Penetration Testing mailing list archives
Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: Oliver Petruzel <oliverpetruzel () EMAIL COM>
Date: Mon, 11 Sep 2000 00:50:28 -0400
I am wondering how did the readers of this list get into the pen-testing field? What steps did you take to get from where you started in the field to where your at now? Did employers train you? Did you get promoted into it? Did you create the position yourself?
my 2 cents: A few items (in no particular order) to gain some knowledge of: 1. Coding in C and perl, (and perhaps assembler) 2. Strong understanding of IP networking (mainly packet structure and device purpose. ie. "what does a switch do?" Work on other, more unique archictures, later) 3. Collect and play with EVERY operating system you can get a copy of. (use swappable hard drives or ghost images with generic/hardened installs of each OS to set up "scenerios") 4. A strong desire to know how EVERYTHING in the universe around you works. Like many, I came up through the ranks starting back in the late 80's doing this on my own. Then, reading as many howto's and RFCs' as possible. (including all of the old hacker-group texts you can find) I first started in tech support.. then admin..then engineering.. And ultimately, I was able to move to security specific work. Beginning with easier Audits and Evaluations, and moving on (backwards in a way!) to pen-testing specifically. The key is making your employer aware of your genuine interest in security specific work. ALL companies need some security professionals of a sort, so opportunities are everywhere. Offer yourself up as an admin, then train your assistant to do YOUR job, and at the same time let your employer know you wish to start securing the place! Read EVERYTHING mentioned in this list, on secfocus, bugtraq, techtronic, slashdot...EVERYTHING!...and ask questions! as many as you need to! Forums, newsgroups, direct emails. Every security professional I know is willing to pass on his/her knowledge in one way or another...that's the whole point! And go buy "Hacking Exposed" (unsolicted plug!) right away. This will show you, at an easy to follow level, atleast the baseline for today's security problems and actual command-line tactics and tools. It will begin the process of giving you the needed "badguy" mentality. It's a truly great book for both new and old hackers... but by no means the ONLY book... enjoy your lab at home. I do. We all do. Otherwise we wouldnt be in this business at all... Oliver Petruzel pentest specialist BA&H Inc. National Security Team ----------------------------------------------- FREE! The World's Best Email Address @email.com Reserve your name now at http://www.email.com
Current thread:
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field), (continued)
- Message not available
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Adrian Lazar (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 13)
- Re: [PEN-TEST] Visio bites Carric Dooley (Sep 14)
- Re: [PEN-TEST] Visio bites batz (Sep 14)
- [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) batz (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Jose Nazario (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)
- [PEN-TEST] VMware Greg (Sep 11)