The More The Merrier
Let us look into how to become a Penetration Tester or ‘Pentester’. The more penetration testers the better. With the world of ‘hacking’ ahead of you, it can be hard to know where to start. This blog post hopes to point you in the right direction and give you a guide to the mindset needed to become good at penetration testing.
Mindset is one of the most important parts of any pursuit and the best place to start. Penetration testing can be DRY, BORING, and DIFFICULT, but that doesn’t mean it isn’t fulfilling. Curiosity and the desire for knowledge are essential; if you don’t get excited when you see a new WAF (Web Application Firewall) bypass or SMB exploit, then perhaps you should start because that stuff is fascinating. But the most important part is to be able to hit a wall and move forward whichever way you can. It’s exceedingly rare for you to find a problem without a solution. This type of mindset is nurtured within the ‘Try Harder’ motto for OSCP.
Like all skills, they come with time and hard work. But there are some places you can start quite easily. First thing’s first. Networking. Whether you like it or not, it is a must to have a good understanding of the services that make a network as well as the protocols which they use. A good understanding of the OSI model top to bottom. An understanding of command-line interfaces on Windows and a healthy knowledge of Linux and UNIX based operating systems are important. But, the most important piece of advice in the skills category is the ability to google and learn on your own. A mentor can help, but without the ability to put in the leg work for the information you need, you’re never going to develop and expand your knowledge and skill set.
Practice Makes Perfect
Okay, so you know your way around Linux and you know your DHCP from your DNS. It’s time to get stuck in with the actual work. [HackTrick]s is a fantastic resource to use to learn pen test methodology as well as how to check specific services. A fantastic way to learn how to use these skills is with [Hack the Box] *psst you have to hack it to get an account*. Try some lower difficulty boxes and try to drop into their [academy] to get some guided tutorials and practical learning activities for many of the core concepts for a penetration tester.
Once you’ve started honing your skills you can start looking for certificates. These vary based on location. One which is respected for the work required to complete is [OSCP], but [Crest CPSA] is considered an excellent display of knowledge respected more in the industry than [CEH] (Certified ethical hacker) which is trying very hard to correct this. Crest’s [CRT] is considered the UK’s version of OSCP as well as a number of perks for the holder.
Become A Penetration Tester!
Cyber security is growing quicker than employers can fill the roles, so now the time to get stuck in! We at Sencode can’t wait to see you at DEFCON and if you’re interested in [our top 5 hacking tools] go and take a look.
[hack the box] https://www.hackthebox.eu/
[hack the box academy] https://academy.hackthebox.eu/
[5 top hacking tools] https://sencode.co.uk/our-top-5-hacking-tools/