![[Original size] White and Pink Strikeout](https://static.wixstatic.com/media/8264b6_7b0a194fbd554fac92d9b94b2375c5e8~mv2.png/v1/crop/x_52,y_156,w_384,h_171/fill/w_446,h_199,al_c,lg_1,q_85,enc_auto/%5BOriginal%20size%5D%20White%20and%20Pink%20Strikeout.png)
Recently, I put out a post on LinkedIn asking the community for stories and insights from their own careers, if they so wanted, to help provided much-needed non-coronavirus-related reading material for the community.
Dzianis responded to that callout and has written his guide to entering this career through regimented self-study. Thanks go out to Dzianis for sharing his insights, and his LinkedIn profile can be found here.
Introduction
From time to time, I receive questions about starting a career as a Penetration Tester a. k. a. security QA, White Hat Hacker, Red Teamer, Offensive Security Engineer, etc (the differences between these specializations are beyond the scope of this post).
I tried to reveal my vision on this. These recommendations are for SELF-STUDY and specialized for web penetration testing. If you attend any penetration testing course or study with a mentor/teacher this material is still beneficial, but it’s better to listen to your sensei first.
Editor's Note: Finding a "sensei" to take you under their wing, as it were, can be one of the most beneficial things you can do to assist a career in information security. It is so, so easy to fall into tunnel-vision, and a mentor can help keep you on the straight and narrow.
DISCLAIMER! This article reflects my point of view only. There are no easy success stories, which could prove the effectiveness of my recommendations, where the definition of success is getting a job. Moreover, there are a couple fail cases – students resigned from the studying track, because it’s so much to learn. Sad but true - but it happens!
Learning path
0. (optional). - Read Matthew Twells - Cybersecurity Field Manual.
I recommend it to get a common view on the industry, existing specializations, career paths and salaries. It may happen that you will change your mind about going to Offensive Security and start learning Security Compliance or Forensics.
NB: I did not ask Dzianis to shout the book out in his article, nor do I in any, but I massively appreciate the recommendation!
1. Install the Kali Linux Distro, and understand what it is for.
There is no need to learn the Kali distribution in immense depth for a novice specialist straight out of the hobby-hacking context. Therefore, just a link to a quick overview of this distribution and a couple of others (I do not recommend using them, but it is up to you).
NB: Offensive Security publish Kali Linux Unleashed for free as well, and is a massively recommended read for newbies.
2. Train actual hacking doing labs and challenges:
- Vulnhub is a vulnerable virtual hosts repository. There are tons of them and it's free. There are few cons, though. Often virtual images either don’t run at all or have glitches and Unix OS only. Vulnerable units are designed for students at different levels. Thus, if you are good in troubleshooting, it's not a bad option.
· Then start working on your own.
The newer a virtual machine is, the more likely it runs smoothly. Here is one more nice review (be sure to check both parts).
- http://overthewire.org/wargames/ - An excellent set of hacking challenges for a newcomer. The recommended order of the challenges to solve is specified there as well.
- HTB is an excellent (probably the best) portal for practicing pentesting skills. Beginner tips.
I do not recommend Hack The Box for a total beginner, because even "Easy" machines require some real skill. Switch to Hack The Box as soon as you feel comfortable with the previous two resources.
Free Hack The Box accounts have a painful drawback – there a lot of hackers per free server, so most likely you will interfere with each other. On the other hand, VIP costs about 12 pounds monthly or 100 per year, not so much I believe. Personally, I feel much better paying this money and avoid doing everything from scratch every 5-10 minutes.
This one is pretty tough though. The course’s logic follows from specific to general, from technical details to high-level ideas. If any specific topic appears to be too tough for you - just leave it. Many of them are standalone and skipping them will not dramatically hurt your future understanding.
4. Read The Web Application Hacker's Handbook by Dafydd Stuttar, Marcus Pinto.
Book complexity fits for a novice web-penetration tester perfectly. It has plenty of topics covered, nice language also offering labs access (didn’t try them myself though).
5. Try to pass RITx cybersecurity courses.
Lecturer Jonathan Weissman is the genius of delivering complex material in simple language. The courses help you to get another view on the "big picture" of the cybersecurity domain and get some technical details.
6. Learn OWASP Top 10 as deep as you can.
It’s a basic set of web application vulnerabilities, with ways to exploit and prevent them.
I would say that you could learn this theory in about 3 months if you have a lot of free time. But there are no proofs on that, your mileage may vary.
Summary
The recommended sequence is:
· number 0 if it fits
· number 5 with number 1
· number 2 with number 4
· slowly read number 3
· number 6
Addendum
Even more practice:
I did not try those myself, thus, these are for personal investigation.
Comments