Author: Richard Curteis
How to Get Started in Penetration Testing
Much has been written on the subject of starting out with penetration testing. Some of it good, much of it, nonsense. We hope that this will not bee too much of the latter, but I can only speak from my own experience, from cyber security and past career adventures and misadventures. Of course, if this does not tally with your own experience, well, I can't help that.
What this will not be is one of those insane collections we see (thankfully less lately) plastered over LinkedIn. You know the ones, "9768758649760977^1337 Badly Written, Disjointed and Partially Maintained Resources to Get into Penetration Testing of Only a Miniscule Relevance to Beginners".
We will focus on keeping it simple and focus on a wild notion.
"Being the best at something is about being the best at the fundamentals"
- Richard Curteis, 2023
Wise words I would say. But aside from trying to make myself sound clever, there is something in it. Once upon a time when a younger and slimmer version of me was marauding around the army, I noted that the units with whom I operated who performed the best and most effectively, were not those with the shiniest equipment or the best training and funding. They were the units who expended the most time and effort perfecting the basics.
In that case the basics constituted the fundamentals of soldiering and infanteering. Physical fitness, discipline in the field, marksmanship and leadership.
cp armySkills cyberSecurity
Well, not an exact copy of skills, but of principles, same rules apply. To be a great professional, one does not have to learn the most advanced topic immediately. The thing is to identify the fundamental elements of the trade in question and those to a level commensurate with your objective.
As regards cybersecurity and starting out as a beginner, that does not mean learning assembly and C and writing mind-bending exploits. No interviewer from this planet is going to quiz you on advanced exploit writing for a junior position for standard penetration testing role.
So what might they quiz you on?
- Have a good grasp of networking. Think the TCP/IP Stack and OSI Model.
- What is DNS and how does it work?
- Understanding common vulnerabilities, OWASP Top 10 anybody?
- Understand causes of and resolutions for common vulnerabilities like XSS and SQLi.
- Difference between authentication and authorisation anybody?
- What is a buffer overflow and how do they occur?
- Difference between a GET and POST request?
- Can you explain what those switches you use for Nmap actually do?
- Linux and Windows command line basics, listing processes and directories, managing users and permissions etc etc.
A great question I've heard posed in the past is, "What happens when you click a mouse button to visit a website?". Thinking about that, answer the first two questions. How deep can you go?
OBVIOUSLY, for the smart alecs, this does not claim to be an exhaustive or by any means perfect set of examples. It merely aims to steer learning objectives when trying to get started. Grasp some of these and then look back at those Hack the Box machines which have been vexing you. Does it seem a little less opaque all of a sudden?
What constitutes fundamentals will also vary depending on industry, role and likely, many other factors.
Good luck and remember. FUNDAMENTALS.