RE: Aspiring Pen-Tester Seeking Advice
- From: "Serge Vondandamo" <serge.vondandamo@xxxxxxxxxx>
- Date: Sat, 11 Aug 2007 10:31:16 +0200
Books and path recommendation:
- HACK I.T - Security trough penetration testing. By Klevinsky, Laliberte,
Gupta. ISBN 0-201-71956-8.
Read and practice for a full year!
Then jump to:
- Gray Hat Hacking - The Ethical Hacker's handbook. By Harris, Harper,
Eagle, Ness and Lester. ISBN 0-07-225709-1.
Read and practice for a year, then attend CEH training and pass the cert.
Seek for a Jr. Pen-testing job and work for a year.
And jump to the governance and legal aspects of the job:
- CISA, CISSP or GSEC courses, books, and even certs to more advanced
security mindset.
Get a full time job!!!
I hope it could be easy :)
Cheers,
Serge
-----Message d'origine-----
De : listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] De
la part de Security Guy
Envoyé : jeudi 9 août 2007 15:52
À : Ryan
Cc : pen-test@xxxxxxxxxxxxxxxxx
Objet : Re: Aspiring Pen-Tester Seeking Advice
VMWare networking is not bad, the host OS has to be in promisc mode
for bridging to work properly so that's certainly a consideration. VM
is probably best for application- and OS-level attacks (where a good
chunk of effective, remotely exploitable vulnerabilities lie)
If you're really interested in playing with the local network-level
attacks (arp spoofing, arp mitm, etc), get a couple of really cheap
workstations and a Cisco managed switch (like a 2950), that way you
can get a feel for some of the attacks, as well as observe the affects
on the switch.
If you're interested in tools/techniques, take a CEH course, that
seems to be the most technique-laden avenue. Also the guys that did
backtrack have some courses (http://www.offensive-security.com) that
seem pretty good too. Deeper application-level training is from Dave's
Immunitysec classes
http://www.immunitysec.com/education-overview.shtml
HTH
-k
On 8/8/07, Ryan <phaleproof@xxxxxxxxx> wrote:
Hello all - long-time lurker, first-time poster,
I'm about 2 quarters away from finishing my education (majoring in
network security and systems administration), and I'm currently
interning at a company, doing monitoring IDS and SOX compliance.
I've always been interested in security, and now that I've got some
spare time I would really like to start getting prepared for a potential
position doing penetration testing.
My school offers a few courses in security, however I've always been of
the mind-set that it's better to explore it yourself than try to have
someone teach it to you.
That being said, I was wondering if anyone would be kind enough to give
a novice some helpful pointers on how to get started.
I've downloaded VMware and I've got a Windows XP, Ubuntu, and shortly a
Fedora Core 7 VM - I also plan on downloaded Windows Server 2003 with my
MSDNAA license. I've downloaded a copy of BackTrack2 and I'm in the
process of trying to turn that into a VM as well.
I installed nmap on both systems, as well as nessus, and soon
metasploit. I've played around with the former a little bit at work (I
must say, it's the most amazing tool I've used - not that I have much
experience).
I'm really interested in getting into the 'hacker' mindset and walking
through the steps they use to find, conduct, and cover-up their attacks.
Surely, it's not all point and chick, and I'm having a little difficulty
getting into the groove.
I was also hoping the more experienced users might suggest a few tools
to check out first (I've already bookmarked the sectools.org list but
there is just so many).
Additionally, can anyone suggest a bunch of good books to read
pertaining to penetration testing? Someone recommended Counter-Hack, and
another person said Hacking Exposed, as well as a few others.
All that being said, are there some limitations of VM that I should be
aware of when conducting my research? I would be very interested in
seeing if there's a way to get router and network-like functionality
from a VM since it would seem like currently VMware is essentially
acting like a hub and a lot of the attacks (ARP spoofing, etc) don't
seem possible the way I've currently got it implemented.
I know there is a "Basics" mailing list, however since I am interested
specifically in pen testing, I figured it was probably more appropriate
to post to this list. If I am incorrect, then I apologize. If not, then
thanks in advance for tolerating my noobiness and for helping out an
aspiring pen-tester!
Best Regards,
Ryan
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
--
--
Lasciate ogne speranza, voi ch'intrate
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- References:
- Re: Aspiring Pen-Tester Seeking Advice
- From: Security Guy
- Re: Aspiring Pen-Tester Seeking Advice
- Prev by Date: Re: NMAP Concurrent Scans
- Next by Date: Re: Aspiring Pen-Tester Seeking Advice
- Previous by thread: Re: Aspiring Pen-Tester Seeking Advice
- Next by thread: RE: Aspiring Pen-Tester Seeking Advice
- Index(es):
Relevant Pages
|
