Getting started in Pentesting.
Itrimble
Member Posts: 221
I'm looking to make the switch to security. Specifically Pentesting. Anyone have any insights on what education / Certs I would need to get started in this endeavor.
Ive re read that Python is a good scripturing language to learn.
Ive re read that Python is a good scripturing language to learn.
Goals for 2015 : Finish BS Network Administration at WGU
Become CCNA, CISSP, CEH, VCP5-10 Certified
Possible Start Masters in Information Security
Become CCNA, CISSP, CEH, VCP5-10 Certified
Possible Start Masters in Information Security
Comments
-
philz1982
Member Posts: 978
What aspect of pentesting? Network, web apps, physical/red team, compliance, ect.Read my blog @ www.buildingautomationmonthly.com
Connect with me on LinkedIn @ https://www.linkedin.com/in/phillipzito -
Itrimble
Member Posts: 221
Physical, network.Goals for 2015 : Finish BS Network Administration at WGU
Become CCNA, CISSP, CEH, VCP5-10 Certified
Possible Start Masters in Information Security -
Expect
Member Posts: 252 ■■■■□□□□□□
if you want to start Pentesting make sure you know infrastructure and network to a satisfying level (in my opinion...at least equal to an administrator level)
you can't secure a system if you don't know the bits and bytes of all available platforms (Microsoft server, Linux/Unix).
to be a good penetration tester you also need to understand code, Python / Bash / Ruby will be a good start for you. (I would recommend bash first). you will often find yourself building your own set of tools... I recommend the "Coding for penetration testers" by Syngress, it teaches Python, Bash Perl and Ruby (specifically tools for enumerations and scannings)
afterwards you need to understand offensive security techniques, web application penetration testing, network attacks, shellcodes, enumeration etc. have a look at OWASP.
I think the OSCP might give you a good grasp of how to start with penetration testing. it teaches the basics and then advances to higher levels. -
Itrimble
Member Posts: 221
Thanks @CyberScum, @Philz1982, and @Expect.
I downloaded the Coding for Penetration Testers book. I also signed up for the eCPPT student course as well as the intro to Python and Linux course at EdX.
After these courses I can then start to explore OWASP and OSCP.
Any other courses /videos / lectures I should be aware of ?Goals for 2015 : Finish BS Network Administration at WGU
Become CCNA, CISSP, CEH, VCP5-10 Certified
Possible Start Masters in Information Security -
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
I'd argue the need to take a good formal class. This helps to create a structured approach. The eLearnSecurity student course is a good start. I haven't taken their eCPPT course yet so I can't comment on it. I'm currently studying for the SANS GPEN certification and the class has been very enlightening. Do create a pen testing lab. I purchased a PC to use for an ESXI host that I can place VMs such as https://information.rapid7.com/metasploitable-download.html on. -
ramrunner800
Member Posts: 238
I definitely second building a pentesting lab. You can do it totally for free with virtualbox and vulnhub.com. I've taken both eCPPT and PWK, and both have their merits. I wouldn't bother with the eLearnSecurity certification, but the course itself is really good. It's more in depth and broader in scope than PWK (things like shellcoding, malware, and rootkits are beyond the scope of PWK). The real advantage of PWK is the lab environment, which is second to none.Currently Studying For: GXPN -
Itrimble
Member Posts: 221
@VERITAS_LIBERTAS I'm looking at the GIAC Gpen course website. Did you attend the live training or do it on-demand ?Goals for 2015 : Finish BS Network Administration at WGU
Become CCNA, CISSP, CEH, VCP5-10 Certified
Possible Start Masters in Information Security -
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
OnDemand. It's not cheap, but my employer has been kind enough to fund my training.
