Chapter 15
In this chapter I cover ten tips to help you refine your pen testing skills as you continue in your career or education.
Keep learning. Study often and do not limit the scope of your studies. You can get by in your career by learning the basics, getting the tools, and running them. However, you need to learn the finer details of information technology systems, networks, and services and how they are secured or threatened.
The ways you can continue your education are unlimited. However, if on a budget (or have resources to access resources within a budget), here are a few ways you can help yourself:
Carpenters and other trades rely on their tools to be able to do their jobs. Auto mechanics, welders, and others who use tools to conduct their work can’t do great work without tools that are maintained and preserved. The same is true of IT professionals, especially those who function in the security realm as pen testers.
No matter what, consider your tools as the most important thing you can maintain. Keep the following in mind as you build your toolkit:
Never get comfortable with the same vectors, tools, patterns, and attacks. Always consider another option. The plan B. You have to constantly think outside the box to stay ahead of those who commit crimes. Think of hackers and attacks like running water. It will find a way. You too need to think like running water and consider, anticipate, and get ahead of different types of attacks and vectors for attacks by developing this dynamic mindset.
I talk a lot about vectors in this book. In Figure 15-2, I show an example of a planned penetration test where I want to enter the network via the wireless access point. In a situation where I am working with an organization that has given me the ability to try another path if possible, I have found another way through the Internet connection (plan B) to access the network externally. I could also have accessed the network from picking up a signal from the parking lot.
You need to know what hackers do. As an ethical person, it’s not easy to think like a criminal. This is where the great pen testers excel. You have to think beyond what a good guy would do … what someone who has ethics would do.
Ways to help you develop this is by reading. You can read attacks that took place in the past to learn about those who conducted them. One of the oldest hackers of the past is Kevin Mitnick who conducted hacks back in the ’90s when he was arrested in 1995. Learning about Kevin and how he turned into a grey hat hacker over time helps to get inside the mind of those who conduct crimes and their motives.
Whether it be conferences, online communities, or social outlets online or in person, spend some time networking with others in your field.
Two conferences where you can continue your education, learn specifics of pen testing from experts in the field, meet book authors, and get access to current trends and classes about current products is Defcon (www.defcon.org
) and Blackhat (www.blackhat.com
). Normally both are held in the United States, but over the years the conference has grown and expanded to other countries as well. Both of these sites will have options to sign up for a conference, but have other options as well to view older media, papers and research conducted over the years. It is also a great way to meet other experts in your field as you continue to grow within it.
There are professional organizations that cater to pen testers, schools that form groups of likeminded individuals, governance committees, and other types of groups that allow those who conduct ethical hacking to join together and share ideas. There are government agencies that you can join to work more closely with LEO and military or other government agencies to share ideas and information.
Chapter 16 offers some websites where you can investigate options; however, a simple Google search can provide you with a wealth of ideas and information.
If you buy and build one, rent space, or lease system time from others, use online resources available to you for testing or through the use of virtual machines in a lab you build — hands-on time is crucial to your success. You need to be able to run the tools, hacks, tests, and see what is possible. It’s one of the best ways to learn how to become an elite pen tester.
Because there are many challenges to do this, you can still learn ways to get hands-on training:
Figure 15-3 lays out a nice lab strategy you can use to start to develop a pen testing practice lab at work or at home.
Some of the items you may want to consider in building your lab may include (but not limited to):
As you learn more and more, you can add systems and infrastructure to further build out the lab so you can conduct more tests.
Just like any other role, skill, or function, the more you know the better off you will be. Up-to-date threat information can help you learn about the myriad of attacks and patterns coming out daily. This information deepens your knowledge of what you need to be aware of as a pen tester protecting against them.
Technology is always changing. Remember when virtualization became important? Cloud? Wireless? Mobile? As each of these technologies emerged (and in some instances converged), it was important to stay on top of them because the minute they came to market, there seemed to be a ton of attacks that came right along with them. When wireless hit the market, for example, there were drive-by scanners hanging out of cars — hackers were cracking into systems in companies from the parking lot. You must know about new technologies, learning about them, and anticipating how black hat hackers might use them.
There are countless resources available to learn of new technology. For example, if you know your primary targets are going to be Cisco, Citrix, Microsoft, VMWare, Linux (select a distribution), and EMC Storage, you may want to add yourself to those vendors’ websites and their mailing lists to stay ahead of updates, new patches, version updates, and so on. If you have a contract with any of these vendors, they should be sending you information; however, anyone can contact these vendors and be added to their mailing lists so you can learn more about them. For example, if you were a large Cisco networking customer, you can gain access to RSS feeds, field notices, security advisories, bug alerts, software updates, and so much more.
Building your reputation is easy. For someone (anyone) to let you into these protected networks where all their data sits, they absolutely must trust you. Trust. It’s the critical piece of the proverbial pie of your career in pen testing. Identify as someone who can’t be trusted, and it’s likely you will never work for a company that needs your assistance in thwarting crime again.
This means you cannot be a criminal! You need to make sure you act professionally and ethically. Build your network of peers and people who can vouch for you and continue to act in a way that is honorable and as a consummate professional.
All the technical knowledge, skill, tools, and experience in the world can’t save you and a company from a social engineering attack. Nothing can thwart technical security faster than social engineering. Card swipes, magnetic door locks, bio-sensor reading, cameras, physical security guards, wall hopping, and all of the other things that fall outside of the computer network where data is kept can’t stop someone from breaking and entering. Always consider physical security challenges as a pen tester and augment your technical vulnerability analysis and scans with checking how physical security and defense in depth stacks up.