A Penetration Tester (a.k.a. Ethical Hacker) probes for and exploits security vulnerabilities in web-based applications, networks and systems.
In other words, you get paid to legally hack. In this “cool kid” job, you will use a series of penetration tools – some predetermined, some that you design yourself – to simulate real-life cyber attacks. Your ultimate aim is to help an organization improve its security.
Ethical hacking is a mix of sexiness and boring bits. Unlike real-life hackers, you may only have days to compromise systems. What’s more, you will be expected to document and explain your methods and findings. Penetration testing has been called one of the most frustrating jobs in the infosec field.
In this post I will highlight some of the 10 basic skills that every penetration tester should have. While we can’t realistically expect everyone to have the exact same skill set, there are some commonalities.
1. Mastery of an Operating System.
This can’t be stressed enough. So many people want to become ethical hackers or systems security experts, without actually knowing the systems they’re supposed to be hacking or securing.
It’s common knowledge that once you’re on a target/victim, you need to somewhat put on the hat of a sysadmin.
After all, having root means nothing if you don’t know what to do with root. How can you cover your tracks if you don’t even know where you’ve left tracks?
If you don’t know the OS in detail, how can you possibly know everywhere things are logged?
2. Good knowledge of Networking and Network Protocols.
Being able to list the OSI model DOES NOT qualify as knowing networking and network protocols.
You must know TCP inside out. Not just that it stands for Transmission Control Protocol, but actually know the structure of the packet, know what’s in it, know how it works in detail.
Know the difference between TCP and UDP. Understand routing, be able to in detail describe how a packet gets from one place to another.
Know how DNS works, and know it in detail. Understand ARP, how it’s used, why it’s used. Understand DHCP. What’s the process for getting an automatic IP address? What happens when you plug in?
What type of traffic does your NIC generate when it’s plugged in and tries to get an automatically assigned address? Is it layer 2 traffic? Layer 3 traffic?
3. Learn some Basic Scripting.
Start with something simple like VBs or Bash. Eventually you’ll want to graduate from scripting and start learning to actually code/program or in short write basic software (hello world DOES NOT count).
4. Get yourself a basic firewall.
Learn how to configure a basic firewall and to block/allow only what you want.
Then practice defeating it.
You can find cheap used routers and firewalls on ebay, or maybe ask your company for old ones. Start with simple ACL’s on a router. Learn how to scan past them using basic IP spoofing and other simple techniques.
There’s not better way to understand these concepts than to apply them. Once you’re mastered this, you can move to a PIX, or ASA and start the process over again. Start experimenting with trying to push Unicode through it, and other attacks. The point is to learn to do them.
5. Know some forensics!
This will only make you better at covering your tracks.
The implications should be obvious.
6. Eventually learn a Programming Language, then learn a few more.
Don’t go and buy a “How to program in C” book or anything like that.
Figure out something you want to automate, or think of something simple you’d like to create. For example, a small port scanner. Grab a few other port scanners (like nmap), look at the source code, see if you can figure any of it out.
Then ask questions on forums and other places. Trust me, it’ll start off REALLY shaky, but just keep chugging away!
7. Have a desire and drive to learn new stuff.
This is a must; It’s probably more important than everything else listed here.
You need to be willing to put in some of your own time (time you’re not getting paid for), to really get a handle on things and stay up to date.
8. Learn a little about databases, and how they work.
Go download mysql, read some of the tutorials on how to create simple sample databases. I’m not saying you need to be a DB expert, but knowing the basic constructs help.
9. Always be willing to interact and share your knowledge with like minded professionals and other smart people.
Some of the most amazing ethical hackers have jobs like pizza delivery, janitorial, a marketing exec, or even an MD. They do this strictly because they love to.
And one thing that is common among real hackers is their excitement and willingness to share what they’ve learned with people who actually care to listen and are interested in the same.
These things should get you started.
Have you been studying to become an expert Penetration Tester?
What has been your experience and which are your favorite network security tools?
Please share your thoughts in the comments below.