Embed Size (px)
DESCRIPTION
Citation preview
Page 6 http://pentestmag.comStartKit 01/2013(01)
PENETRATION TESTING
T hat is not a talk about how your degree af-fects your skills, it does not affect, because the practical skills might have something
with 'fundamentals' if they are on the same way and lead you to the same goal. Not every country has such educational institutes (maybe Germany has). You are allowed to argue against both sides or choose your own where there is a place to solve different problems instead of misplacing them. This case is often extended by certifications; it matters, no doubt, especially when you know that someone who hires you looks for it. However, you may find another way to tell them you can manage with such projects that depend on your additional skills such as programming. I mean you can develop your own tools/exploit by yourself, participate in open-source groups that aims it too, you can improve some tool/exploitation mechanism or automatize it, mix several tools, redevelop it even. It helps to understand how OS components link and work to-gether as well as break into system. In course of debates which languages must be learnt, there are two kinds that depend on OS (under Windows OS – C/C++, Assembler, under Linux/RedHat/CentOS – Python, Ruby). However, it does not mean you should limit yourself to these languages, as a soft-ware develops with many other languages, soft-ware may have popular add-ons written by some-
one who prefers .Net or have to use it.Besides, do not forget you should not only de-
velop something but pentest too. It does not mean you should stop to improve your skills; there are many out-of-box tools or solutions you have to learn and use, like BackTrack. It must be a need to improve or custom them in order to network, sys-tem or other specifications. Being a part of team, like Hacker for Charity (http://www.hackersforchar-ity.org/), helps to collect all skills among system security, network security, application security, etc. On the another hand, getting forensics skills may help too. Therefore, learning and practicing with home networks, corporate sandboxes, bypassing NAC, VLANs and finding loopholes in isolated seg-ments that helps understanding stacks, buffer and memory and their vulnerabilities. In addition, you can learn specific technology such AVR: this kind of programming involves a C/C++ knowledge as well.
Anyway, first steps on this field might involve reading books, but almost all of books (except Syn-gress Publishing house) are rewritten, redesigned of each other that brings old techniques, and old tools. So, it is better to find books such as shell-coders and grayhat-coders books and Pentest guidelines (e.g. http://www.pentest-standard.org, http://www.vulnapps.com/) and standards (NIST
Pentester Career: How to BeginSomeone starts with talking about degree, another says that nothing except fundamentals matters. You can get some significant part of whole knowledge before college even or do not anything useful after degree even.
StartKit 01/2013(01)
SP 800-42). As said earlier, you can not focus on certain language, software or technology not to end with pure knowledge. No one loves Delphi but enough tools to research applications implement Delphi libraries (and written too). You should col-lect information about every technology, system, software from any possible sources:
• Infosecurity blogs, news (like http://www.vul-napps.com/ or http://exploit-exercises.com/)
• Books and ebooks (like The Art of Software Se-curity Assessment, or The Art of Exploitation)
• Vulnerabilities domains (like http://www.exploit-db.com/)
• security conferences/events (each possible, not only top known such DefCon)
• templates and charts (http://pentestmonkey.net/category/cheat-sheet)
• special guidelines and frameworks (like OffSec guidelines)
It is quite important to have all of these (and not only them) skills, because the key difference be-tween such tester and someone else is an abili-ty to answer and explain vector attacks, poten-tial ways to attacks, and discreet information you have per each who you interact. It means don’t overload CEO with full-detailed technical reports generated by Nessus or another tool. As finalthoughts, you should have different broad skills on
• Networks solutions (software, protocols, and hardware);
• Techniques of attacking and defensing of IDS, Firewalls, AV, embedded and third party secu-rity software;
• Top known tools and software to gathering da-ta;
• Forensics and intelligence techniques to get evidence;
• Human security techniques (social engineering and physical security);
• Participating at the CTFs and conferences;• Simply be involved to gain and share knowl-
edge with smart guys;
Good luck,
YurY Chemerkin
