New to Pen Testing

AaronToal87

Hey I'm new to Pen Testing and I wanted to know whats the best certs to get for it? I know a bit of programming (Java & Python) but whats the best programming language for it? I've got a few books to read as well on sql injections and some coding for pen testers but any advice for a newbie??:D

syklops

AaronToal87 wrote: »

Hey I'm new to Pen Testing and I wanted to know whats the best certs to get for it? I know a bit of programming (Java & Python) but whats the best programming language for it? I've got a few books to read as well on sql injections and some coding for pen testers but any advice for a newbie??:D

I would say python. Funnily enough Metasploit and its modules are written in Ruby so some Ruby would be of benefit, but most Pen testers I know rely heavily on python, and most new tools are written in Python. Apart from the ones that aren't. A fun book to read is Violent Python.

Cert wise, I recommend the SANS GPEN and GWAPT. Also, recommend the OSCP.

Don't bother with the CEH, although it looks good and HR people like it.

Keyzer

Are you working in pen testing or planning to move into a pen testing role?

AaronToal87

syklops wrote: »

I would say python. Funnily enough Metasploit and its modules are written in Ruby so some Ruby would be of benefit, but most Pen testers I know rely heavily on python, and most new tools are written in Python. Apart from the ones that aren't. A fun book to read is Violent Python.

Cert wise, I recommend the SANS GPEN and GWAPT. Also, recommend the OSCP.

Don't bother with the CEH, although it looks good and HR people like it.

So only get the CEH to round out the CV then?

Thanks for the certs you recommended I'll have a look into them.

Keyzer wrote: »

Are you working in pen testing or planning to move into a pen testing role?

I'm an intern at the moment so a bit of both as I'm moving into pen testing now and I'm just looking for some advice if you have any?

Blowfish

After all of the above, go for certs specific to tech you are likely to encounter. After all, once you've gained access to one system, you are going to need to know your way around it if you want to leverage it to penetrate deeper. CCNA and above, RHCE, various SQL server techs etc. would certainly be no harm.

harney

CREST in the UK is becoming a default standard at the moment. It is required for government testing, but is becoming popular in industry too, and they are trying to expand out into Australia at the moment. The only issue is, as far as I am aware, there are no training courses or books. There is info on the website about areas you will be tested on, but that is it.

http://www.crest-approved.org/information-security-testers/index.html

The base exam is the CRT exam which is a 4.5 hour (I think) exam split between a theoretical and a practical element. The practical part is open book, but you have to leave your hard disk after for them to securely wipe it. They will post it back a week or so afterwards.

The GPEN, and to a lesser extent the overlapping GCIH exams from SANS are quite good, but expensive.

I haven't really heard anybody say good things about the CEH certs, although HR love them for some reason.

CISSP, although not a pen testing cert, is probably worth looking at down the line. It is not very deep, but quite broad, and again is something HR like to see.

AaronToal87

Blowfish wrote: »

After all of the above, go for certs specific to tech you are likely to encounter. After all, once you've gained access to one system, you are going to need to know your way around it if you want to leverage it to penetrate deeper. CCNA and above, RHCE, various SQL server techs etc. would certainly be no harm.

I'm doing the CCNA now and also the CompTia Security+, I've got a good understanding of Linux and I've got a book called SQL Injection Attacks and Defense I've got to read so hopefully that will help.

Does anyone know if the new CompTIA Advanced Security Practitioner (CASP) cert is worth it's money I heard it's coming up in the InfoSec certs as a top one to get??

syklops

AaronToal87 wrote: »

.

Does anyone know if the new CompTIA Advanced Security Practitioner (CASP) cert is worth it's money I heard it's coming up in the InfoSec certs as a top one to get??

Says who? CompTIA?

AaronToal87

harney wrote: »

CREST in the UK is becoming a default standard at the moment. It is required for government testing, but is becoming popular in industry too, and they are trying to expand out into Australia at the moment. The only issue is, as far as I am aware, there are no training courses or books. There is info on the website about areas you will be tested on, but that is it.

http://www.crest-approved.org/information-security-testers/index.html

The base exam is the CRT exam which is a 4.5 hour (I think) exam split between a theoretical and a practical element. The practical part is open book, but you have to leave your hard disk after for them to securely wipe it. They will post it back a week or so afterwards.

The GPEN, and to a lesser extent the overlapping GCIH exams from SANS are quite good, but expensive.

I haven't really heard anybody say good things about the CEH certs, although HR love them for some reason.

CISSP, although not a pen testing cert, is probably worth looking at down the line. It is not very deep, but quite broad, and again is something HR like to see.

Yeah but don't you need to be in IT Security 5 years or so to do the CISSP?

syklops wrote: »

Says who? CompTIA?

hahaha yeah most likely was from a CompTIA rep saying its coming up but I'm not sure I know they wanted it to be there CISSP but it's not close to that

AaronToal87

syklops wrote: »

Cert wise, I recommend the SANS GPEN and GWAPT. Also, recommend the OSCP.

Have you done the GPEN or GWAPT? If so what books would you recommend for me to study to help pass them??

Also how hard is the OSCP I heard its tough

syklops

AaronToal87 wrote: »

Have you done the GPEN or GWAPT? If so what books would you recommend for me to study to help pass them??

Also how hard is the OSCP I heard its tough

I've done the GPEN. I recommend the GPEN courseware. Currently studying the GWAPT though finding it very easy so far. One of my colleagues has done the OSCP and he said it was tough, but my kind of tough :cool:

AaronToal87

syklops wrote: »

I've done the GPEN. I recommend the GPEN courseware. Currently studying the GWAPT though finding it very easy so far. One of my colleagues has done the OSCP and he said it was tough, but my kind of tough :cool:

How long did you study the GPEN before the exam? I think that's the next cert I'll go for did you take it in Dublin or did you do it somewhere else?

syklops

AaronToal87 wrote: »

How long did you study the GPEN before the exam? I think that's the next cert I'll go for did you take it in Dublin or did you do it somewhere else?

I did the 5 day bootcamp in Las Vegas studied for 3 months and then did the exam. I say study, its open book, so I recommend building an index of the five books so you know exactly what page you will find the answer. Will save you a lot of time in the exam.

The questions can be very specific so you will want to look a lot of stuff up. Stuff like, in wireless what frequency is channel five?

a: 2.417
b: 2.432
c: 2.442
d: 2.447

AaronToal87

syklops wrote: »

I did the 5 day bootcamp in Las Vegas studied for 3 months and then did the exam. I say study, its open book, so I recommend building an index of the five books so you know exactly what page you will find the answer. Will save you a lot of time in the exam.

The questions can be very specific so you will want to look a lot of stuff up. Stuff like, in wireless what frequency is channel five?

a: 2.417
b: 2.432
c: 2.442
d: 2.447

Thanks man you've been a big help have you been working in pen testing long?

harney

If you go over the material in the GPEN books, and I guess make an index, you should be fine. I didn't make an index as such, but did put little tabs on areas I was rusty on. You get two free practice exams when you purchase the bootcamp and exam, use them to go the books and you will be fine. It isn't that difficult, although people do fail it so treat it with care

AaronToal87 wrote: »

Yeah but don't you need to be in IT Security 5 years or so to do the CISSP?

You can become an associate, or something like that. Not a full CISSP, but it will still be recognised.