SlideShare a Scribd company logo

The Pentester Blueprint: A Guide to Becoming a Pentester

G
gcara4

This document provides an overview of becoming a penetration tester or pentester. It discusses Phillip Wylie's background and experience in information security. It defines pentesting and explains why organizations use pentesting for security assessments and regulatory compliance. It outlines the skills, knowledge, and mindset needed to become a pentester including technological knowledge, hacking skills, and developing a "hacker mindset". It provides recommendations for building a home lab, recommended reading, learning resources, certifications, and tips for getting pentester jobs.

Technology
1 of 27
Download to read offline
The Pentester Blueprint: A Guide to Becoming a Pentester
whoami: Phillip Wylie, CISSP, OSCP, GWAPT Principal Pentester @ US Bank Adjunct Professor @ Richland College Ambassador @ Bugcrowd The Pwn School Project Founder • 21+ years IT and InfoSec experience • 6+ years system administration • 8 years network security & AppSec • 7 years pentesting (5 years consulting)
"With great power comes great responsibility." -Voltaire Only hack if you have permission and even better written permission. Hacking without permission is illegal.
What Is Pentesting? • Assessing security from an adversarial perspective, attempting to exploit vulnerabilities to gain unauthorized access to systems and sensitive data (aka hacking).
Why Pentesting? Security posture from an adversarial perspective • Better understanding of security risk severity • Exploitable vulnerabilities are higher risk and a higher priority for remediation as well as justification for budgeting.
Why Pentesting? • Regulatory Compliance - Required for PCI DSS (Payment Card Industry Data Security Standard) • Fun job • A lot of job opportunities
Pentesting Jobs • Penetration Testers aka Pentesters • Security Consultants, Analysts and Engineers
Pentesting Synonyms • Ethical Hackers • Offensive Security • Adversarial Security • Threat and Vulnerability Management
Pentesting Skills In Other Areas • SOC (Security Operations Center) Analysts • DFIR (Digital Forensics and Incident Response) • Network Security Analysts and Engineers • Purple Teams (where defensive and offensive security is combined) • Application Security
Types of Pentests: Targets • Network – Internal, External, Wireless • Application – Web App, Thick Client, Mobile, Cloud • Hardware –Network Hardware (routers, switches, etc.),IoT (Internet of Things), Medical Devices (pacemakers, insulin pumps, etc.) • Transportation – Vehicles of all types • People – Social Engineering • Buildings – Physical Security (often Included in Social Engineering
Types of Pentests: Target Knowledge • Black Box – limited to target IP’s, more of an attacker approach • White Box (aka Crystal Box) – detailed system info including accounts for app testing, documentation • Gray Box – partial knowledge of target, A cross Between the other two methods
Types of Tests: Testing Depth • Vulnerability Scans – just running a vulnerability scanner. • Vulnerability Assessments – vulnerability scanning plus vulnerability validation. • Pentest – Vulnerability Test plus exploitation (aka hacking) • Red Team/Adversarial Tests – testing blue teams, attack simulation, less restrictive scope
Specializations • Generalist – Network, WiFi, Light Web App • Application – Web App, Mobile, Thick Client • Social Engineering - People • Physical - Buildings • Transportation – Vehicles, Airplanes • Red Team – Adversarial Simulation
How Do I Become a Pentester? Technological Knowledge • Network • Operating Systems (especially Windows and Linux) • Security • Application • Hardware
How Do I Become a Pentester? Hacking Knowledge • Classes • Conferences • Meetings/Meetups • Self-Study • Home labs • Videos • Tutorials • Blogs and Articles • Twitter
How Do I Become a Pentester? Hacker Mindset The Hacker Mindset is the ability to think like a hacker and be able to find ways to exploit vulnerabilities. The Hacker Mindset is a culmination of creative and analytical thinking. Developing this mindset is similar to learning how to troubleshoot. The Hacker Mindset takes time and repetition to develop and is best developed by hands on hacking experience.
Pentester Blueprint Formula Technology Knowledge + Security Knowledge + Hacker Mindset
Where to start? ?
Developing a Plan Filling the Gaps • No IT Experience: Start with the basics, Operating Systems, Hardware, Networking • IT Experience: Learn Linux, security and Networking • InfoSec Experience: Fill in the gaps of any basics you’re missing, start learning pentesting/ethical hacking, participate in CTFs (capture The Flag) and bug bounties • Everyone: Build a lab!
Lab • Minimalist Lab – Virtualized Hosts (aka VMs) using VMWare, VirtualBox, Hypervisor, Etc. • Dedicated Lab – Computer dedicated to lab purposes with VMs • Advanced Lab – Servers, computers, routers and switches
Home Lab: Attack Platform • Kali Linux • Parrot OS (Linux) • Ubuntu w/ Pen Tester Framework (PTF) • Windows 10 w/ Commando VM
Home Lab: Targets • Create VM (Virtual Machine) Targets using VulnHub.com • Metasploitable 2 & 3 • OWASP Webgoat • Create your own VM Targets with vulnerable software from Exploit-DB.com
Recommended Reading Penetration Testing A Hands-On Introduction to Hacking The Hackers Playbook 2 & 3 The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws RTFM: Red Team Field Manual
Learning Resources • SANS Institute: sans.org • eLearn Security: eLearnSecurity.com • Virtual Hacking Labs: virtualhackinglabs.com • Pentester Academy: pentesteracademy.com • Pentester Lab: pentesterlab.com • Practical Pentest Labs: practicalpentestlabs.com • Bugcrowd University: bugcrowd.com/university/ • SANS Pentesting Blog: pen-testing.sans.org/blog/ • HackingTutorials.org • Cybrary.it • Web Security Academy: https://portswigger.net/web-security • owasp.org • Hack The Box: hackthebox.eu • Over The Wire CTF: overthewire.org/wargames/ https://thehackermaker.com/learning-resources/
Certifications Entry Level • CEH - eCCouncil • PenTest+ - CompTIA Intermediate • GPEN – SANS/GIAC • OSCP – Offensive Security Advanced • GxPN – SANS/GIAC • OSCE – Offensive Security
Job Tips • Professional Networking • Community: Clubs/groups and conferences • LinkedIn • Interview Tips • Prepare for interviews • Know the OWASP Top 10 • Be able to explain the basics like 3-way TCP handshake and OSI Model
Contact Phillip.Wylie@gmail.com @PhillipWylie /ln/PhillipWylie Ethical Hacking Class & Web App Pentesting @ Richland College TheHackerMaker.com The Pwn School Project PwnSchool.com

Recommended

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011securityaegis
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 

Recommended

WTF is Penetration Testing v.2
WTF is Penetration Testing v.2WTF is Penetration Testing v.2
WTF is Penetration Testing v.2Scott Sutherland
 
ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011ISACA Ethical Hacking Presentation 10/2011
ISACA Ethical Hacking Presentation 10/2011Xavier Mertens
 
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...
Open Secrets of the Defense Industry: Building Your Own Intelligence Program ...Sean Whalen
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingNetSPI
 
Professional Hacking in 2011
Professional Hacking in 2011Professional Hacking in 2011
Professional Hacking in 2011securityaegis
 
WTF is Penetration Testing
WTF is Penetration TestingWTF is Penetration Testing
WTF is Penetration TestingScott Sutherland
 
2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion Detection2023 NCIT: Introduction to Intrusion Detection
2023 NCIT: Introduction to Intrusion DetectionAPNIC
 
Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career pathVikram Khanna
 
What is pentest
What is pentestWhat is pentest
What is pentestitissolutions
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec CareerAndrew McNicol
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersFelipe Prado
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 

More Related Content

Similar to The Pentester Blueprint: A Guide to Becoming a Pentester

Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent ThreatsESET
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingAndrew McNicol
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationSatria Ady Pradana
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career pathVikram Khanna
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec CareerAndrew McNicol
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!Ammar WK
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersFelipe Prado
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive SecurityAndy Hoernecke
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information securityAnant Shrivastava
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityClaus Cramon Houmann
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Aaron Hnatiw
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive securityScott Behrens
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationJoshua Prince
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineLastline, Inc.
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxAnurag Srivastava
 

Similar to The Pentester Blueprint: A Guide to Becoming a Pentester (20)

Advanced Persistent Threats
Advanced Persistent ThreatsAdvanced Persistent Threats
Advanced Persistent Threats
 
Pentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated TestingPentesting Tips: Beyond Automated Testing
Pentesting Tips: Beyond Automated Testing
 
Python-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming OperationPython-Assisted Red-Teaming Operation
Python-Assisted Red-Teaming Operation
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
What is penetration testing and career path
What is penetration testing and career pathWhat is penetration testing and career path
What is penetration testing and career path
 
What is pentest
What is pentestWhat is pentest
What is pentest
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 
How To Start Your InfoSec Career
How To Start Your InfoSec CareerHow To Start Your InfoSec Career
How To Start Your InfoSec Career
 
A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!A Journey Into Pen-tester land: Myths or Facts!
A Journey Into Pen-tester land: Myths or Facts!
 
DEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testersDEF CON 23 - Wesley McGrew - i hunt penetration testers
DEF CON 23 - Wesley McGrew - i hunt penetration testers
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
The Joy of Proactive Security
The Joy of Proactive SecurityThe Joy of Proactive Security
The Joy of Proactive Security
 
Career In Information security
Career In Information securityCareer In Information security
Career In Information security
 
Defending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricalityDefending Enterprise IT - beating assymetricality
Defending Enterprise IT - beating assymetricality
 
Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017Security Training: Making your weakest link the strongest - CircleCityCon 2017
Security Training: Making your weakest link the strongest - CircleCityCon 2017
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 
Owasp joy of proactive security
Owasp joy of proactive securityOwasp joy of proactive security
Owasp joy of proactive security
 
Inetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentationInetsecurity.in Ethical Hacking presentation
Inetsecurity.in Ethical Hacking presentation
 
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with LastlineReacting to Advanced, Unknown Attacks in Real-Time with Lastline
Reacting to Advanced, Unknown Attacks in Real-Time with Lastline
 
Thick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptxThick client pentesting_the-hackers_meetup_version1.0pptx
Thick client pentesting_the-hackers_meetup_version1.0pptx
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

The Pentester Blueprint: A Guide to Becoming a Pentester

  • 1. The Pentester Blueprint: A Guide to Becoming a Pentester
  • 2. whoami: Phillip Wylie, CISSP, OSCP, GWAPT Principal Pentester @ US Bank Adjunct Professor @ Richland College Ambassador @ Bugcrowd The Pwn School Project Founder • 21+ years IT and InfoSec experience • 6+ years system administration • 8 years network security & AppSec • 7 years pentesting (5 years consulting)
  • 3. "With great power comes great responsibility." -Voltaire Only hack if you have permission and even better written permission. Hacking without permission is illegal.
  • 4. What Is Pentesting? • Assessing security from an adversarial perspective, attempting to exploit vulnerabilities to gain unauthorized access to systems and sensitive data (aka hacking).
  • 5. Why Pentesting? Security posture from an adversarial perspective • Better understanding of security risk severity • Exploitable vulnerabilities are higher risk and a higher priority for remediation as well as justification for budgeting.
  • 6. Why Pentesting? • Regulatory Compliance - Required for PCI DSS (Payment Card Industry Data Security Standard) • Fun job • A lot of job opportunities
  • 7. Pentesting Jobs • Penetration Testers aka Pentesters • Security Consultants, Analysts and Engineers
  • 8. Pentesting Synonyms • Ethical Hackers • Offensive Security • Adversarial Security • Threat and Vulnerability Management
  • 9. Pentesting Skills In Other Areas • SOC (Security Operations Center) Analysts • DFIR (Digital Forensics and Incident Response) • Network Security Analysts and Engineers • Purple Teams (where defensive and offensive security is combined) • Application Security
  • 10. Types of Pentests: Targets • Network – Internal, External, Wireless • Application – Web App, Thick Client, Mobile, Cloud • Hardware –Network Hardware (routers, switches, etc.),IoT (Internet of Things), Medical Devices (pacemakers, insulin pumps, etc.) • Transportation – Vehicles of all types • People – Social Engineering • Buildings – Physical Security (often Included in Social Engineering
  • 11. Types of Pentests: Target Knowledge • Black Box – limited to target IP’s, more of an attacker approach • White Box (aka Crystal Box) – detailed system info including accounts for app testing, documentation • Gray Box – partial knowledge of target, A cross Between the other two methods
  • 12. Types of Tests: Testing Depth • Vulnerability Scans – just running a vulnerability scanner. • Vulnerability Assessments – vulnerability scanning plus vulnerability validation. • Pentest – Vulnerability Test plus exploitation (aka hacking) • Red Team/Adversarial Tests – testing blue teams, attack simulation, less restrictive scope
  • 13. Specializations • Generalist – Network, WiFi, Light Web App • Application – Web App, Mobile, Thick Client • Social Engineering - People • Physical - Buildings • Transportation – Vehicles, Airplanes • Red Team – Adversarial Simulation
  • 14. How Do I Become a Pentester? Technological Knowledge • Network • Operating Systems (especially Windows and Linux) • Security • Application • Hardware
  • 15. How Do I Become a Pentester? Hacking Knowledge • Classes • Conferences • Meetings/Meetups • Self-Study • Home labs • Videos • Tutorials • Blogs and Articles • Twitter
  • 16. How Do I Become a Pentester? Hacker Mindset The Hacker Mindset is the ability to think like a hacker and be able to find ways to exploit vulnerabilities. The Hacker Mindset is a culmination of creative and analytical thinking. Developing this mindset is similar to learning how to troubleshoot. The Hacker Mindset takes time and repetition to develop and is best developed by hands on hacking experience.
  • 19. Developing a Plan Filling the Gaps • No IT Experience: Start with the basics, Operating Systems, Hardware, Networking • IT Experience: Learn Linux, security and Networking • InfoSec Experience: Fill in the gaps of any basics you’re missing, start learning pentesting/ethical hacking, participate in CTFs (capture The Flag) and bug bounties • Everyone: Build a lab!
  • 20. Lab • Minimalist Lab – Virtualized Hosts (aka VMs) using VMWare, VirtualBox, Hypervisor, Etc. • Dedicated Lab – Computer dedicated to lab purposes with VMs • Advanced Lab – Servers, computers, routers and switches
  • 21. Home Lab: Attack Platform • Kali Linux • Parrot OS (Linux) • Ubuntu w/ Pen Tester Framework (PTF) • Windows 10 w/ Commando VM
  • 22. Home Lab: Targets • Create VM (Virtual Machine) Targets using VulnHub.com • Metasploitable 2 & 3 • OWASP Webgoat • Create your own VM Targets with vulnerable software from Exploit-DB.com
  • 23. Recommended Reading Penetration Testing A Hands-On Introduction to Hacking The Hackers Playbook 2 & 3 The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws RTFM: Red Team Field Manual
  • 24. Learning Resources • SANS Institute: sans.org • eLearn Security: eLearnSecurity.com • Virtual Hacking Labs: virtualhackinglabs.com • Pentester Academy: pentesteracademy.com • Pentester Lab: pentesterlab.com • Practical Pentest Labs: practicalpentestlabs.com • Bugcrowd University: bugcrowd.com/university/ • SANS Pentesting Blog: pen-testing.sans.org/blog/ • HackingTutorials.org • Cybrary.it • Web Security Academy: https://portswigger.net/web-security • owasp.org • Hack The Box: hackthebox.eu • Over The Wire CTF: overthewire.org/wargames/ https://thehackermaker.com/learning-resources/
  • 25. Certifications Entry Level • CEH - eCCouncil • PenTest+ - CompTIA Intermediate • GPEN – SANS/GIAC • OSCP – Offensive Security Advanced • GxPN – SANS/GIAC • OSCE – Offensive Security
  • 26. Job Tips • Professional Networking • Community: Clubs/groups and conferences • LinkedIn • Interview Tips • Prepare for interviews • Know the OWASP Top 10 • Be able to explain the basics like 3-way TCP handshake and OSI Model
  • 27. Contact Phillip.Wylie@gmail.com @PhillipWylie /ln/PhillipWylie Ethical Hacking Class & Web App Pentesting @ Richland College TheHackerMaker.com The Pwn School Project PwnSchool.com