Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Education & Development
Jobs and Careers
Getting started in Pentesting.
Itrimble
I'm looking to make the switch to security. Specifically Pentesting. Anyone have any insights on what education / Certs I would need to get started in this endeavor.
Ive re read that Python is a good scripturing language to learn.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
philz1982
What aspect of pentesting? Network, web apps, physical/red team, compliance, ect.
Itrimble
Physical, network.
Cyberscum
Get a free copy of Kali and have fun.
Expect
if you want to start Pentesting make sure you know infrastructure and network to a satisfying level (in my opinion...at least equal to an administrator level)
you can't secure a system if you don't know the bits and bytes of all available platforms (Microsoft server, Linux/Unix).
to be a good penetration tester you also need to understand code, Python / Bash / Ruby will be a good start for you. (I would recommend bash first). you will often find yourself building your own set of tools... I recommend the "Coding for penetration testers" by Syngress, it teaches Python, Bash Perl and Ruby (specifically tools for enumerations and scannings)
afterwards you need to understand offensive security techniques, web application penetration testing, network attacks, shellcodes, enumeration etc. have a look at OWASP.
I think the OSCP might give you a good grasp of how to start with penetration testing. it teaches the basics and then advances to higher levels.
Itrimble
Thanks
@CyberScum
,
@Philz1982
, and
@Expect
.
I downloaded the Coding for Penetration Testers book. I also signed up for the eCPPT student course as well as the intro to Python and Linux course at EdX.
After these courses I can then start to explore OWASP and OSCP.
Any other courses /videos / lectures I should be aware of ?
veritas_libertas
I'd argue the need to take a good formal class. This helps to create a structured approach. The eLearnSecurity student course is a good start. I haven't taken their eCPPT course yet so I can't comment on it. I'm currently studying for the SANS GPEN certification and the class has been very enlightening. Do create a pen testing lab. I purchased a PC to use for an ESXI host that I can place VMs such as
https://information.rapid7.com/metasploitable-download.html
on.
ramrunner800
I definitely second building a pentesting lab. You can do it totally for free with virtualbox and vulnhub.com. I've taken both eCPPT and PWK, and both have their merits. I wouldn't bother with the eLearnSecurity certification, but the course itself is really good. It's more in depth and broader in scope than PWK (things like shellcoding, malware, and rootkits are beyond the scope of PWK). The real advantage of PWK is the lab environment, which is second to none.
Itrimble
@VERITAS_LIBERTAS
I'm looking at the GIAC Gpen course website. Did you attend the live training or do it on-demand ?
veritas_libertas
OnDemand. It's not cheap, but my employer has been kind enough to fund my training.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
