Skills Roadmap for pentesting

SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
Hi all.

Over the next 6 months - yr I am planning to develop my offensive knowledge into skills that I can use to transition into pentesting. I'd like some help roadmaping specific targets I need to hit. I don't know exactly what I need, but at a minimum I know I will need to master commonly used tools. (I know tools are not what is important, but it is important to be able to sell knowledge of commonly used tools. Outside of that, i'm looking at methodologies, I don't know if there is a widely accepted methodology used in the industry like PTF or PTES, ect.

I appreciate any help you can provide.


  • RitualRitual Member Posts: 66 ■■□□□□□□□□
    ElearnSecurity, Offensive Security, Pentesters Academy would be good places to look. Even if you dont take their courses, you can see their syllabus. Which might give you some direction on what to learn.
    2016 goals - eJPT, MCSA Windows 10, something Linux
  • 636-555-3226636-555-3226 Member Posts: 975 ■■■■■□□□□□
    You've got the GPEN, might as well get the OSCP to round out the top pentesting certs. Otherwise I'd brush up on *nix & Windows/Powershell scripting. Become a master of the regular tools like kali, powersploit, hashcat, john, cain, burp, hydra, sqlmap, veil, etc etc etc. don't forget network skills here, too, probably with a Cisco focus. no need to hack into boxes if you can redirect network traffic to your host and listen in on anything unencrypted. i'm seeing a LOT of increased business for ICS testing, so that's a good niche to get into, esp. if you have any electrical engineering experience

    lots of ways to go with this one. pentesting is as broad as infosec itself.
  • UnixGuyUnixGuy Mod Posts: 4,564 Mod
    OSCP is king in pentesting!

    Learn GRC! GRC Mastery : 

  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Thanka, the certs will be something I look at (I have a eCCPT voucher) and access to the PWB material, but that will come down the line once I feel comfortable with the process and the tools. I know I have big gaps, that probably aren't as big as I think, that are in key areas. Like last night I was working on metasploitable. Got some good scans, info, finally found an exploit that was in msf, but couldn't get a session with it. I saw the exploit was completing and the payloads lookied mostly successful but no session. After a while I realized I could still execute commands so I got the system to push me a bash shell, non-interactive. Gave me access to a non-root service account, Which I need to figure out howto escalate privs. I know I will also need to learn how to read and modify exploits, and how to launch exploits against a remote system without msf.

    Maybe this info will be in my material somewhere. might just take time.

    636-555-3226, thanks for the tool list.
Sign In or Register to comment.