In previous article we’ve learned about owasp 10, basic attack techniques and overall idea of penetration testing. And you might ask, what should I do next? Am I a pentester now? Well, you’re not. But it’s only a matter of time when you will.
I won’t lie to you – this is not an easy path. Mostly because there’s no roadmap and an amount of data that you must process is overwhelming at first. IT and cybersec are very different from the majority of other professions. Most of the things you’ve learned are already obsolete. If you read a book about some product or technology, it’s most likely already out of date for year or two by the time you get it from a shelf. And if this book is not in English – for three years and more.
Your formal education is most likely irrelevant already if you graduated 5 or more years ago. Even if you spend most of your time learning various useful things, there is most likely be one guy who is better at everything you already know. And worst thing – there’s more than one guy out there.
So, we’re doomed, right? Not really. There are several things that I recommend to everybody who makes first steps in this field.
My ex-collegue spent many months studying basis of tcp/ip, routing and switching, but today he can set up and troubleshoot pretty much every network he came up with. Because basics knowledge is the key. My suggestions are:
- Basics of HTTP: http://www.ntu.edu.sg/home/ehchua/programming/webprogramming/http_basics.html
- How does DNS work:
- SSL and TLS:
- Linux shell scripting:
- Basic Python scripting (in fact, you can start with Perl or Ruby): https://www.tutorialspoint.com/python/python_basic_syntax.htm
- Computer Networking:
- Wireshark User Guide:
This will get you started (and will raise even more questions in process).
When you’re finished with basics (or get bored with ones and refuse the idea to become a pentster) I suggest you look for courses. Internet is filled with various courses related to cybersec. eLearnSecurity, Udemy, SANS – you can’t just count them all! But they’re pricey, thousands of US dollars. If you can afford this way – great, but I think the best thing you can do is to look for course plans. You see, I’m convinced that by today there’s nothing unique about these cybersec courses. There are multiple reasons for this situation, but main thing here is that course plans should serve as a roadmap for your further study. Break all the topics and start googling. I promise that you’ll everything and much more than you’ll hear at ANY of these courses. Take a look at syllabus for eLearningSecurity course of Pentester professional – https://www.elearnsecurity.com/collateral/Syllabus_PTPv5.pdf. It will give you the idea where to dig next.
By this time, you must be ready for action! Here we go – look for online labs to master your skills. I’d start with these resources:
- https://www.pentesterlab.com/ – greatest place to start. It contains hundreds of virtual machines to practice your skills. Many of them are free and contain guides and tips to keep you going. You start with really simple tasks, but at some point it gets tricky.
- https://www.vulnhub.com/ – biggest collection of intentionally vulnerable machines (completely free!);
- https://www.hackthebox.eu/ – collection of vulnerable web machines. It’s not free mostly and you have to hack your way in to get an access.
Also, I suggest you to watch youtube for CTF examples. There’s a catch – CTF has almost nothing to do with pentester job. CTF is like a state math contest, it has nothing to do with math in real life. But! You would definitely learn many new tricks during these sessions.
CTFs are fun, but pentest is mostly routine (in fact they’re not =)).
Cheat sheets are great stuff only then you write them by yourself. Because they reflect what you’ve learned by yourself. When I studied in a university I used to write cheat sheets for every major exam. I write them and left at home because writhing things makes you memorize better.
There are a lot of pre-built cheat sheets on the Internet for great variety of topics. I suggest you to start with two most famous: Red Team Field Manual (RTFM!) – the most famous cheat sheet out there, and Blue Team Field Manual.
What? Yes. You might not agree with me but if definitely works. There are a lot of books written about gamification in general. The cornerstone book I guess is “Homo Ludens” by a Dutch historian and cultural theorist Johan Huizinga.
Games are a big part of my life and people around me for years. And titles like Uplink, Hacknet and Hackmud are great examples of “hacker simulators”. Of course, they are not meant to teach you real life techniques, but they are excellent motivators to keep you going.
Unfortunately, there is no single course or ultimate book that contains everything, but overall, we’re lucky because we have the whole world wide web at our fingers and best thing we can do is to practice. And practice. And practice even harder. And there’s a great chance that you’ll become a world class professional studying by yourself. Recent studies show that major IT companies like Google, IBM and Apple no longer require formal college degree to get a job and this is a great paradigm shift.