As a professional penetration tester I often get asked questions like "What are the top 10 tools you use" or "How do you get to be a pentester". Since I become a SANS instructor more and more these questions come from media and they get to reword my responses to make their story. I would like to post here my direct and accurate answers to some of of questions I have been asked recently. Q: What are the top five skills that a penetration tester must possess? Q: Are there typically broad steps that a pen tester follows? Like a playbook that they follow? What do these steps look like? Q: What three tools are typically first in a pen tester's arsenal? The real ingredients for a successful penetration test by a good team are people, process, and technology. Q: What is the single biggest mistake that a pen tester can make? I have always described penetration testing as attempting to find an alternate functionality or data. Or identifying an alternate method of accessing functionality or data. Both of these are often not placed there deliberately, but they sure are handy. I am never quite certain how to respond to the question of how to become a penetration tester. Honestly, it seemed to have found me as a career. My first degree is in political science. However my true interest has always been in exploring new ideas, and playing with things until they broke. Most people I know have found many different paths to this one. The many creative arts and scientific methods required in a team make for eclectic mixes of people that's for sure! Please let us know what you think are the tools, techniques, and skills required for penetration testing! Cheers, |
Adrien de Beaupre 353 Posts ISC Handler |
Reply Subscribe |
Sep 18th 2015 2 years ago |
Can you provide us some examples of phishing email text, and tools you use to exploit the desktop? It seems that a well-crafted phishing email rolled with a utility to gain access from an unsuspecting employee would be the easiest way in.
I would be interested in some past examples of phishing email text. I'd like to test my own users in my organization to see how well I've educated them. Thank you! |
Shadow 1 Posts Posts |
Reply Quote |
Sep 17th 2015 2 years ago |
'Was glad to see the comment about "mindset" rather than tools. I think the best way I ever heard it described was by an ex navy seal. He said (and I'm paraphrasing here) "I see the world differently. Most people, when they see a tall building, a big bridge, a freeway overpass, they think 'wow, look at what mankind can build and how strong it is'. Me, I see all the flaws, all the weaknesses. I see how I can make it all come crashing down with the least amount of C4."
![]() Ever since I wrote a chat program on an old TOPS-20 system in High School in the mid-80s only to find the system admins had broken it because being able to read/write from a station that wasn't logged in was a security risk (you could write a fake login prompt, accept a username/password, print out "password incorrect" and disconnect), it was as if a light went on and I began to see the cyber world in a whole new way. Now, when someone is describing the features of some program or showing me a network diagram, I'm often noticing how it might be abused. It's almost as if it's just instinctive. The key, IMHO, seems to be finding someone with the right mindset, but who also has enough moral character to understand that just because one CAN do something doesn't mean one SHOULD do something... at least not without permission... in writing... ![]() |
Brent 98 Posts Posts |
Reply Quote |
Sep 17th 2015 2 years ago |
That's a principle that can apply to nearly all choices in life: "Don't be a dick!"
|
AlfredP 5 Posts Posts |
Reply Quote |
Oct 6th 2015 2 years ago |
I've never liked the question: "what tools do you use?" The choice of tool is really irrelevant. Do you care what brand table saw your general contractor uses to build your house? Of course not, only that his cuts are straight and the finished product meets your quality standards.
I will always answer the question though. After all "the customer is always right". ;) Your methodology is sound. That's the way I do it and believe most pen testers do it that way. One key differences between pen testers is the final report. if someone hands you a Nessus report and says "have a nice day", run the other way. Find the tester that takes the time to actually write up findings and provides a detailed and actionable analysis. --cheers |
James 1 Posts Posts |
Reply Quote |
Oct 9th 2015 2 years ago |
Sign Up for Free or Log In to start participating in the conversation!