Over the last few years, more penetration testing and ethical hacking courses have been popping up across various platforms. Sourcing from both popular and relatively unknown authors. As a budding hacker, how do you choose where to spend your precious time and monetary resources?

This article will discuss a handful of available options and leave you with two that I can highly recommend for your first hacking course.
​
My audience for this post is particular and aligns with my pen test training path. You should be looking for a training program if you:

• already have a general cyber security certification under their belt,
• are in your first infosec job,
• are now focused on building qualifications and knowledge to become a pentester.

​These recommendations are a bridge between the first infosec certification and the OSCP

Penetration Testing is one of the most sought-after careers for new cyber security college graduates. I don’t know how many times I have had an intern or mentee who has said that their goal was to be a pen tester. By no means is it an easy road. It takes passion and dedication to put in the hours to gain the required knowledge to just pass an interview. I think just as often, when I discuss the journey, people decide to take a different path.

This blog will discuss my recommendations to go from an infosec college student with no industry experience to a junior pentester. In another blog, we will dive into the career itself and the day to day life.
​
By no means is this the only method of achieving your dream. But this is my recommended approach based on my experiences completing the journey and mentoring others in the ethical hacker track.

Server Message Block (SMB) is a service often overlooked by new penetration testers. An unfortunate result given the valuable information and opportunity for a quick initial foothold on a network. Do yourself a favor and don’t make this mistake as a budding hacker.
​
This blog will act as the first part in the SMB series to cover avenues for enumeration and paths to getting initial access, both applicable to the world of CTF boxes and to real-life penetration testing. Null sessions are one piece that pops up in CTF's consistently and in the real-world every so often.  Regardless, many of the techniques demonstrated here can be used alone or with a limited account. 

Enjoy the blog and let me know your favorite technique to pair with a Null Session.