iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Best way to Understand and starting my pen testing carrer?
  • mandi
    Posts: 207
    I am much more fascinated about Network and Network security ,In my future i am willing to become a Network Security expert,I do have some good fundamental knowledge in the basic Networking and how basic networking things work etc,As some of my senior friends who are working in Networking field said ,you need to have some years of Experience(they said at least 3 years) As a Administrator or some thing related to "TRADITIONAL NETWORKING",So i am much more concentrating on Traditional Networking stuff and CISCO courses,But in the mean time i would also like to build some good fundamental knowledge in Pen-Testing,Also i would like to hear your suggestions/ideas for beginning my pen testing carrer,what kind of Approach i should follow in order to become a professional pen-tester?

    Do i need to read a lot of e-books ?
    If yes please suggest me some good e-books(I do have lot of e-books on pen-testing,but i am willing to have some e-book names from your experience)e-book suggestions from you for understanding the fundamentals of pen-testing?

    Also what should i focus much in the following two?
    1)Understanding how things work
    2)Or to have lot of practical experience?

    or both?

    Hope some one will guide me in a proper way...
  • Sh3llc0d3
    Posts: 1,910
    You seem to have a good grasp of a lot of concepts in networking and can argue cases as well as question them too. I'f your working in a networking role at the moment there's two options, carry on and hope you end up being offered a job more in your taste i.e. security. If not you can improve your odds by taking a course or qualification and then seeing if they will let you do security based roles.

    For pen-testing specifically you will need to do a qualification at least, not only for your sake but to keep your employer's happy that you are in line with current regulations and standards. This is for insurance purposes mainly, a lot of hacker's who move into pentesting do not fully understand the amount of insurance you need as a pentester (especially if working freelance).

    You need a mixture of theory as well as practical knowledge and experience. You could maybe speak to someone about it who is in network security, that's probably the best advice I can give you. Setup a virtual network at home using virtualbox or VMWare then try pentesting it. There are plenty of iso's about to make a decent challenge out of it. If you struggle to find a challenge look at old wargame iso's to pentest.

    EDIT: congrats mandi on breaking 100 posts :)
  • mandi
    Posts: 207 

    You seem to have a good grasp of a lot of concepts in networking and can argue cases as well as question them too. I'f your working in a networking role at the moment there's two options, carry on and hope you end up being offered a job more in your taste i.e. security. If not you can improve your odds by taking a course or qualification and then seeing if they will let you do security based roles.

    For pen-testing specifically you will need to do a qualification at least, not only for your sake but to keep your employer's happy that you are in line with current regulations and standards. This is for insurance purposes mainly, a lot of hacker's who move into pentesting do not fully understand the amount of insurance you need as a pentester (especially if working freelance).

    You need a mixture of theory as well as practical knowledge and experience. You could maybe speak to someone about it who is in network security, that's probably the best advice I can give you. Setup a virtual network at home using virtualbox or VMWare then try pentesting it. There are plenty of iso's about to make a decent challenge out of it. If you struggle to find a challenge look at old wargame iso's to pentest.

    EDIT: congrats mandi on breaking 100 posts :)


    Thanks for your Advice bro,But i just asked in the sense to know how others from this forum digged their way in to this pen-testing field,Because every-body have different starting points and experience,Also
    I am just a student,Willing to become as a security profession in the future learning,And also interested in learning some pen-testing and build some experience in the pen-testing stuff Along side ,while i am learning professional networking (i.e like cisco)....
  • McKittrick
    Posts: 194
    just my cents:

    you might want to stand out from the competition by familiarizing yourself with all types of OSes (windows/linux/unix/mac/etc) and networks (FDDI/PPP/TOKEN RING/ETC)

    the problem you will run into is that this type of field you seek is SATURATED already with network savy people who also want a shot at a job. you have to offer more than they do
  • opentuned
    Posts: 2
    Hey guys thanks for some tips, I recently aquired the CEH course material to start up a new carrer path. Working as a developer now, i do lack on the network admin knowledge side of things but I figure if i start now, on the side of dev, in a few years i might be able to realisitcally move into this field. But there is A LOT to learn!
  • Sh3llc0d3
    Posts: 1,910
    said:


    Hey guys thanks for some tips, I recently aquired the CEH course material to start up a new carrer path. Working as a developer now, i do lack on the network admin knowledge side of things but I figure if i start now, on the side of dev, in a few years i might be able to realisitcally move into this field. But there is A LOT to learn!



    Best way to gain Net Admin experience... do it for a job. I advise people when going into network security to start off working in a support role on a network then work up (possibly completing certificates to prove proficiency). Being a dev (depending on your current position and experience) will give you a big leg up when exploiting and creating security tools, however networking knowledge is a crucial fundamental component you need to get under your belt. A lot of people torrent the CEH course and by the end still have no idea how to pentest, it's best to go through a training provider or (if you can do it) and have the experience self-study and achieve the qualification. Learning the material with no goal of what you should be using it for in practice makes course material useless. The only course material I'd suggest 'nabbing' is the Offensive Security 101 course or PWB [pentesting with backtrack] course.
  • chroniccommand
    Posts: 1,389
    Agreeing with semtex here. Try to get qualified and you shouldn't have much trouble getting into the professional pen-tester career.
  • Xin
    Posts: 3,251
    I have contacts who are security consultants and pentesters and heres what they said to me.

    You will need several years experience in the security/it industry before you can even be considered as a pentester/consultant, this is because you need to show you have experience in the field. The best job you can get into to get a good standing is network admins, and things like that. ALso along side this you should get certified with the CISCO certs, and when you have 2 years field experience get CEH certified.

    But remember an employer wont employ you if you only have a load of certs, they want experience.

    Also remember the pentesting market is getting tougher nowadays with the popularity of it and the new addition to automated tools.

    If you are not old enough to work yet start posting papers and start a blog as it helps to get known in the industry.

    I can write a thread on things i learnt if you want
    Xin
Add a Comment