Over the last few years, more penetration testing and ethical hacking courses have been popping up across various platforms. Sourcing from both popular and relatively unknown authors. As a budding hacker, how do you choose where to spend your precious time and monetary resources?
This article will discuss a handful of available options and leave you with two that I can highly recommend for your first hacking course.
My audience for this post is particular and aligns with my pen test training path. You should be looking for a training program if you:
These recommendations are a bridge between the first infosec certification and the OSCP
Penetration Testing is one of the most sought-after careers for new cyber security college graduates. I don’t know how many times I have had an intern or mentee who has said that their goal was to be a pen tester. By no means is it an easy road. It takes passion and dedication to put in the hours to gain the required knowledge to just pass an interview. I think just as often, when I discuss the journey, people decide to take a different path.
This blog will discuss my recommendations to go from an infosec college student with no industry experience to a junior pentester. In another blog, we will dive into the career itself and the day to day life.
By no means is this the only method of achieving your dream. But this is my recommended approach based on my experiences completing the journey and mentoring others in the ethical hacker track.
SMB Series - Null Sessions
Server Message Block (SMB) is a service often overlooked by new penetration testers. An unfortunate result given the valuable information and opportunity for a quick initial foothold on a network. Do yourself a favor and don’t make this mistake as a budding hacker.
This blog will act as the first part in the SMB series to cover avenues for enumeration and paths to getting initial access, both applicable to the world of CTF boxes and to real-life penetration testing. Null sessions are one piece that pops up in CTF's consistently and in the real-world every so often. Regardless, many of the techniques demonstrated here can be used alone or with a limited account.
Enjoy the blog and let me know your favorite technique to pair with a Null Session.
This past week I dove in to take the new beta version of CompTIA’s Pentest+ version PT0-002. Since I did a terrible job of reading the contract and remembering what I can disclose, I will try to be careful. But CompTIA, feel free to message me if I reveal anything I shouldn’t. I will discuss how the exam went for me, my thought on the material covered, and my recommendations for how to study.