Questions regarding how to get started as a red teamer 0 experience

I wanted to get into penetration testing/red team or eventually bug bounty and don't have a clue on how to get started and what to do. Currently I am taking a course on penetration testing titled "learn hacking from scratch" by ZSecurity off udemy. I bought this course as extensive research has led to believe that this course is a great intro to intermediate at best course and is fine, I done about 7 chapters in and have begun searching for jobs/internships as I lack experience. I have also tried HTB and picoCTF tho didn't get far with either of them but they sort of helped at least the machine labs. My goal is to get my oscp in the 6-8 months of solid dedication to studying for this penetration testing. I do not have an IT background and although it does say on their website that recommended is 5yr experience which I lack, I figured I'll be making up said experience thru HTB. My question are, 1. where should I go to next after finishing ZSecurity course or should I switch to a diff course? 2. How can I get a job/internship as 95% of my research of this has led me to believe an entry level position = min 3 yrs of experience that I do not have/ dont know how to get foot into the door of red team. and 3. For those that did take the oscp/studying for them, any tips as to what should I take course wise, learning material, and/or prerequisite certs (although frowned upon, CEH) etc?

Thanks in advance

Find more posts tagged with

introduction

help

oscp

red team

Accepted answers

All comments

JDMurray

What other work areas do you have experience in that you could leverage to be useful in a pentesting job? Helpdesk, systems admin, programming, or tech writer? There is a lot of report writing and documenting required by pentesting job that sites like HTB, THM, and udemy do not give you experience in doing.

ShiroShizuo

JDMurray said:

What other work areas do you have experience in that you could leverage to be useful in a pentesting job? Helpdesk, systems admin, programming, or tech writer? There is a lot of report writing and documenting required by pentesting job that sites like HTB, THM, and udemy do not give you experience in doing.

eh tbh I don't have other tech experience other than if considered, monkeying around on kali linux with burpsuite attempting to break a htb machine, so far did Knife tho took me a while but did it. Another factor that kind of didn't help is attending university full time at 20 credit hrs so I didn't really have time for a job and balancing out classes. Now that I'm out of school I've sort of been working as an electrician but that in my opinion is irrelevant to tech as all I do is wire up siemen and ls electric inverters used to regulate current being supplied to a garage door motor for airplane hangers. if it is relevant please I'd like to know as I don't see how it is

srothman

TCM Security, Inc. (tcm-sec.com)

Quality, affordable, foundational education that'll set you up for the rest.

Best advice I can give is to just get started. I made a HUGE mistake thinking I had to do a bunch of courses and certification to be good enough to start, and that ended up being the biggest roadblock of all of them. That and wanting to learn everything about everything, especially when time is not a luxury you have.

Learn the basics. I've found Portswigger's Academy to be very good at explaining some of the concepts, and from there it's a matter of just learning more and applying what you learn. There are a bunch of bug bounty programs out there you can join to start exploring. For example, pick a vulnerability like SQL Injection, and spend time really learning what it is, how it works, why it works, and most importantly how to defend against it. Go and look for SQL Injection vulnerabilities everywhere. You might not find any, but you're learning how to look for them. Sooner or later you'll find one.

And yes.... TOOOOONS of report writing....