I am also working towards a career in security and I am getting ready
to start the training for the Offensive Security certification. Is
the link Krymson provided in the beginning of his post a general
procedure layout for a pen test? It looks like a very thorough list
and somewhat overwhelming, is it more of a standard of what needs to
be done and the order or just a list some testers have compiled?
- PM
On 10 Aug 2007 18:02:19 -0000, krymson@gmail.com <krymson@gmail.com> wrote:
> Get used to seeing this link:
>
>
> http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
>
>
> Like Sectools.org, check out this list of steps/tools and start picking out
> ones you want to try. A good book like CounterHack Reloaded will give good
> guidance on the steps of a pen-test (attacker), but nothing beats getting
> your hands bloody with the tools. Make it a personal goal to at least read up
> on every tool in those lists, if not actually trying them all out. You might
> not become an expert in them in a week or tinkering, but it gives you the
> ability to apply those tools to real-job situations which then starts to beef
> up your "expertness."
>
>
> In the process of setting up scenarios in your lab, pay attention when you
> set up things like Apache or other services. Even as you test tools against
> them, you can very much learn how they work and how to configure them to fix
> any openings you create. Standing up a SQL server? Take some time to learn a
> bit of SQL yourself and how to manage/admin the system as you poke and prod
> it.
>
>
> You could also try out some purposely vulnerable setups like:
>
> Damn Vulnerable Linux
>
> HackMe series
>
> OWASP's WebGoat
>
>
> And try to poke at, and read the solutions to, various puzzles online, like
> challenges at the Ethical Hacker's Network. Even if you're stumped, you can
> still learn a ton!
>
>
> I'll let you Google those yourself, as Google-fu is going to serve you
> forever.
>
>
> That is all fun, and not really getting too mired in something that might
> turn you away quick, like programming and memory forensics (which admittedly
> isn't for everyone). But eventually you'll probably scratch the itch to learn
> some scripting/coding language like Python, Ruby, or even the venerable Perl.
>
>
> Use Metasploit for ease of penetrations (kinda like lube for...err...cough)
> and try to scan everything you can with nmap and nessus and vuln assessment
> tools. Get used to the output.
>
>
> If you're up to it, start a sniffer somewhere in your network anytime you do
> stuff, and check out the packets. You don't necessarily need to understand
> every flag and bit, but the more you see it all, the more easily it will
> eventually make sense. I bet you get some of this with your IDS now anyway!
> :) If so, try packet crafting!
>
>
> That should be a good year's worth of personal time invested!
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
|