Re: Aspiring Pen-Tester Seeking Advice

[krymson () gmail com]

Get used to seeing this link:

http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html

Like Sectools.org, check out this list of steps/tools and start picking out ones you want to try. A good book like 
CounterHack Reloaded will give good guidance on the steps of a pen-test (attacker), but nothing beats getting your 
hands bloody with the tools. Make it a personal goal to at least read up on every tool in those lists, if not actually 
trying them all out. You might not become an expert in them in a week or tinkering, but it gives you the ability to 
apply those tools to real-job situations which then starts to beef up your "expertness."

In the process of setting up scenarios in your lab, pay attention when you set up things like Apache or other services. 
Even as you test tools against them, you can very much learn how they work and how to configure them to fix any 
openings you create. Standing up a SQL server? Take some time to learn a bit of SQL yourself and how to manage/admin 
the system as you poke and prod it.

You could also try out some purposely vulnerable setups like:
Damn Vulnerable Linux
HackMe series
OWASP's WebGoat

And try to poke at, and read the solutions to, various puzzles online, like challenges at the Ethical Hacker's Network. 
Even if you're stumped, you can still learn a ton!

I'll let you Google those yourself, as Google-fu is going to serve you forever.

That is all fun, and not really getting too mired in something that might turn you away quick, like programming and 
memory forensics (which admittedly isn't for everyone). But eventually you'll probably scratch the itch to learn some 
scripting/coding language like Python, Ruby, or even the venerable Perl.

Use Metasploit for ease of penetrations (kinda like lube for...err...cough) and try to scan everything you can with 
nmap and nessus and vuln assessment tools. Get used to the output.

If you're up to it, start a sniffer somewhere in your network anytime you do stuff, and check out the packets. You 
don't necessarily need to understand every flag and bit, but the more you see it all, the more easily it will 
eventually make sense. I bet you get some of this with your IDS now anyway! :) If so, try packet crafting!

That should be a good year's worth of personal time invested!

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------