Aspiring penetration tester: need help choosing my next cert

errorondefaulterrorondefault Member Posts: 7 ■□□□□□□□□□
Hi,

I've been reading the forums but haven't found exactly what I'm looking for. But first a little backround.

I'm 23 years old and live currently in Italy but will be seeking employment in Germany (I'm actually from Germany). Currently enrolled in Computer Science B.Sc. online degree, which I'm taking aside my job. I work as assistant in the IT-department of a company that has about 500 workstations. I do everything from system administration to fixing hardware.

Now I really want to start working as penetration tester (trainee or working student) with a company back home in Germany. I recently got the Security+ and am now thinking about taking my next certification to help me get into a company.

I can't go for the OSCP because in the current situation I'm in I wont be able to get enough hands on lab time, but I can get lots of time on the books.

Looking forward to your suggestions. Thank you!

Sincerely,
Dan

Comments

  • UncleBUncleB Member Posts: 417
    Hello Dan, here are a few thoughts:

    1 - Are there any local computer clubs or organisations where you can join like minded people and set up a lab to get / share the experience?

    2 - Can you get a hold of older IT kit and setup your own lab? eBay / Craigslist etc are good sources of usable equipment sometimes.

    3 - See if there are any security companies locally who would give you some unpaid work in return for access to their stuff and maybe some mentoring. You probably will have to make the coffee, run errands etc but it is a tried and tested way to exchange your low value time for their setup and more valuable time.

    4 - Look at cheap online courses that give lab access. I don't know what is available but sometimes other education establishments give access to this sort of stuff for a few hundred dollars (eg Stanley Community College do a VMWare course used by quite a few on these boards). It is all distance learning so you just need a computer with internet access.

    Let us know what you find.
    Iain
  • OctalDumpOctalDump Member Posts: 1,722
    Pentesting kind of means hands on. It's just one of those things. The Offensive Security and eLearnSecurity, along with Mile2, are probably the best options for certification, but they are all hands on with lots of labbing (their virtual labs, not so much needed your own). You could take the CEH with not too much labbing.

    Offensive Security has a free Metasploit course, and there's a lot of videos and courses on Kali.

    There are lots of good books you can read on pentesting. Some good ones are: Gray Hat Hacking: The Ethical Hacker's Handbook, Penetration Testing: A Hands-On Introduction to Hacking, Hacking: The Art of Exploitation, and the Hacking: Exposed series.
    2017 Goals - Something Cisco, Something Linux, Agile PM
  • veritas_libertasveritas_libertas CISSP, GIAC x5, CompTIA x5 Greenville, SC USAMember Posts: 5,746 ■■■■■■■■■■
    Have you looked at the eCPPT or eJPT from eLearnSecurity? As others said, it's VERY hand's on and requires experience through labs or pen testing competitions. Check out https://www.elearnsecurity.com
  • JoJoCal19JoJoCal19 California Kid Mod Posts: 2,832 Mod
    As OctalDump said, pentesting is a hands on kind of thing, so you're going to have to lab and get your hands dirty so to speak. It seems you have an issue with getting time to lab. In this case I'd recommend eLearnSecurity's PTS or PTP course, Elite version. You'll have plenty of time to get through the material, even in a slow manner.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, OCI Foundations Associate, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • errorondefaulterrorondefault Member Posts: 7 ■□□□□□□□□□
    Thanks to all your suggestions!
    I decided that I should probably work on the foundations first and chose to go for the CCNA and meanwhile try to land a working-student job in the infosec industry!

    Sincerely,
    Dan
  • Dr. FluxxDr. Fluxx Member Posts: 98 ■■□□□□□□□□
    They have machines you can work on with over at VULNHUB with walkthroughs. That may help with actual hands on.
    Udemy has some good courses too and for CHEAP.
    Namely:

    Learn Ethical Hacking From Scratch
    Zaid Sabih

    Learn Website Hacking / Penetration Testing
    Same instructor.
  • OhmjonesOhmjones Member Posts: 10 ■□□□□□□□□□
    exploit-exercises.com; start with Nebula. There are some walkthroughs, but they won't get you through the entire VM.

    Once you've tackled all of those exploit-exercises, you're sure to find other vm's at vulnhub to be a lot easier.
  • McxRisleyMcxRisley OSCP, CASP, CySA+, CPT+, Sec+, CEH, Splunk Admin Member Posts: 494 ■■■■■□□□□□
    If you wana do pen testing you're going to have to get hands-on experience. You can't just read a book and be the worlds most 1337 haxor, it's gona take hours and hours of dedicated practice in a lab environment. So if you can't get any hands-on experience then you may want to think about picking a different interest. All of the suggestions above are great advice, especially the courses by zaid on udemy.
    I'm not allowed to say what my previous occupation was, but let's just say it rhymes with architect.
Sign In or Register to comment.