Scott Sutherland, profile picture
Uploaded byScott Sutherland
PDF, PPTX2,060 views

WTF is Penetration Testing

Penetration testing, or 'pen testing', is the process of evaluating systems to identify vulnerabilities from a non-privileged user perspective, aimed at enhancing security and compliance. It involves various stakeholders like internal employees, security consultants, and third-party auditors, and combines both technical and non-technical skills. The document outlines common approaches, required skills, tools used, and career paths in penetration testing while emphasizing the importance of responsible hacking.

Embed presentation

Download as PDF, PPTX
WTF is Penetration Testing? An Overview of Who, What, Where, When, and Why Scott Sutherland Ryan Wakeham
Who are we? • Scott Sutherland Principle Security Consultant NetSPI • Ryan Wakeham Director of Consulting NetSPI
Presentation Overview • What is a “pen test”? • Why do companies “pen test”? • Who does “pen testing”? • What skills are required? ‒ Non Technical Skillset ‒ Basic Technical Skillset ‒ Offensive and Defensive Knowledge • What are some Common Tools? • Pen Testing as a Career • Attack Demo: SQL Inject World • Questions
What is Penetration Testing? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities from the perspective of an unprivileged or anonymous user to determine the real world impact…” “…legally and under contract”
Why do Companies Pen Test? • Compliance Requirements • Validate Existing Controls • Identify Unknown Security Gaps • Prioritize Existing Security Initiatives • Prevent Data Breaches • Test IDS / IPS / IRP
What are the Technical Objectives? • Client specific objectives first • Identify and verify all entry points • Identify critical escalation points • Gain unauthorized access to: ‒ Application functionality ‒ Critical systems ‒ Sensitive data
Assessment VS. Penetration • Vulnerability Assessment and Penetration Testing Answer: ‒ What are my system layer vulnerabilities? ‒ Where are my system layer vulnerabilities? ‒ How wide spread are my system layer vulnerabilities? ‒ Can I identify attacks? ‒ How do I fix my vulnerabilities?
Assessment VS. Penetration • Penetration Testing Answers: ‒ What are my high impact network layer issues? ‒ What are my high impact application layer issues? ‒ Can an attacker gain unauthorized access to: • critical infrastructure that provides privileged access or cause service disruptions • critical application functionality that the business depends on • sensitive data that the business would be required to report on if a breach occurs ‒ Can an attacker bypass our IPS / WAF? ‒ Can an attacker pivot from environment A to environment B?
Common Penetration Test Approach • Kickoff: Scope, cost, testing windows, risks etc • Information Gathering • Vulnerability Enumeration • Penetration • Escalation • Evidence Gathering (Pilfering) • Clean up • Report Creation • Report Delivery and Review • Remediation
Who Conducts Pen Testing? • Internal Employees • Security Analyst • Security Consultant • Third Parties • Audit Firms • Security Consultants
Rules of Engagement • Have fun, but…Hack Responsibly! • Written permission • Stay in scope • No DoS • Don’t change major state • Restore state • Clear communication
What Skills are Needed? • Non Technical • Basic Technical • Offensive • Defensive • Common Tools
Non Technical Skillset • Written and Verbal Communications • Emails/phone calls • Report development • Small and large group presentations • Professionalism • Respecting others, setting, and meeting expectations • Troubleshooting Mindset • Never give up, never surrender • Where there is a will, there is a way • Ethics • Don’t do bad things • Pros (career) vs. Cons (jail) • Hack responsibly
Basic Technical Skillset • Windows Desktop Administration • Windows Domain Administration • Linux and Unix Administration • Network Infrastructure Administration • Application Development • Scripting (Ruby, Python, PHP, Bash, PS, Batch) • Managed languages (.Net, Java, Davlik) • Unmanaged languages (C, C++)
Offensive and Defensive Knowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation (OWASP) • Reverse engineering client-server applications + AV Evasion • Social engineering techniques (onsite, phone, email)
Common Tools There are hundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
Common Tools That being said…
Common Tools • Knowledge > Tools • Understand the core technologies • Understand the core offensive techniques • Understand the core defensive techniques • Network Penetration Testing • BT, CAIN, YERSINIA, NCAT, NMAP, NESSUS, NEXPOSE, WCE, MIMIKATZ, AirCrack-ng, METASPLOIT… and NATIVE TOOLS! • Application Penetration Testing • BURP, ZAP, NIKTO, DIRBUSTER, SQLMAP, SQL Ninja, and BEEF…. and commercial tools
Pen Testing as a Career: Common Paths • Internal Paths • Help Desk • IT Support Internal employees • IT Admin often stay internal. • Security Analyst • Senior Security Analyst • Internal Consultant • CISO • Security Consulting Paths Security consultants • Internship often end up in • Consultant malware research or • Senior Consultant exploit • Principle Consultant • Team Lead development, but • Director some go corporate.
Pen Testing as a Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and Development • Contribute to open source projects • Present research at conferences • Training and Certifications • Community: DC612, OWASP, Conferences, etc • Professional ($): SANS, OffSec, CISSP, etc • Volunteer • Internships
BE SAFE and HACK RESPONSIBLY
Questions Questions, comments, curses?

More Related Content

PPTX
Penetration Testing
byMd Samsul Kabir
 
PPTX
WTF is Penetration Testing v.2
byScott Sutherland
 
PDF
Physical Penetration Testing - RootedCON 2015
byHykeos
 
PDF
What is pentest
byitissolutions
 
PDF
What is Penetration & Penetration test ?
byBhavin Shah
 
PDF
WTF is Penetration Testing
byNetSPI
 
PDF
Declaration of Mal(WAR)e
byNetSPI
 
PDF
DECEPTICONv2
by👀 Joe Gray
 
Penetration Testing
byMd Samsul Kabir
 
WTF is Penetration Testing v.2
byScott Sutherland
 
Physical Penetration Testing - RootedCON 2015
byHykeos
 
What is pentest
byitissolutions
 
What is Penetration & Penetration test ?
byBhavin Shah
 
WTF is Penetration Testing
byNetSPI
 
Declaration of Mal(WAR)e
byNetSPI
 
DECEPTICONv2
by👀 Joe Gray
 

What's hot

PPTX
Penetration Testing vs. Vulnerability Scanning
bySecurityMetrics
 
PDF
A journey into Application Security
byChristian Martorella
 
PDF
Red Team Framework
by👀 Joe Gray
 
PPTX
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
byFRSecure
 
PPTX
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
byJoe Vest
 
PPTX
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
PDF
Penetration Testing Execution Phases
byNasir Bhutta
 
PPTX
Worst-Case Scenario: Being Detected without Knowing You are Detected
byAshwini Almad
 
PDF
Client-Side Penetration Testing Presentation
byChris Gates
 
PDF
Advanced penetration testing - Amarendra Godbole
byIndicThreads
 
PPTX
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
byFRSecure
 
PPTX
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
byFRSecure
 
PPTX
Purple Teaming - The Collaborative Future of Penetration Testing
byFRSecure
 
PDF
Ethical Hacking & Penetration Testing
byWon Ju Jub
 
PPTX
Penetration testing in wireless network
byHadi Fadlallah
 
PDF
Slide Deck CISSP Class Session 4
byFRSecure
 
PPTX
Path of Cyber Security
bySatria Ady Pradana
 
PPTX
Hunting before a Known Incident
byEndgameInc
 
PDF
Incident response before:after breach
bySumedt Jitpukdebodin
 
PPTX
Introduction to Penetration testing and tools
byVikram Khanna
 
Penetration Testing vs. Vulnerability Scanning
bySecurityMetrics
 
A journey into Application Security
byChristian Martorella
 
Red Team Framework
by👀 Joe Gray
 
Slide Deck – Session 5 – FRSecure CISSP Mentor Program 2017
byFRSecure
 
Using IOCs to Design and Control Threat Activities During a Red Team Engagement
byJoe Vest
 
NETWORK PENETRATION TESTING
byEr Vivek Rana
 
Penetration Testing Execution Phases
byNasir Bhutta
 
Worst-Case Scenario: Being Detected without Knowing You are Detected
byAshwini Almad
 
Client-Side Penetration Testing Presentation
byChris Gates
 
Advanced penetration testing - Amarendra Godbole
byIndicThreads
 
Slide Deck – Session 12 – FRSecure CISSP Mentor Program 2017
byFRSecure
 
Slide Deck – Session 4 – FRSecure CISSP Mentor Program 2017
byFRSecure
 
Purple Teaming - The Collaborative Future of Penetration Testing
byFRSecure
 
Ethical Hacking & Penetration Testing
byWon Ju Jub
 
Penetration testing in wireless network
byHadi Fadlallah
 
Slide Deck CISSP Class Session 4
byFRSecure
 
Path of Cyber Security
bySatria Ady Pradana
 
Hunting before a Known Incident
byEndgameInc
 
Incident response before:after breach
bySumedt Jitpukdebodin
 
Introduction to Penetration testing and tools
byVikram Khanna
 

Viewers also liked

PDF
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
byScott Sutherland
 
PPTX
Secure360 - Extracting Password from Windows
byScott Sutherland
 
PPTX
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
PPT
SQL Server Security - Attack
bywebhostingguy
 
PDF
Penetration testing the cloud - vlad gostom
byHardway Hou
 
PDF
iOS Application Penetration Testing
byn|u - The Open Security Community
 
PDF
Penetration testing as an internal audit activity
byTranscendent Group
 
SQL Server Exploitation, Escalation, Pilfering - AppSec USA 2012
byScott Sutherland
 
Secure360 - Extracting Password from Windows
byScott Sutherland
 
DerbyCon2016 - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
SQL Server Security - Attack
bywebhostingguy
 
Penetration testing the cloud - vlad gostom
byHardway Hou
 
iOS Application Penetration Testing
byn|u - The Open Security Community
 
Penetration testing as an internal audit activity
byTranscendent Group
 

Similar to WTF is Penetration Testing

PPTX
UNIT 1-Ethical-Hacking-ppt (2).pptx ethical data
byYazhiniSharmi
 
PPTX
Hacking and Penetration Testing - a beginners guide
byPankaj Dubey
 
PDF
ethical Hack
byViggi Unbeaten
 
PDF
Wm4
byUmang Patel
 
PDF
Wm4
byUmang Patel
 
PPTX
So you wanna be a pentester - free webinar to show you how
byJoe McCray
 
PPTX
Introduction to information security field
byAhmed Musaad
 
PDF
PENETRATION TESTING LECTURE SLIDES start
byDorcask3
 
PDF
Ethical hacking
byKhairi Aiman
 
PDF
So, you wanna be a pen tester ctsc2017
byAdrien de Beaupre
 
PDF
How to Become a Penetration Tester in 2025 (1).pdf
bydaksh908982
 
PPTX
Ethical Hacking and Defense Penetration
byJay Nagar
 
PDF
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
PDF
Unraveling the Confusion Surrounding the Purpose of Penetration Tests
byBo Birdwell
 
PPTX
Hacking - Breaking Into It
byCTruncer
 
PDF
Security and Penetration Testing Overview
byQA InfoTech
 
PPTX
Ethical hacking
bymonacofamily
 
PDF
Application Security: Safeguarding Data, Protecting Reputations
byCognizant
 
PDF
Cyber Security Company.pdf
bypdfcompressor1
 
PPTX
GETTING STARTED WITH THE ETHICAL HACKING.pptx
byBishalRay8
 
UNIT 1-Ethical-Hacking-ppt (2).pptx ethical data
byYazhiniSharmi
 
Hacking and Penetration Testing - a beginners guide
byPankaj Dubey
 
ethical Hack
byViggi Unbeaten
 
Wm4
byUmang Patel
 
Wm4
byUmang Patel
 
So you wanna be a pentester - free webinar to show you how
byJoe McCray
 
Introduction to information security field
byAhmed Musaad
 
PENETRATION TESTING LECTURE SLIDES start
byDorcask3
 
Ethical hacking
byKhairi Aiman
 
So, you wanna be a pen tester ctsc2017
byAdrien de Beaupre
 
How to Become a Penetration Tester in 2025 (1).pdf
bydaksh908982
 
Ethical Hacking and Defense Penetration
byJay Nagar
 
Asegurarme de la Seguridad?, Un Vistazo al Penetration Testing
bySoftware Guru
 
Unraveling the Confusion Surrounding the Purpose of Penetration Tests
byBo Birdwell
 
Hacking - Breaking Into It
byCTruncer
 
Security and Penetration Testing Overview
byQA InfoTech
 
Ethical hacking
bymonacofamily
 
Application Security: Safeguarding Data, Protecting Reputations
byCognizant
 
Cyber Security Company.pdf
bypdfcompressor1
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
byBishalRay8
 

More from Scott Sutherland

PPTX
Hunting SMB Shares with Data, Graphs, Charts, and LLMs (SO-CON 2025)
byScott Sutherland
 
PPTX
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
byScott Sutherland
 
PPTX
How to Build and Validate Ransomware Attack Detections (Secure360)
byScott Sutherland
 
PDF
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
byScott Sutherland
 
PPTX
2019 Blackhat Booth Presentation - PowerUpSQL
byScott Sutherland
 
PDF
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
byScott Sutherland
 
PPTX
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
byScott Sutherland
 
PPTX
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
byScott Sutherland
 
PPTX
Beyond xp_cmdshell: Owning the Empire through SQL Server
byScott Sutherland
 
PPTX
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
PPTX
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
byScott Sutherland
 
PPTX
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
PPTX
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
byScott Sutherland
 
PPTX
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
byScott Sutherland
 
PDF
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
byScott Sutherland
 
PDF
Attack All the Layers: What's Working during Pentests (OWASP NYC)
byScott Sutherland
 
PPTX
Secure360 - Attack All the Layers! Again!
byScott Sutherland
 
PDF
Attack all the layers secure 360
byScott Sutherland
 
PDF
Declaration of malWARe
byScott Sutherland
 
PDF
Thick Application Penetration Testing: Crash Course
byScott Sutherland
 
Hunting SMB Shares with Data, Graphs, Charts, and LLMs (SO-CON 2025)
byScott Sutherland
 
Into the Abyss: Evaluating Active Directory SMB Shares on Scale (Secure360)
byScott Sutherland
 
How to Build and Validate Ransomware Attack Detections (Secure360)
byScott Sutherland
 
TROOPERS 20 - SQL Server Hacking Tips for Active Directory Environments
byScott Sutherland
 
2019 Blackhat Booth Presentation - PowerUpSQL
byScott Sutherland
 
PowerUpSQL - 2018 Blackhat USA Arsenal Presentation
byScott Sutherland
 
Secure360 - Beyond xp cmdshell - Owning the Empire through SQL Server
byScott Sutherland
 
2018 Student360 - Beyond xp_cmdshell - Owning the Empire Through SQL Server
byScott Sutherland
 
Beyond xp_cmdshell: Owning the Empire through SQL Server
byScott Sutherland
 
2017 Secure360 - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
2017 Thotcon - Hacking SQL Servers on Scale with PowerShell
byScott Sutherland
 
2017 OWASP SanFran March Meetup - Hacking SQL Server on Scale with PowerShell
byScott Sutherland
 
2017 Q1 Arcticcon - Meet Up - Adventures in Adversarial Emulation
byScott Sutherland
 
2016 aRcTicCON - Hacking SQL Server on Scale with PowerShell (Slide Updates)
byScott Sutherland
 
10 Deadly Sins of SQL Server Configuration - APPSEC CALIFORNIA 2015
byScott Sutherland
 
Attack All the Layers: What's Working during Pentests (OWASP NYC)
byScott Sutherland
 
Secure360 - Attack All the Layers! Again!
byScott Sutherland
 
Attack all the layers secure 360
byScott Sutherland
 
Declaration of malWARe
byScott Sutherland
 
Thick Application Penetration Testing: Crash Course
byScott Sutherland
 

Recently uploaded

PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PPTX
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
PDF
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
PPTX
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
PDF
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
PDF
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
PPTX
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
PDF
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
PDF
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
PDF
AI and Zero Trust: What it takes to do it right
byMark Simos
 
PPTX
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
PDF
How to build hackthon projects from ZERO!
byishantyadav1111
 
PPTX
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
PDF
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
PPTX
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PDF
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
PDF
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
PPTX
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
PPTX
INSY_7213_Theme Sessions 47 & 48 Advanced databases.pptx
bystormzy56
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Software Engineering in the Age of AI Agents
byHusseinMalikMammadli
 
Pneumatic Pressure Pump PPP01 for Calibration & Testing
bySERRAX TECHNOLOGIES LLP
 
TechSprint (SJBIT) 2025-26 Hackathon Winners & Awards Ceremony
bysuhasspgdg
 
React Mastery: Visual Mental Models to Understand React Deeply
byThomas Gaye
 
EU regulations for the North American book supply chain - Tech Forum 2026
byBookNet Canada
 
TechSprint WinterHack — Top 10 Teams Pitching Session we are excited for pit...
bybajpaitusharoffon678
 
Parental Control App for Phones_ The Complete 2026 Guide for Safer, Smarter P...
byRyan Cooper
 
AI-Powered Alert Analysis with ClickHouse - DB Mastery Jan'26
byAlkin Tezuysal
 
AI and Zero Trust: What it takes to do it right
byMark Simos
 
2026 SCORM Troubleshooting Rustici + dominKnow.pptx
byRustici Software
 
How to build hackthon projects from ZERO!
byishantyadav1111
 
The Lex Wire Precedent: A Technical Standard for Machine-Mediated Authority ...
byJeff Howell
 
Post-Hackathon-Learnings-Maximizing-Impact-Beyond-the-Event.pdf
byishantyadav1111
 
Jisc Equipment Data Service Update Workshop 3 December 2025
byJisc
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
What Thema can do: Leveraging metadata to support the discoverability of Firs...
byBookNet Canada
 
Transcript: EU regulations for the North American book supply chain - Tech Fo...
byBookNet Canada
 
TechSprint Inauguration at SJB Institute of Technology held on 18 December 2025
bysuhasspgdg
 
INSY_7213_Theme Sessions 47 & 48 Advanced databases.pptx
bystormzy56
 

WTF is Penetration Testing

  • 1.
    WTF is PenetrationTesting? An Overview of Who, What, Where, When, and Why Scott Sutherland Ryan Wakeham
  • 2.
    Who are we? •Scott Sutherland Principle Security Consultant NetSPI • Ryan Wakeham Director of Consulting NetSPI
  • 3.
    Presentation Overview • What is a “pen test”? • Why do companies “pen test”? • Who does “pen testing”? • What skills are required? ‒ Non Technical Skillset ‒ Basic Technical Skillset ‒ Offensive and Defensive Knowledge • What are some Common Tools? • Pen Testing as a Career • Attack Demo: SQL Inject World • Questions
  • 4.
    What is PenetrationTesting? Our Definition: “The process of evaluating systems, applications, and protocols with the intent of identifying vulnerabilities from the perspective of an unprivileged or anonymous user to determine the real world impact…” “…legally and under contract”
  • 5.
    Why do CompaniesPen Test? • Compliance Requirements • Validate Existing Controls • Identify Unknown Security Gaps • Prioritize Existing Security Initiatives • Prevent Data Breaches • Test IDS / IPS / IRP
  • 6.
    What are theTechnical Objectives? • Client specific objectives first • Identify and verify all entry points • Identify critical escalation points • Gain unauthorized access to: ‒ Application functionality ‒ Critical systems ‒ Sensitive data
  • 7.
    Assessment VS. Penetration •Vulnerability Assessment and Penetration Testing Answer: ‒ What are my system layer vulnerabilities? ‒ Where are my system layer vulnerabilities? ‒ How wide spread are my system layer vulnerabilities? ‒ Can I identify attacks? ‒ How do I fix my vulnerabilities?
  • 8.
    Assessment VS. Penetration •Penetration Testing Answers: ‒ What are my high impact network layer issues? ‒ What are my high impact application layer issues? ‒ Can an attacker gain unauthorized access to: • critical infrastructure that provides privileged access or cause service disruptions • critical application functionality that the business depends on • sensitive data that the business would be required to report on if a breach occurs ‒ Can an attacker bypass our IPS / WAF? ‒ Can an attacker pivot from environment A to environment B?
  • 9.
    Common Penetration TestApproach • Kickoff: Scope, cost, testing windows, risks etc • Information Gathering • Vulnerability Enumeration • Penetration • Escalation • Evidence Gathering (Pilfering) • Clean up • Report Creation • Report Delivery and Review • Remediation
  • 10.
    Who Conducts PenTesting? • Internal Employees • Security Analyst • Security Consultant • Third Parties • Audit Firms • Security Consultants
  • 11.
    Rules of Engagement • Have fun, but…Hack Responsibly! • Written permission • Stay in scope • No DoS • Don’t change major state • Restore state • Clear communication
  • 12.
    What Skills areNeeded? • Non Technical • Basic Technical • Offensive • Defensive • Common Tools
  • 13.
    Non Technical Skillset •Written and Verbal Communications • Emails/phone calls • Report development • Small and large group presentations • Professionalism • Respecting others, setting, and meeting expectations • Troubleshooting Mindset • Never give up, never surrender • Where there is a will, there is a way • Ethics • Don’t do bad things • Pros (career) vs. Cons (jail) • Hack responsibly
  • 14.
    Basic Technical Skillset • Windows Desktop Administration • Windows Domain Administration • Linux and Unix Administration • Network Infrastructure Administration • Application Development • Scripting (Ruby, Python, PHP, Bash, PS, Batch) • Managed languages (.Net, Java, Davlik) • Unmanaged languages (C, C++)
  • 15.
    Offensive and DefensiveKnowledge • System enumeration and service fingerprinting • Linux system exploitation and escalation • Windows system exploitation and escalation • Network system exploitation and escalation • Protocol exploitation • Web application exploitation (OWASP) • Reverse engineering client-server applications + AV Evasion • Social engineering techniques (onsite, phone, email)
  • 16.
    Common Tools There arehundreds of “hacker” tools. Generally, you need to have enough knowledge to know what tool or tool(s) is right for the task at hand…. …and if one doesn’t exist, then create it.
  • 17.
  • 18.
    Common Tools • Knowledge> Tools • Understand the core technologies • Understand the core offensive techniques • Understand the core defensive techniques • Network Penetration Testing • BT, CAIN, YERSINIA, NCAT, NMAP, NESSUS, NEXPOSE, WCE, MIMIKATZ, AirCrack-ng, METASPLOIT… and NATIVE TOOLS! • Application Penetration Testing • BURP, ZAP, NIKTO, DIRBUSTER, SQLMAP, SQL Ninja, and BEEF…. and commercial tools
  • 19.
    Pen Testing asa Career: Common Paths • Internal Paths • Help Desk • IT Support Internal employees • IT Admin often stay internal. • Security Analyst • Senior Security Analyst • Internal Consultant • CISO • Security Consulting Paths Security consultants • Internship often end up in • Consultant malware research or • Senior Consultant exploit • Principle Consultant • Team Lead development, but • Director some go corporate.
  • 20.
    Pen Testing asa Career: How to Start • Read and learn! – There is no “end” • Tap into the community! • Research and Development • Contribute to open source projects • Present research at conferences • Training and Certifications • Community: DC612, OWASP, Conferences, etc • Professional ($): SANS, OffSec, CISSP, etc • Volunteer • Internships
  • 21.
    BE SAFE and HACKRESPONSIBLY
  • 22.
    Questions Questions, comments, curses?