Penetration testing Roadmap

frozenEyesfrozenEyes Member Posts: 18 ■■■□□□□□□□
Hi guys,

I want to start shifting my career into info sec Pentesting world, I have +7 years Network exp.
I hold CCNA(R&S)/CCNP(R&S)/CCIP/JNCIA/MCSA(2k3&2k12)/MCSE:PrivateCloud/VCA-DCV/VCP5-DCV/RHCSA/RHCE and also I have
Computer Network security Diploma from Ashworth collage .

No programming Background at all except simple Bash shell scripting skills.



so what are your suggestions for me ?

Comments

  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    If you want to get into penetration testing then sign up for the OSCP course.
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    /\
    ::
    ::

    Agreed. It's a good idea to have a foundation in programming and System Administration, but there is nothing keeping you from just signing up for the OSCP course and taking it.
  • frozenEyesfrozenEyes Member Posts: 18 ■■■□□□□□□□
    MrAgent wrote: »
    If you want to get into penetration testing then sign up for the OSCP course.
    /\
    ::
    ::

    Agreed. It's a good idea to have a foundation in programming and System Administration, but there is nothing keeping you from just signing up for the OSCP course and taking it.

    do you think i am ready to go for it directly ? and I won't need to go for any prerequisites?
  • veritas_libertasveritas_libertas Member Posts: 5,746 ■■■■■■■■■■
    I haven't personally gone through the OSCP, but you could google and read reviews on blog sites. It sounds like you could download Offensive Security's outline, figure out what kind of programming skills they want from you and spend some time learning it before jumping into their training. That's my uneducated assumption :)
  • docricedocrice Member Posts: 1,706 ■■■■■■■■■■
    I also recommend OSCP, although it's not one I've gone through. It's a very good value for the experience you get. There's more to pentesting than what the OSCP covers, but it's a great start.

    SANS has a curricula for their pentesting line-up which might give you an idea of other area(s) you could branch out to:

    https://www.sans.org/curricula/penetration-testing

    There are so many specializations that it's practically impossible to cover it all.
    Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/
  • MrAgentMrAgent Member Posts: 1,310 ■■■■■■■■□□
    The hardest thing in that course is the buffer over flow section, and its really not that difficult at all. You will need to be able to modify existing exploits, but that's also not a big deal.

    Since you have a Linux background, you will be fine.
  • dou2bledou2ble Member Posts: 160
    Just in case you don't already know all that Pentesting entails...Free Penetration Testing and Ethical Hacking Training Course - Cybrary
    2015 Goals: Masters in Cyber Security
  • frozenEyesfrozenEyes Member Posts: 18 ■■■□□□□□□□
    Thanks guys I will do it but i need some guidance

    First what are books i should read pre and during my journey?

    Second can i take the course only for now and schedule the exam later when i feel i am ready to go for it? or it's mandatory to go for the exam once i finish the course ?
  • mokazmokaz Member Posts: 172
    frozenEyes wrote: »
    Thanks guys I will do it but i need some guidance

    First what are books i should read pre and during my journey?

    Second can i take the course only for now and schedule the exam later when i feel i am ready to go for it? or it's mandatory to go for the exam once i finish the course ?

    You can schedule the training whenever you want / the included exam voucher has to be taken or scheduled within 90 days of your last labs day i think...

    i'd say go for it !!! There are a few TechExams'er currently in the process of taking PWK with OSCP as a target.. i'am starting this sunday..

    Books wise the things that I've always read about while reading OSCP subjets were these (and they are very good indeed):
    The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim
    Penetration Testing: A Hands-On Introduction to Hacking

    These are what i'm reading now in order to catch up and be ready:
    Penetration Testing with the Bash shell
    Python Penetration Testing Essentials
    Violent-Python-Cookbook-Penetration-Engineers

    Cheers,
    m.
  • frozenEyesfrozenEyes Member Posts: 18 ■■■□□□□□□□
    mokaz wrote: »
    You can schedule the training whenever you want / the included exam voucher has to be taken or scheduled within 90 days of your last labs day i think...

    i'd say go for it !!! There are a few TechExams'er currently in the process of taking PWK with OSCP as a target.. i'am starting this sunday..

    Books wise the things that I've always read about while reading OSCP subjets were these (and they are very good indeed):
    The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim
    Penetration Testing: A Hands-On Introduction to Hacking

    These are what i'm reading now in order to catch up and be ready:
    Penetration Testing with the Bash shell
    Python Penetration Testing Essentials
    Violent-Python-Cookbook-Penetration-Engineers

    Cheers,
    m.


    Thanks man :)
  • JetfuelJetfuel Registered Users Posts: 1 ■□□□□□□□□□
    Looking at going down the PenTesting route and stuggling to comprehend the various certs available and routes that are possible.
    I'm thinking of following something along the lines of this, and was wandering if someone in the know wouldn;t mind chiming in and nudging me in the right direction.

    Currenly studying for the MCSA 2008 (paid for by work/a requirement) Will be looking to take the 70-417 upgrade exam to MCSA 2012.

    MCSE
    Security+
    CCNA (Security)
    CEH
    GCIH
    GPEN
    GAWN
    GXPN
    CISSP
    OSCP
    OSCE

    How does that order sound? is there anything there that's out of place or sohuld be elsewhere in the flow?
  • beadsbeads Member Posts: 1,531 ■■■■■■■■■□
    Outside of the usual suspects and certifications I would highly recommend learning C and its variants, Java, Python, web development and at least one SQL (Oracle or Microsoft).

    I had this conversation with a recruiter today believe it or not, having to explain why I am no longer a good fit for pen-testing. I can train myself to get through a course, no problem but it wouldn't translate into be a particularly good pen-tester today.

    You really need the hard core development skills to truly be considered a good penetration tester these days. Otherwise, please consider yourself an advanced script kiddie like myself. icon_silent.gif

    - b/eads
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    beads wrote: »
    ..
    ...
    You really need the hard core development skills to truly be considered a good penetration tester these days. Otherwise, please consider yourself an advanced script kiddie like myself. icon_silent.gif

    - b/eads

    Interesting perspective. So are there good opportunities for those 'real pentesters' with hard core development skills? What kinda salary are we looking at? And where do they work?
    Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

    Learn GRC! GRC Mastery : https://grcmastery.com 

  • JoJoCal19JoJoCal19 Mod Posts: 2,835 Mod
    beads wrote: »
    You really need the hard core development skills to truly be considered a good penetration tester these days. Otherwise, please consider yourself an advanced script kiddie like myself. icon_silent.gif

    - b/eads

    I'm going to have to agree with you on this. Reading around on various places, especially the /r/netsec section on Reddit has really opened my eyes to how badly one really does need to have good knowledge of some programming languages in not just pentesting roles, but other senior/advanced security roles as well.

    For example on /r/netsec there was a guy who posted about a non-fix fix by D-Link. It looked like some patchwork by D-Link to fix a vulnerability didn't actually do what it was intended to do. But being able to look at software like that is a very valuable skill, and one I wish I had.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • BlackBeretBlackBeret Member Posts: 683 ■■■■■□□□□□
    Semantics aside, being a pentester is really dependent on the job description. I've seen some small teams where the pentester did the majority of the work, and I've seen large teams where they had separate positions for vulnerability assessor's to recon, scan, gather info; pentesters to penetrate deeper and really get in to the systems; and reverse engineers to do the hard core programming and analysis back in the labs.

    Defining a penetration tester might be a hard task in some cases, most really don't need to be hard core coders and here's why: EVERY system is going to be vulnerable in some way, shape, or form. A hard-core coder/hacker/reverse engineer will ALWAYS find a way in if they want in bad enough. Someone will find some 0day in a piece of software you use and get in. The purpose of a penetration test isn't to have a lab full of uber geeks hacking away at your network like you're a nuclear facility until they find the way in. The purpose of a penetration test is to test a companies security vulnerabilities against its risks. In 98% of environments this means testing basic - intermediate security practices and to use available tools, exploits, etc. You could call a penetration tester an advanced script kiddie, but with how advanced modern tools are that's more than enough for the job.

    Now don't get me wrong, improving your skills and going beyond what's needed adds value. I'm just playing devils advocate here.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    So there are only a few major pentesting certs worth while. From what I have found CEH is the most known aka most likely to get you past HR. It makes sense to get that first...path of least resistance even though OSCP seems to be the most proof based cert.

    Do you specifically want to pentest or in addition to your job? Obviously Cisco Security certs would be a familiar way to get your security appetite going.

    As far as programming...bash or shell, python, and perl are the heavy favorites in the security industry. For CEH not required. For OSCP they recommend familiarity with Linux and scripting but nothing outrageous. I believe that has been confirmed by others here.
  • ansel1261ansel1261 Member Posts: 24 ■■□□□□□□□□
    Working on my GCIH cert right now. If I had the time and money , I would love to take a shot at the GPEN.
  • adrenaline19adrenaline19 Member Posts: 251
    I'm taking the OSCP right now. You are ready to take it yourself. I wasn't nearly as advanced as you are.
Sign In or Register to comment.