Looking for a Pen Testing Mentor
tombowyer2007
Registered Users Posts: 1 ■□□□□□□□□□
in Off-Topic
I am new to the IT cert process, been working in IT for about 6 years now without a degree or a single cert. I will be enrolling into WGU here in August for the B.S IT program with an emphasis on security. I am looking for a sort of road map into the Pen Testing field, as this is my dream job. Here is a little background information on me: Veteran, did 5 years in the Air Force. Worked as an IT Specialist for the DHS. Working in the gaming IT market now, which I hate. I have been playing with BackTrack 5 a lot but really can't do the things I want to try as they are illegal without premission. I also have been working on my programming skills . My first cert I want is Net+ then Sec+ and CCNA after that. I have two 2500s and a 2950 at my disposal (b-day present from the wifey). I guess what I'm trying to get at here is that I am looking for a sort of mentor to teach me the do's and dont's of pentesting.
Thanks
Thanks
Comments
-
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□I would suggest getting your CCNA, Sec+, and possibly some Linux certification before you start pushing for a Pentest mentor. Those certification will put you in a good position to start pentesting, as well as asking the right questions to a mentor.
I was in your position a while ago, wanting to do pentesting but there's soo much you need to know to become just a "decent" pentester. I would get a firm foundation in networking, windows, Linux, and possibly BASH/Python...then you'll be in a good place to start pentesting. -
Iristheangel Mod Posts: 4,133 ModI agree with YuckTheFankees. After you have some decent skills, I would recommend downloading BackTrack and learning the basics from the forums at backtrack-linux.org. If you get the basics down, you could always go for formal training at Offensive Security Training and Professional Services. I also saw a booth for thehackeracademy.com before but I've heard lukewarm reviews on them and they'd not pentest specific. Hopefully that gets you on the right track
-
Daniel333 Member Posts: 2,077 ■■■■■■□□□□I'd say go ahead and finish your CCNA: Security and MCSE: Security while getting active in your user community. Check back in with us after you have that cert under your belt. These cores skills will certainly help.-Daniel
-
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□I suggest checking this website out and the forums.
The Ethical Hacker Network
The Ethical Hacker Network - EH-Net - Index
The Ethical Hacker Network - Network Pen Testing
Pentest courses:
eLearnSecurity - Worldwide IT Security training providerBooya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
the_hutch Banned Posts: 827If you are wanting to start PenTesting, I highly recommend these two books. One covers wireless hacking with backtrack 5. The other covers PenTesting with Backtrack 4 (the 5 edition for this has not been released yet). If you get the ebooks, they are really cheap. I paid approx $40 for both. Each book will go through step by step instructions on how to set up your lab so that you can practice different types of attacks. The labs do assume the reader has at least a basic understanding of bash shell commands and TCP/IP fundamentals.Amazon.com: BackTrack 5 Wireless Penetration Testing Beginner's Guide (9781849515580): Vivek Ramachandran: Books
Amazon.com: BackTrack 4: Assuring Security by Penetration Testing (9781849513944): Shakeel Ali, Tedi Heriyanto: Books -
docrice Member Posts: 1,706 ■■■■■■■■■■There's a lot of interest in becoming a pentester these days, but I think a lot of people who are thinking of pursuing it don't realize that the technical aspect is a small part of the it. You really need to document and research well. Perhaps in many cases, you have to be able to really explain your findings and back up your claims because clients may not always agree, in which case you better be prepared to detail and defend your methodology.
Exploitation is probably the smallest part of the exercise.Hopefully-useful stuff I've written: http://kimiushida.com/bitsandpieces/articles/ -
the_hutch Banned Posts: 827jamesleecoleman wrote: »I suggest checking this website out and the forums.
The Ethical Hacker Network
The Ethical Hacker Network - EH-Net - Index
The Ethical Hacker Network - Network Pen Testing
The EH network has a decent community. But the website is run by retards... -
YuckTheFankees Member Posts: 1,281 ■■■■■□□□□□REMOVED UNNECESSARY QUOTE FROM PREVIOUS REPLY
What do you mean? -
the_hutch Banned Posts: 827REMOVED UNNECESSARY QUOTE FROM PREVIOUS REPLY
I tried to apply for an account. They then send me my password back to me in plain text. I then pointed out to them that for a security website, they aren't really following best practices. Then I'm pretty sure they deleted my account because I was never able to log on. When I emailed them and told them, they said they couldn't find an account for me. At that point...I just gave up. -
tpatt100 Member Posts: 2,991 ■■■■■■■■■□There's a lot of interest in becoming a pentester these days, but I think a lot of people who are thinking of pursuing it don't realize that the technical aspect is a small part of the it. You really need to document and research well. Perhaps in many cases, you have to be able to really explain your findings and back up your claims because clients may not always agree, in which case you better be prepared to detail and defend your methodology.
Exploitation is probably the smallest part of the exercise.
Excellent point -
zenhound Member Posts: 93 ■■□□□□□□□□Doing the documentation portion sounds fun to me, too. I've always wondered if having communication/writing skills could be useful in IT.
-
joshmadakor Member Posts: 495 ■■■■□□□□□□The EH network has a decent community. But the website is run by retards...
"Oops, we have your email address that you registered with as well as your password you use for everything, thanks for that!"WGU B.S. Information Technology (Completed January 2013) -
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□I forgot to add to look for "metasploitable". It's a vm image of a vulnerable machine. You can use backtrack to break into the machine. I also suggest reading Metasploit: The Penetration Testers Guide.
Metasploitable - Metasploit UnleashedBooya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
the_hutch Banned Posts: 827jamesleecoleman wrote: »I forgot to add to look for "metasploitable". It's a vm image of a vulnerable machine. You can use backtrack to break into the machine. I also suggest reading Metasploit: The Penetration Testers Guide.
Metasploitable - Metasploit Unleashed
+1 ....awesome recommendation -
jamesleecoleman Member Posts: 1,899 ■■■■■□□□□□Thanks!
Its really fun trying to break into this machine. There are some guides to do it online but its even better tying to break in without the guides.Booya!!
WIP : | CISSP [2018] | CISA [2018] | CAPM [2018] | eCPPT [2018] | CRISC [2019] | TORFL (TRKI) B1 | Learning: | Russian | Farsi |
*****You can fail a test a bunch of times but what matters is that if you fail to give up or not***** -
noobsrevenge Member Posts: 29 ■□□□□□□□□□Listen close and you'll be able to practice hacking away till your hearts content
Install VMWare
Install GNS3
Setup something like the following
The clouds only represent virtual network adapters connecting my GNS topology to actual VMWare images. Thus you can connect as many OS's as your computer can handle to GNS. Throw a metasplotable webserver in there, a windows server, either throw backtrack on the same LAN or across a WAN and practice different scenarios etc.