Are there any professional penetration testers here? I'm going back to school and I'm undecided at the moment but I'll probably do networking. Anyway, I really enjoy infosec anad I'm thinking about shooting for a cert after college. I know that infosec covers a ton of different fields so it'll probably be years until I'm actually any good at it. I have about ten years of experience with UNIX & GNU/Linux and a basis on metasploit, forensics, programming and networking but my reverse engineering skills are shit. I enjoy CTF as well but have never been in a competition. I'm looking for some first hand experience on exactly what I'm getting myself into.
>Is infosec everything you expected it would be?
>As a penetration tester, what does your job mainly consist of, standard security audits or is it more rigorous?
>Any tips you wouldn't mind passing down to someone such as myself?
Are there any professional penetration testers here...
Other urls found in this thread:
>cert after collage
>got mine in school
Lol you dumb bitch
i penetration tested you're mom
It's boring as fuck paper pushing all day every day. Do you really have no other career choices?
What are you certified is dumb cunt?
You're full of shit. What kind of fucking job do you have?
90% research, 10% actual exploitation
and then hours and hours of reporting, but not before hours and hours of planning and scoping.
being able to look at different companies that all have different setups is nice though, since no two companies will do everything the same.
That doesn't sound too bad. All I do on the computer is research anyway. There's always something new to learn.
I pen test for banks
If you pentest for banks then it shouldn't entirely consist of paper pushing.
Any interesting insights to offer on SWIFT?
>watched mr. robot
I hated that show. I thought it was going to be good at first but nope...
>cringeworthy
Bullshit
It's exciting. You get to look around systems and try and find new ways to break in, creativity at it's best.
That's what I thought. I mean, should I hone my programming more? All I really do is write shell scripts. I know some Python and have a basis on a few other languages.
programming is definitely important. You need to be able to come up with new exploits and such to bypass any patches. You should not rely on exploit-db or some CVE to provide you access. Certainly because new IDS/IPS devices are being invented all the time.
My main issue is that even though C/C++ are my favorites they can be kind of ambiguous. Which languages do you see the most of? I'm thinking Perl, Assembly, C/C++, Python and I don't know, maybe PHP, Ruby and Javascript. I never bothered with the last three because of all the CVE's and exploits for them. I probably should though.
Assembly would be more towards when you already have access to the system and need to implement some sort of access-maintaining program or such to bypass Anti-Viruses. Python, Ruby, and Perl are very useful. I mainly see C targeted towards more linux systems.
However if part of your scope would be web-based pentesting, then yeah, PHP, JavaScript, learn some SQL while you're at it too.
I've done some basic SQL injections on sandboxed networks but nothing too serious. I'm trying to set up a CTF team because there's a few of us that do have a lot of experience and I also feel that more people should get into infosec. Thanks man. I appreciate it.
A good way to improve your pentesting abilities is trying out VM's like tr0ll, metasploitable(meh), kioptrix(even work anymore over NAT or Host-Only?), etc.
Try and come up with new ways each time to break in, and try and set a faster time.
Vulnhub is a decent resource if you weren't aware.
vulnhub.com
If you were aware,you're alright.
Yeah but I was just giving specific ones that I personally have experience with.
Yeah, I play with Metasploitable 2 a bit. I haven't hardened it at all yet. There's a few fun things to play with on there. That's the only one I've used.
tr0ll 1 and tr0ll 2 are great. Lots of ways to break in.
if you don't go to uni, you can pretty much bulk order kneepads now to to suck the dicks that are INCOMING IN FUTURE NEAR YOU!
I do go to uni you fucking retard.