Get used to seeing this link:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
Like Sectools.org, check out this list of steps/tools and start picking out
ones you want to try. A good book like CounterHack Reloaded will give good
guidance on the steps of a pen-test (attacker), but nothing beats getting your
hands bloody with the tools. Make it a personal goal to at least read up on
every tool in those lists, if not actually trying them all out. You might not
become an expert in them in a week or tinkering, but it gives you the ability
to apply those tools to real-job situations which then starts to beef up your
"expertness."
In the process of setting up scenarios in your lab, pay attention when you set
up things like Apache or other services. Even as you test tools against them,
you can very much learn how they work and how to configure them to fix any
openings you create. Standing up a SQL server? Take some time to learn a bit of
SQL yourself and how to manage/admin the system as you poke and prod it.
You could also try out some purposely vulnerable setups like:
Damn Vulnerable Linux
HackMe series
OWASP's WebGoat
And try to poke at, and read the solutions to, various puzzles online, like
challenges at the Ethical Hacker's Network. Even if you're stumped, you can
still learn a ton!
I'll let you Google those yourself, as Google-fu is going to serve you forever.
That is all fun, and not really getting too mired in something that might turn
you away quick, like programming and memory forensics (which admittedly isn't
for everyone). But eventually you'll probably scratch the itch to learn some
scripting/coding language like Python, Ruby, or even the venerable Perl.
Use Metasploit for ease of penetrations (kinda like lube for...err...cough) and
try to scan everything you can with nmap and nessus and vuln assessment tools.
Get used to the output.
If you're up to it, start a sniffer somewhere in your network anytime you do
stuff, and check out the packets. You don't necessarily need to understand
every flag and bit, but the more you see it all, the more easily it will
eventually make sense. I bet you get some of this with your IDS now anyway! :)
If so, try packet crafting!
That should be a good year's worth of personal time invested!
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
|