to become a pen tester?

frankiemiltonfrankiemilton Member Posts: 5 ■□□□□□□□□□
I have recently passed Network+ exam and i am trying to choose the next cert to pursue.
I want to go for OSCP, but i am afraid i might still lack knowledge for that at this point..
i am not currently looking for certs to put on my resume, but the ones that i will be able to gain knowledge from.
with that being said, i think starting with Network+ was a great choice because i had nearly no knowledge at all in networking field.
i will probably get the certs that will buff up my resume later in my career though.
Can anyone make any recommendation for my next step?
should i go for ceh?


  • Vask3nVask3n Member Posts: 517
    Hey there,

    It sounds like you already have an idea for the different kind of certs that are available in the first place. If you would like to build on your network knowledge to be more familiar with it, I would try something like Network+ --> Security+ since both of those are vendor-neutral and are commonly looked at on resumes. After a couple of those vendor-neutral certs I would start checking out the Cisco curriculum which is much beefier and substantial.

    From a security perspective I have heard good things about OSCP, but when it comes to CEH just know that there are a couple hoops to jump through if you don't take their official course, like needing 2 years of security experience, a recommendation, and a security education requirement.
    Working on MS-ISA at Western Governor's University
  • frankiemiltonfrankiemilton Member Posts: 5 ■□□□□□□□□□
    Thank you for replying!
    I was thinking about going for security+, but i just wasnt sure.
    Now that its more clear, i will probably go for it.
    so at which point do you think i should aim at oscp, and possibly ceh?
    i was thinking sec+, then ccent/ccna, maybe then oscp?
    i guess it all really depends on me, but i just wanna be ready before going into something.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    You can go and sign up to what ever you want, the main question is: How much IT experience and knowledge you have?

    Penetration tester is not just the cool part to scan, run an exploit, get shell, escalate and own the machine, that's the easy part, the other one and it takes more time that the fist one is the report, it is not just the screenshot and how you did, it is how to fix it and why..... in that moment the knowledge and experience takes place.

    It is very difficult to hack and propose to remediate something if you never configured it or worked before.

    Remember, learn to work before to run.
    Stop RDP Brute Force Attack with our RDP Firewall :
    It is your personal IPS to stop the attack.

  • LionelTeoLionelTeo Member Posts: 526 ■■■■■■■□□□
  • JaxinJaxin Member Posts: 7 ■□□□□□□□□□
    LionelTeo's posts are great (especially the second one).I did want to say that they way you learn should factor into the path you take. If you learn best from the more traditional teaching style (lecture, lab, qa, repeat), going through a few GIAC courses would probably be the best way to go - they have great courses and great instructors, and some are quite fun. On the other hand, if you prefer to learn on your own (self-study, reading, downloading and trying out random tools, ect), then you can probably jump straight to OSCP and be fine. OSCP is more or less a guided self-study course. It has great material, and an amazing lab environment to learn, but "try harder" is the true mindset of the course. Help and hints are provided, but you are expected to have tried significantly on your own before asking for it.
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I see a lot of threads about wanting to become a penetration tester, which in itself is admirable, but I think a key skill to have aside from the techie side of things is being able to communicate (verbally and in written form) about the various technologies, their limitations, and how they can be abused. The ability to abstract or translate the details into a form which a non-technical client can understand is crucial. If you can relate in-depth scan results and their risks to someone in layman's terms (while preserving a certain level of accuracy in analogies) is a critical component of the work.

    Inevitably, this requires a deep understanding of the underlying technologies and the fundamental principles they rely on. Simply regurgitating vuln results without providing proper context to the audience at hand provides little value.

    There are cases where a team lead will be the one relaying this information to a client, but communication skills are relatively overlooked when people talk about pentesting.
    Hopefully-useful stuff I've written:
  • jamesleecolemanjamesleecoleman Member Posts: 1,899 ■■■■■□□□□□

    I really appreciate the very valuable input that you gave. It just made me more interested in Penetration testing.


    I'm planning on doing the OSCP but first I'm thinking that I will need to study Bash, Python and some C to make sure that I don't get stuck on something. I'm also trying to study about Linux and MS Server just to help me out some more. Have you looked at the course syllabus?
    WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
    *****You can fail a test a bunch of times but what matters is that if you fail to give up or not*****
  • JDMurrayJDMurray Admin Posts: 13,014 Admin
    I recommend having a look at the many Defcon presentations on pen-testing available on YouTube. Pen-testing may not be the glamorous, high-paying experience some people think it is.
  • ethkhkrethkhkr Member Posts: 11 ■□□□□□□□□□
    I agree entirely with post #7 from docrice. I myself am a penetration tester and fortunately went straight into the Information Security field after college which is almost unheard of. My advice to you would be to take your OSCP because the huge penetration testing firms (Accuvant, Fishnet Security, etc.) won't even look at junior guys without first having a OSCP. A word of caution though, a OSCP will not be enough in and of itself to survive as a penetration tester, it will however allow you to remain self reliant and give you a fighting chance.

    OP feel free to send me a PM with any additional questions you may have about penetration testing.
  • jeremywatts2005jeremywatts2005 Member Posts: 347 ■■■■□□□□□□
    I worked as a Pen Tester for 6 months and it was crazy. Or at least the company I worked for was maybe? We did internal, and external Pen testing. The clients would pay for a certain block of time. We utilized a vulnerability scanner the night before to assist in discovering flaws. When they are only paying for an hour or two for an external you have to work quick. The internal Pen test were usually no less than a day and usually three or four days. The externals were tough as usually there was a ton of junk in front of the webservers and you had to get through all of that before getting to the server. The internals were usually more successful. Copiers and other forgotten devices left open were always the best places to start You could own a network simply by some idiot not correctly locking down a copier with usernames and passwords on it. Or you find an old server that was not decomissioned. I could go on and on about internals. The best one was a UPS left with default credentials. You could log in and it allowed for you to upload a file to it. If an alarm went off then the file would be sent to the server and executed. You could totally own a server via the UPS. Just change a voltage alarm on the server and off goes the file.

    Now that is the fun part. Here is the bad part, you have to write it all up. Usually in a specified format detailing what you did and even listing out how it effects the network or could effect the network. Plus you have to have the screenshots to prove it and you have to present the report to the customer. Think in some cases 35 or 40 pages of write ups or more depending on network size. A typical one hour external was 5 - 6 pages with no pictures that is just typed. Then you have to add the screenshots for dirbuster, hydra, FOCA and so on. It is a lot of work be prepared to love writing and speaking tech to non tech.
  • NovaHaxNovaHax Member Posts: 502 ■■■■□□□□□□
    When they are only paying for an hour or two for an external you have to work quick. The internal Pen test were usually no less than a day and usually three or four days.

    Seriously man...WTF kind of firm were you working for that would offer external pentests in 1-2 hour blocks??? That doesn't even make sense. That's not even enough to do discovery.
  • impelseimpelse Member Posts: 1,237 ■■■■□□□□□□
    LOL, I have the same question, I had to test 3 days for the external pentest.
    Stop RDP Brute Force Attack with our RDP Firewall :
    It is your personal IPS to stop the attack.

  • idr0pidr0p Member Posts: 104
    Also to consider there is many different types of services that could be called a pentest.

    White Box -Client aware
    Grey Box - Client Semi-Aware
    Black Box - Client is in the dark

    basic pentest - check vulnerabilities and validate (open the front door)
    full pentest - get in get root
    advanced pentest - break in, steal the coffee maker
    physical - a person actually trying to get in your facilities to see what they can get (or leave ;0)
  • jeremywatts2005jeremywatts2005 Member Posts: 347 ■■■■□□□□□□
    The shorter pen test were basically rattling the door knob to see what opens. They were usually done to meet some compliance piece. In other words yep we had a pen test, do we care how long nope LOL
  • JDMurrayJDMurray Admin Posts: 13,014 Admin
    That reminds me of compliance regulations that say encryption must be used on all data, but do not specify which cryptosystems are acceptable for use. ROT13 OK? Yep! icon_eek.gif
Sign In or Register to comment.