Penetration Testing mailing list archives
Summary - How to become a professional penetration tester?
From: "David Fuller" <burchoff2000 () yahoo com>
Date: Tue, 12 Jun 2001 08:34:39 -0700
For the past two to three weeks I have received about 15 emails asking me to post or send a summary or what I received off list unfortunately every time I try to post the replies I received it gets rejected by the list moderator. So I have chosen to give a break down of what I received. I received emails from three companies informing me of the availability of Internships and summer jobs at there company. There names are Fishnet Security (www.fishnetsecurity.com), Spidynamics (www.spidynamics.com) and Ncider (www.ncider.com). Where my question about courses that I could take in university are concerned Brian Joseph gave a very nice reply which you will see below: Brian Joseph's Email
David,
You should look at courses that focus on networking and system OS's. It
seems
that schools are very affraid to teach their students how to become good hackers, but if you are smart and put it all together, you will realize
that
they are giving you the tools to do so.
I recently graduated from the Rochester Institute of Technology. During my last quarter there, I developed a class called "System Security," which focused on Windows and Unix OS security. I wrote the labs for this course, and compiled a list of texts. I recommend the book "Steal This Computer
Book
2" by Wallace Wang, and all the O'Rielly books you can afford (actually,
you
should be able to get them for free off the web). In my research I
realized
that the information you are asking about is out there. You may want to
start
by learning how to keep people out... firewalls, routing ACL's, intrusion detection systems, etc.
RIT also offers a distance learning class called "Computer Crime"... you
can
take this class anywhere in the world, as long as you have internet access. It is a good class because you will learn the laws. There are very few institutions that offer Information Technology as a degree, and I recommend RIT not only because I went there, but because they were one of the first schools to offer IT.
If you are new to hacking, try starting by researching a ton of resources. Don't just jump into it without understanding the laws and ethics. People
who
do this are called "script kiddies," and they get no respect from the community.
Learn programming (especially C) and shell scripting. Take a look at some hacking scripts that are available, and rip them apart. See how they work, and then realize that they are nothing more than manipulating what you probably already know. These codes are usually brute force attackers (such
as
"CrackWhore", "BackOrifice", etc.).
Another idea would be to set up a honey pot and allow people to break into your stuff. You will be able to see how they do it.
As for an internship, it is hard to find one in what you described. I
guess
look on Monster.com and places like that. You may want to try to start by getting on a firewall team or network security team for a large company
like
Sun, EDS, M$, Cisco, IBM, or the like... a company that has a lot of money
and
can train you. My advice is don't limit yourself.
Hope this helps.
-Brian
Also, on the subject of university courses professor Larry Leibrock at The University of Texas at Austin (http://praetor.bus.utexas.edu) teaches a short course on penetration testing, Outside of university course I was told that I could look into the courses offered at www.sans.org. That was all the information I received from my post to the list hopefully the moderator will let this message be posted so that I don't have to find another way to get it out to those people who are very interested in the information I received. David. _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- Summary - How to become a professional penetration tester? David Fuller (Jun 12)
- Re: Summary - ? allan (Jun 12)
- Re: Summary - ? Lee Choon Kwee (Jun 13)
- RE: Summary - ? Erik Tayler (Jun 13)
- CISSP exam (Summary) allan (Jun 15)
- Re: Summary - ? Lee Choon Kwee (Jun 13)
- Re: Summary - ? Chris Trudeau (Jun 13)
- Re: Summary - ? allan (Jun 12)