Advice on PURELY OFFENSIVE InfoSec Path (Web+Mobile+Application hacking)

emessplayaemessplaya Registered Users Posts: 2 ■□□□□□□□□□

I've been lurking on the forums for a while trying to find the answer to my questions. I've gone through many threads but I believe that my situation is somewhat....shall we say....."unique", so I felt I had to create my own thread

Most of the people I see posting threads or even the stickies in InfoSec section are more geared towards people wanting to be admins/consultants etc, or where they're required to work FOR a company. And they have their limitations such as financial/work/college/other commitments etc. None of this applies to my situation. I work for myself, am quite comfortable and as far as time goes, for the benefit of doubt we'll say I have at least 10 spare hours everyday where I'm not "tied down" by anything and I can just learn and hack away.

Now here's my situation.

I am looking for what skills/certification(if necessary) I can acquire that could help me on my path to being a solely offensive web, mobile and application tester.

I want to be concentrating on these fields solely in the offensive, though I want to say right off the bat that this endeavor is still (in my eyes) in the WhiteHat, maybe GreyHat areas (think bug bounty programs or something along those lines)

I have looked at courses for Network+, Security+, SCNP etc to see if they could in any way supplement or further my knowledge however they're all related to DEFENSIVE side or ADMINISTRATIVE side of things. Therein lies my problem, those courses being more related to networks or even specific vendors (I'm looking at you CCNA Security, CCSP) rather than web, mobile and/or applications exploiting (yes I know EC Council has a Mobile Hacking and Forensics training course/certification but they aren't known for their rigor or depth).

I'm not concerned with defensive/admin side of things. I'll never be working for a specific company with these skills (like I said think bug bounty). I'm not going to be stuck doing mundane, everyday routine tasks that admin/security consultants might do so I'm not interested in going the general path everyone is recommended (from what I see Network+, Sec+ - GSEC/CEH/OSCP and onwards)

So Techexams. Tell me where I can concentrate my efforts!

A little bit about me

I create websites (mobile friendly, XBrowser)
I am a programmer (Python, Java, C++, Ruby, Ruby on Rails, .Net)
I design and write Apps (Android and iOs, Windows soon if I bother with C#)
Been messing about and involved with computers since I was 10

I am currently learning x86 Assembly and Machine Language(overkill I know but I'm all about rigor) and familiarising myself with RE, API's, OllyDBG, IDA and a few other tools and concepts that I think could potentially further my attack surface to MMORPG's (again White/GreHat where I report these to the companies e.g. I remember when Rift, or was it Tera? first came out and it was Pay2Play, one guy found a major exploit in their game, reported it and got a free lifetime subscription to the game with some added bonuses)

Guide me, master Jedi's


  • Options
    thatguy67thatguy67 Member Posts: 344 ■■■■□□□□□□
    You probably want to look into the GIAC certifications, or at least the SANS course offerings. Also watch videos from Black Hat, Def Con, etc. There are a few books related to your interests, one series that comes into mind is "Hacker's Handbook"...there is a Web Application Hacker's Handbook.
    2017 Goals: []PCNSE7 []CCNP:Security []CCNP:R&S []LCDE []WCNA
  • Options
    emessplayaemessplaya Registered Users Posts: 2 ■□□□□□□□□□
    I watch BlackHat and Defcon And Rubicon And SchmooCon (all the Cons you could think of) videos already. Since I have such a time surplus it's what I mostly end up doing. I will look into the GIAC certifications. Though I do have some GSEC material that my friend handed over to me and I must say, the little of what I have even they seem to be concentrating on the network and administrative side of things

  • Options
    ZoovashZoovash Member Posts: 84 ■■□□□□□□□□
    If you''re going for web pentesting you'll probably need some networking knowledge, so having at least the basics couldn't hurt you. From the sounds of it, you might be ready for OSCP, since it's a highly offensive course, but this also requires some networking and a few administrative knowledge.
    If you're interested in purely web/mobile field, check out eLearnSecurity , as they have a few courses that might be of interest to you. Also check the '... Hacker's Handbook' series mentioned before, there's a lot of topics you can choose from.
  • Options
    ramrunner800ramrunner800 Member Posts: 238
    OSCP is a great course, but beware, it's very light on webapp testing. It's concentration is heavily on the side of network pentesting, and there's a sprinkling of webapp involved. To start off I would pick up the Web Application Hacker's Handbook, and some vulnerable webapps like Webgoat, Damn Vulnerable Web Application, and Mutillidae, and practice the techniques in the book. That will keep you busy for quite awhile. After you get what you can from that, there are some webapp pentesting courses out there. The author of the Handbook teaches one at some con's, and so does offsec. The offsec course may be available online soon. The only other courses I personally know of are the eLearn Security courses. I don't have 1st hand experience with them, but I've heard good things and plan on taking ePPT and WAPT in the new year.
    Currently Studying For: GXPN
  • Options
    wes allenwes allen Member Posts: 540 ■■■■■□□□□□
    I would think you should sign up for 90 days of OSCP. If that goes well, then move on to a webapp testing course, or just start working against the vulnerable apps mentioned above. With your programming background, and free time, in six months, you can pick up a lot of new stuff. You may also look at the OSCP Cracking the Perimeter course, or signing up for thier webapp course at a Con.

    As a PS, Pen testers that can provide defensive solutions to the issues they uncover are far more valuable then ones that are offense only. So, knowing how to defend is also a good skill to have, even for offensive people. And the same goes for blue team - they should do some red team training as well.
  • Options
    philz1982philz1982 Member Posts: 978
    I would go for the AWAE, Advanced Web Application Exploitation if you can afford the 5k + Travel. I just finished a course taught based on WAHHv2 and will be taking an advanced Web Application hacking course this summer. My goal is to start my own Pentesting company in the next 5 years.
  • Options
    SephStormSephStorm Member Posts: 1,731 ■■■■■■■□□□
    ELS has web based attack courses, as does Offensive Security IIRC.
  • Options
    tigermantigerman Member Posts: 31 ■■□□□□□□□□
    emessplaya ,

    Where do you start: well most of what you want to learn comes in to existence form the Linux world? if you want to be a good Offensive Security hacker then you need to start by having a greater understanding of Linux in general. More specifically the security shell has I like to refer to them. Backtrack, Knoppix , Kali and etc. sound a bit lam, but I start by pick up and reading a bunch of Linux books.

    I quote form a famous book Art of War " To defeat one enemy, one must first know one enemy" . The same is true here. Offensive Security is only truly effective when one knows one target.

    (Now note: For what you want, there isn't a lot of certification out there, at least in the tradition since.)

    Once you have a great master over Linux. Then we can really get start, but it going to be tough if you don't have a good understanding of Linux and the Linux world.

    Next you going to want to familiarize yourself with metasploit. www.metasploit.com

    Metasploit is Vulnerability Scanner, a great source for finding and creating exploits. which really come in handy during an attack. an important tool in any Offensive Security arsenal.

    you’re probably ready aware of these cert, but these certification are really some of the best out there for this sort of stuff: Offensive Security Certified Professional (OSCP) follow by Offensive Security Web Expert. http://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

    some other certification you may want to consider include :

    CEPT – Certified Expert Penetration Tester - this certification is most design around offensive penetration on the code side of things. which is more in line with what you try to achieve.

    You may also find these helpful:
    GIAC - Mobile Device Security Analyst
    CompTIA Mobile App Security+ certification
    CPTC – Certified Penetration Testing Consultant
    CPTE – Certified Penetration Testing Engineer

    The rest of your education is going to come for book, competition and other profession . (Be glad to give you a list of the best book and meets. ) Has I been saying, there not a lot out there.

    Some advice, Join your local Hacker space group, ever state has one and compete in the capture flag games. Best legal way to hone your skills and get notice for actual jobs (that pay (well)) .

    Now May The Force BE WITH !

    Jedi !
  • Options
    lsud00dlsud00d Member Posts: 1,571
    Just adding to the conversation since I didn't see it mentioned here, but get intimately familiar with OWASP, and specifically their top 10 list. Automated vulnerability scanners have 'OWASP' scans but being able to manually apply these techniques/attacks and understanding them is a crucial skill for web pen testing.
Sign In or Register to comment.