Online Labbing/Question on potential skillset

Ok I know this has been asked and I have been looking for the thread but cannot find it for the life of me..

I have used a few websites and gone through some scenarios involving different techniques in regards to the various efforts that some pen testers go through in the daily trials.

I would really like to find a resource that has some positive feedback from the community here, considering what good company I am in I hope to find some good ones

Also, I am not a proficient programmer to say the least, yet have dabbled in C and VBscript, I also have had alot of experience in programming logic so in regards to code I can usually read it (unless its scripted powershell

) so I must ask, is having a good handle on alot of syntax very necessary for a lot of the techniques pen testers use in the wild? I see alot of SQL queries and a bit of javascript but I figure with a little googling you can usually come up with the commands you are looking for, of course this is blind ignorance by me so I am soliciting feedback on this as well.

So pretty much I want a free online lab to play in, that is not potentially going to be malicious or misleading and some feedback on required skillsets in regards to programming and all this for free

Thank you kindly for any and all advice and opinions, I look forward to your response!

Find more posts tagged with

Comments

dynamik

If you understand how things like cross-site scripting (XSS) and SQL-injection work, you can get by with a very basic understanding of the language. However, the more knowledge you have, the more you can do. You'll never pull something like this off if you're a programming legend: http://www.grc.com/dos/grcdos.htm (this is an amazing story -- check it out if you haven't seen it before)

I think the best way for you to get started would be to setup a virtual machine lab with Virtual PC 2007 or VMWare Workstation (You have to pay for this, but I prefer it). You can also get the free VMWare player and download a few Linux VMs and have them abuse each other. I'd page through a CEH book to get a better idea of what else you would need to get started.

liven

How are your networking skills?

Security/hacking is so multi dimensional. I work in security for a living, and we NEVER deal with the same thing twice.

Most of the attacks start coming in over the net. Then they move onto some sort of an exploit or attempted exploit of a vuln. But then again there is plenty of phishing and just good old trickery.

I would suggest diving deep into networking. Sure you can hack something if you can easily access it, via physically or over the network. But as time goes on this will be more and more difficult. Plus how often are you going to be able to bash on a potential target with out someone eventually telling you to stop?

Coding/programing is equally as important. I found that once I really dove into one language (Started with C) that most of the others were easier to understand. Now I have a strong preference in Perl. But I use Bash/Shell, PHP, VB, SQL, kix, etc.. etc.. everyday.

I would suggest working on some networking and some coding on a very regular basis. This will really open some doors for you.

Then do what dynamik suggested. Setup some virtual labs, if you can not afford a real one, and go to town.

At least that is my two cents.