Penetration testing Roadmap

frozenEyes

Hi guys,

I want to start shifting my career into info sec Pentesting world, I have +7 years Network exp.
I hold CCNA(R&S)/CCNP(R&S)/CCIP/JNCIA/MCSA(2k3&2k12)/MCSE:PrivateCloud/VCA-DCV/VCP5-DCV/RHCSA/RHCE and also I have
Computer Network security Diploma from Ashworth collage .

No programming Background at all except simple Bash shell scripting skills.



so what are your suggestions for me ?

MrAgent

If you want to get into penetration testing then sign up for the OSCP course.

veritas_libertas

/\
::
::

Agreed. It's a good idea to have a foundation in programming and System Administration, but there is nothing keeping you from just signing up for the OSCP course and taking it.

frozenEyes

MrAgent wrote: »

If you want to get into penetration testing then sign up for the OSCP course.

veritas_libertas wrote: »

/\
::
::

Agreed. It's a good idea to have a foundation in programming and System Administration, but there is nothing keeping you from just signing up for the OSCP course and taking it.

do you think i am ready to go for it directly ? and I won't need to go for any prerequisites?

veritas_libertas

I haven't personally gone through the OSCP, but you could google and read reviews on blog sites. It sounds like you could download Offensive Security's outline, figure out what kind of programming skills they want from you and spend some time learning it before jumping into their training. That's my uneducated assumption

docrice

I also recommend OSCP, although it's not one I've gone through. It's a very good value for the experience you get. There's more to pentesting than what the OSCP covers, but it's a great start.

SANS has a curricula for their pentesting line-up which might give you an idea of other area(s) you could branch out to:

https://www.sans.org/curricula/penetration-testing

There are so many specializations that it's practically impossible to cover it all.

MrAgent

The hardest thing in that course is the buffer over flow section, and its really not that difficult at all. You will need to be able to modify existing exploits, but that's also not a big deal.

Since you have a Linux background, you will be fine.

dou2ble

Just in case you don't already know all that Pentesting entails...Free Penetration Testing and Ethical Hacking Training Course - Cybrary

frozenEyes

Thanks guys I will do it but i need some guidance

First what are books i should read pre and during my journey?

Second can i take the course only for now and schedule the exam later when i feel i am ready to go for it? or it's mandatory to go for the exam once i finish the course ?

mokaz

frozenEyes wrote: »

Thanks guys I will do it but i need some guidance

First what are books i should read pre and during my journey?

Second can i take the course only for now and schedule the exam later when i feel i am ready to go for it? or it's mandatory to go for the exam once i finish the course ?

You can schedule the training whenever you want / the included exam voucher has to be taken or scheduled within 90 days of your last labs day i think...

i'd say go for it !!! There are a few TechExams'er currently in the process of taking PWK with OSCP as a target.. i'am starting this sunday..

Books wise the things that I've always read about while reading OSCP subjets were these (and they are very good indeed):
The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim
Penetration Testing: A Hands-On Introduction to Hacking

These are what i'm reading now in order to catch up and be ready:
Penetration Testing with the Bash shell
Python Penetration Testing Essentials
Violent-Python-Cookbook-Penetration-Engineers

Cheers,
m.

frozenEyes

mokaz wrote: »

You can schedule the training whenever you want / the included exam voucher has to be taken or scheduled within 90 days of your last labs day i think...

i'd say go for it !!! There are a few TechExams'er currently in the process of taking PWK with OSCP as a target.. i'am starting this sunday..

Books wise the things that I've always read about while reading OSCP subjets were these (and they are very good indeed):
The Hacker Playbook: Practical Guide To Penetration Testing: Peter Kim
Penetration Testing: A Hands-On Introduction to Hacking

These are what i'm reading now in order to catch up and be ready:
Penetration Testing with the Bash shell
Python Penetration Testing Essentials
Violent-Python-Cookbook-Penetration-Engineers

Cheers,
m.

Thanks man

Jetfuel

Looking at going down the PenTesting route and stuggling to comprehend the various certs available and routes that are possible.
I'm thinking of following something along the lines of this, and was wandering if someone in the know wouldn;t mind chiming in and nudging me in the right direction.

Currenly studying for the MCSA 2008 (paid for by work/a requirement) Will be looking to take the 70-417 upgrade exam to MCSA 2012.

MCSE
Security+
CCNA (Security)
CEH
GCIH
GPEN
GAWN
GXPN
CISSP
OSCP
OSCE

How does that order sound? is there anything there that's out of place or sohuld be elsewhere in the flow?

beads

Outside of the usual suspects and certifications I would highly recommend learning C and its variants, Java, Python, web development and at least one SQL (Oracle or Microsoft).

I had this conversation with a recruiter today believe it or not, having to explain why I am no longer a good fit for pen-testing. I can train myself to get through a course, no problem but it wouldn't translate into be a particularly good pen-tester today.

You really need the hard core development skills to truly be considered a good penetration tester these days. Otherwise, please consider yourself an advanced script kiddie like myself.

- b/eads

UnixGuy

beads wrote: »

..
...
You really need the hard core development skills to truly be considered a good penetration tester these days. Otherwise, please consider yourself an advanced script kiddie like myself.

- b/eads

Interesting perspective. So are there good opportunities for those 'real pentesters' with hard core development skills? What kinda salary are we looking at? And where do they work?

JoJoCal19

beads wrote: »

You really need the hard core development skills to truly be considered a good penetration tester these days. Otherwise, please consider yourself an advanced script kiddie like myself.

- b/eads

I'm going to have to agree with you on this. Reading around on various places, especially the /r/netsec section on Reddit has really opened my eyes to how badly one really does need to have good knowledge of some programming languages in not just pentesting roles, but other senior/advanced security roles as well.

For example on /r/netsec there was a guy who posted about a non-fix fix by D-Link. It looked like some patchwork by D-Link to fix a vulnerability didn't actually do what it was intended to do. But being able to look at software like that is a very valuable skill, and one I wish I had.

BlackBeret

Semantics aside, being a pentester is really dependent on the job description. I've seen some small teams where the pentester did the majority of the work, and I've seen large teams where they had separate positions for vulnerability assessor's to recon, scan, gather info; pentesters to penetrate deeper and really get in to the systems; and reverse engineers to do the hard core programming and analysis back in the labs.

Defining a penetration tester might be a hard task in some cases, most really don't need to be hard core coders and here's why: EVERY system is going to be vulnerable in some way, shape, or form. A hard-core coder/hacker/reverse engineer will ALWAYS find a way in if they want in bad enough. Someone will find some 0day in a piece of software you use and get in. The purpose of a penetration test isn't to have a lab full of uber geeks hacking away at your network like you're a nuclear facility until they find the way in. The purpose of a penetration test is to test a companies security vulnerabilities against its risks. In 98% of environments this means testing basic - intermediate security practices and to use available tools, exploits, etc. You could call a penetration tester an advanced script kiddie, but with how advanced modern tools are that's more than enough for the job.

Now don't get me wrong, improving your skills and going beyond what's needed adds value. I'm just playing devils advocate here.

TechGuru80

So there are only a few major pentesting certs worth while. From what I have found CEH is the most known aka most likely to get you past HR. It makes sense to get that first...path of least resistance even though OSCP seems to be the most proof based cert.

Do you specifically want to pentest or in addition to your job? Obviously Cisco Security certs would be a familiar way to get your security appetite going.

As far as programming...bash or shell, python, and perl are the heavy favorites in the security industry. For CEH not required. For OSCP they recommend familiarity with Linux and scripting but nothing outrageous. I believe that has been confirmed by others here.

ansel1261

Working on my GCIH cert right now. If I had the time and money , I would love to take a shot at the GPEN.

adrenaline19

I'm taking the OSCP right now. You are ready to take it yourself. I wasn't nearly as advanced as you are.