendees will see live or simulated demonstrations of attacks on computer ...
    (microsoft.public.cert.exam.mcse)
  • Free Penetration Testing Workshop in Bristol, UK
    ... This three-hour Penetration Testing workshop will introduce attendees to ... penetration testing can make a huge difference in your security program. ... Attendees will see live or simulated demonstrations of attacks on computer ...
    (microsoft.public.cert.exam.mcse)
  • Risks Digest 27.16
    ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Security Firm Bit9 Hacked, Used to Spread Malware Security Firm ... Super Bowl blackout was caused by electrical relay ... The timing of the attacks coincided ...
    (comp.risks)