How do I get started in Penetration Testing?

Introduction

Often, I hear the question above from folks in college or just graduating; somehow their journey in life took them through a hacker/pen testing/offensive experience and it changed their life. Who wouldn’t want to do this for a living, I mean it is amazing to be able to hang out with brilliant people who are insanely passionate, just like you! Below is a list of a few steps you can take to get a better foundation in hackery. In addition to this blog, I will release a few others to coincide with this information and go into more depth in these areas.

Steps
​1. Play with Kali
The easiest way that I find to work with Kali is to download the VMware image from Offensive Security and run it. If you are of the Virtual Box inclination, they also have a version compatible version for that virtualization product. Once you have Kali up and working play with the tools, look up the tools, and get a feel for Linux if you are new to that type of Operating System. Overthewire is a great site to start picking up these skills as the challenges begin with simple Linux familiarity and move up to CTF style challenges.

• https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
• http://overthewire.org/wargames/
• https://www.offensive-security.com/metasploit-unleashed/

 2. Learn the basics
You can’t just start “hacking” into systems without learning the basics first. This knowledge base includes networking, operating systems, command line fu, web, and common protocols. Some of this information can be gained through certifications such as the Security+, Certified Ethical Hacker(CEH), and eLearnSecurity as well as just googling and looking on youtube. If you are the broke college student type, there are plenty of free resources out there; check out the last one below to get a start.

• https://certification.comptia.org/certifications/security
• https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/
• https://www.elearnsecurity.com/
• https://www.cybrary.it/

3. Capture the Flag!
CTF’s are a great way to meet people and practice some of the skills you have learned. Although some of these are rather “gamey” experiences, you will get more comfortable with your tools, the command line and learn some interesting things from your fellow hackers.

• https://ctftime.org/ctfs
• https://trailofbits.github.io/ctf/

4. Meet other hackers
What better way to gain experience, techniques, and network then to hang out with others of the same ilk. CTF events are great for this, irregularly, however, there are significantly more opportunities to expand socially. Meetups, conferences and other organization events are fantastic ways to expand your horizons.   If there aren’t any in your area and you aren’t willing to travel, then make your own meetup and get the ball rolling!

• http://www.securitybsides.com/w/page/12194156/FrontPage
• https://digitalguardian.com/blog/top-50-must-attend-information-security-conferences
• https://www.meetup.com/