THE CU
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
  • Land A Job
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Finance Resources
    • CTFs and Cons
    • Training
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers

 

How do I get started in Penetration Testing?

4/21/2018

0 Comments

 
Introduction

Often, I hear the question above from folks in college or just graduating; somehow their journey in life took them through a hacker/pen testing/offensive experience and it changed their life. Who wouldn’t want to do this for a living, I mean it is amazing to be able to hang out with brilliant people who are insanely passionate, just like you! Below is a list of a few steps you can take to get a better foundation in hackery. In addition to this blog, I will release a few others to coincide with this information and go into more depth in these areas.

Steps
​1. Play with Kali
The easiest way that I find to work with Kali is to download the VMware image from Offensive Security and run it. If you are of the Virtual Box inclination, they also have a version compatible version for that virtualization product. Once you have Kali up and working play with the tools, look up the tools, and get a feel for Linux if you are new to that type of Operating System. Overthewire is a great site to start picking up these skills as the challenges begin with simple Linux familiarity and move up to CTF style challenges.
  • https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
  • http://overthewire.org/wargames/
  • https://www.offensive-security.com/metasploit-unleashed/

 2. Learn the basics
You can’t just start “hacking” into systems without learning the basics first. This knowledge base includes networking, operating systems, command line fu, web, and common protocols. Some of this information can be gained through certifications such as the Security+, Certified Ethical Hacker(CEH), and eLearnSecurity as well as just googling and looking on youtube. If you are the broke college student type, there are plenty of free resources out there; check out the last one below to get a start.
  • https://certification.comptia.org/certifications/security
  • https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
  • https://www.elearnsecurity.com/
  • https://www.cybrary.it/

3. Capture the Flag!
CTF’s are a great way to meet people and practice some of the skills you have learned. Although some of these are rather “gamey” experiences, you will get more comfortable with your tools, the command line and learn some interesting things from your fellow hackers.
  • https://ctftime.org/ctfs
  • https://trailofbits.github.io/ctf/

4. Meet other hackers
What better way to gain experience, techniques, and network then to hang out with others of the same ilk. CTF events are great for this, irregularly, however, there are significantly more opportunities to expand socially. Meetups, conferences and other organization events are fantastic ways to expand your horizons.   If there aren’t any in your area and you aren’t willing to travel, then make your own meetup and get the ball rolling!
  • http://www.securitybsides.com/w/page/12194156/FrontPage
  • https://digitalguardian.com/blog/top-50-must-attend-information-security-conferences
  • https://www.meetup.com/
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Silverbits
    - Infosec Enthusiast
    - Traveler
    - Future AT Thru-Hiker
    - CTFer
    - Red and Blue Teamer

      signup!

    Subscribe to Newsletter

    Categories

    All
    Book Review
    Certifications
    Coding
    Conferences
    Course Review
    Cracking
    Defense
    Finance
    Fire
    Forensics
    Hacking
    Hashes
    Incident Response
    Job Hunting
    Malware
    Mindset
    OSCP
    Pen Testing
    Tools
    Travel
    Updates
    Web Hacking

    Archives

    January 2023
    January 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    May 2018
    April 2018

    RSS Feed

Home      Blogs    Disclaimers    Copyright Notice   Cookie Policy ​
  • Home
  • Blogs
  • Offense
    • Pen Tester Training Program
    • Offensive Cheat Sheets >
      • Bash Commands
      • Network Enumeration
      • Web Enumeration
      • Windows Post Ex
      • Metasploit
      • Shells
      • PowerShell
    • Offensive Links
  • Defense
    • Junior SOC Analyst Roadmap
    • Intermediate SOC Analyst Training Program
    • Defense Links
  • Land A Job
    • Improve Resume
    • Find a Job
    • Interview Prep
    • Grow as a Practitioner
    • Get Experience
  • FAQS
  • Other
    • Finance Resources
    • CTFs and Cons
    • Training
    • Twitter People to Follow
    • Podcasts
    • Books
    • Twitch Streamers