Aspiring penetration tester: need help choosing my next cert

Hi,

I've been reading the forums but haven't found exactly what I'm looking for. But first a little backround.

I'm 23 years old and live currently in Italy but will be seeking employment in Germany (I'm actually from Germany). Currently enrolled in Computer Science B.Sc. online degree, which I'm taking aside my job. I work as assistant in the IT-department of a company that has about 500 workstations. I do everything from system administration to fixing hardware.

Now I really want to start working as penetration tester (trainee or working student) with a company back home in Germany. I recently got the Security+ and am now thinking about taking my next certification to help me get into a company.

I can't go for the OSCP because in the current situation I'm in I wont be able to get enough hands on lab time, but I can get lots of time on the books.

Looking forward to your suggestions. Thank you!

Sincerely,
Dan

Find more posts tagged with

Comments

UncleB

Hello Dan, here are a few thoughts:

1 - Are there any local computer clubs or organisations where you can join like minded people and set up a lab to get / share the experience?

2 - Can you get a hold of older IT kit and setup your own lab? eBay / Craigslist etc are good sources of usable equipment sometimes.

3 - See if there are any security companies locally who would give you some unpaid work in return for access to their stuff and maybe some mentoring. You probably will have to make the coffee, run errands etc but it is a tried and tested way to exchange your low value time for their setup and more valuable time.

4 - Look at cheap online courses that give lab access. I don't know what is available but sometimes other education establishments give access to this sort of stuff for a few hundred dollars (eg Stanley Community College do a VMWare course used by quite a few on these boards). It is all distance learning so you just need a computer with internet access.

Let us know what you find.
Iain

OctalDump

Pentesting kind of means hands on. It's just one of those things. The Offensive Security and eLearnSecurity, along with Mile2, are probably the best options for certification, but they are all hands on with lots of labbing (their virtual labs, not so much needed your own). You could take the CEH with not too much labbing.

Offensive Security has a free Metasploit course, and there's a lot of videos and courses on Kali.

There are lots of good books you can read on pentesting. Some good ones are: Gray Hat Hacking: The Ethical Hacker's Handbook, Penetration Testing: A Hands-On Introduction to Hacking, Hacking: The Art of Exploitation, and the Hacking: Exposed series.

veritas_libertas

Have you looked at the eCPPT or eJPT from eLearnSecurity? As others said, it's VERY hand's on and requires experience through labs or pen testing competitions. Check out https://www.elearnsecurity.com

JoJoCal19

As OctalDump said, pentesting is a hands on kind of thing, so you're going to have to lab and get your hands dirty so to speak. It seems you have an issue with getting time to lab. In this case I'd recommend eLearnSecurity's PTS or PTP course, Elite version. You'll have plenty of time to get through the material, even in a slow manner.

errorondefault

Thanks to all your suggestions!
I decided that I should probably work on the foundations first and chose to go for the CCNA and meanwhile try to land a working-student job in the infosec industry!

Sincerely,
Dan

Dr. Fluxx

They have machines you can work on with over at VULNHUB with walkthroughs. That may help with actual hands on.
Udemy has some good courses too and for CHEAP.
Namely:

Learn Ethical Hacking From Scratch
Zaid Sabih

Learn Website Hacking / Penetration Testing
Same instructor.

Ohmjones

exploit-exercises.com; start with Nebula. There are some walkthroughs, but they won't get you through the entire VM.

Once you've tackled all of those exploit-exercises, you're sure to find other vm's at vulnhub to be a lot easier.

McxRisley

If you wana do pen testing you're going to have to get hands-on experience. You can't just read a book and be the worlds most 1337 haxor, it's gona take hours and hours of dedicated practice in a lab environment. So if you can't get any hands-on experience then you may want to think about picking a different interest. All of the suggestions above are great advice, especially the courses by zaid on udemy.