1. PENETRATION TESTING
Pentester Career:
How to Begin
Someone starts with talking about degree, another says that
nothing except fundamentals matters. You can get some
significant part of whole knowledge before college even or do not
anything useful after degree even.
T
hat is not a talk about how your degree affects your skills, it does not affect, because
the practical skills might have something
with 'fundamentals' if they are on the same way
and lead you to the same goal. Not every country
has such educational institutes (maybe Germany
has). You are allowed to argue against both sides
or choose your own where there is a place to solve
different problems instead of misplacing them. This
case is often extended by certifications; it matters,
no doubt, especially when you know that someone
who hires you looks for it. However, you may find
another way to tell them you can manage with such
projects that depend on your additional skills such
as programming. I mean you can develop your
own tools/exploit by yourself, participate in opensource groups that aims it too, you can improve
some tool/exploitation mechanism or automatize
it, mix several tools, redevelop it even. It helps to
understand how OS components link and work together as well as break into system. In course of
debates which languages must be learnt, there are
two kinds that depend on OS (under Windows OS
– C/C++, Assembler, under Linux/RedHat/CentOS
– Python, Ruby). However, it does not mean you
should limit yourself to these languages, as a software develops with many other languages, software may have popular add-ons written by someStartKit 01/2013(01)
one who prefers .Net or have to use it.
Besides, do not forget you should not only develop something but pentest too. It does not mean
you should stop to improve your skills; there are
many out-of-box tools or solutions you have to
learn and use, like BackTrack. It must be a need to
improve or custom them in order to network, system or other specifications. Being a part of team,
like Hacker for Charity (http://www.hackersforcharity.org/), helps to collect all skills among system
security, network security, application security, etc.
On the another hand, getting forensics skills may
help too. Therefore, learning and practicing with
home networks, corporate sandboxes, bypassing
NAC, VLANs and finding loopholes in isolated segments that helps understanding stacks, buffer and
memory and their vulnerabilities. In addition, you
can learn specific technology such AVR: this kind
of programming involves a C/C++ knowledge as
well.
Anyway, first steps on this field might involve
reading books, but almost all of books (except Syngress Publishing house) are rewritten, redesigned
of each other that brings old techniques, and old
tools. So, it is better to find books such as shellcoders and grayhat-coders books and Pentest
guidelines (e.g. http://www.pentest-standard.org,
http://www.vulnapps.com/) and standards (NIST
Page 6
http://pentestmag.com

2. SP 800-42). As said earlier, you can not focus on
certain language, software or technology not to
end with pure knowledge. No one loves Delphi but
enough tools to research applications implement
Delphi libraries (and written too). You should collect information about every technology, system,
software from any possible sources:
• Infosecurity blogs, news (like http://www.vulnapps.com/ or http://exploit-exercises.com/)
• Books and ebooks (like The Art of Software Security Assessment, or The Art of Exploitation)
• Vulnerabilities domains (like http://www.exploitdb.com/)
• security conferences/events (each possible,
not only top known such DefCon)
• templates and charts (http://pentestmonkey.
net/category/cheat-sheet)
• special guidelines and frameworks (like OffSec
guidelines)
It is quite important to have all of these (and not
only them) skills, because the key difference between such tester and someone else is an ability to answer and explain vector attacks, potential ways to attacks, and discreet information you
have per each who you interact. It means don’t
overload CEO with full-detailed technical reports
generated by Nessus or another tool. As final
thoughts, you should have different broad skills on
• Networks solutions (software, protocols, and
hardware);
• Techniques of attacking and defensing of IDS,
Firewalls, AV, embedded and third party security software;
• Top known tools and software to gathering data;
• Forensics and intelligence techniques to get
evidence;
• Human security techniques (social engineering
and physical security);
• Participating at the CTFs and conferences;
• Simply be involved to gain and share knowledge with smart guys;
Good luck,
Yury Chemerkin
StartKit 01/2013(01)