Path To Pentester (Original guide posted to 4chan/biz by OSCPanon - 2019)
Learn Linux:
I say this, because although I do know a few guys who hack from Windows, most do not. And even if you use Windows/macOS, you still will be hacking into Linux servers!
Linux is an absolute must. If you have linux experience, then learn bash scripting and python.
If you have never used linux, then my recommendation (and what I did personally,) is to get a cheap or old laptop/PC , wipe it completely, and install a linux OS.
Use this PC for all your basic computer needs.
Force yourself to learn linux, and more importantly, force yourself to work from the command line as often as possible.
Don’t know how to move a file or can’t remember where applications are installed?
Don’t know how to install an application or open a weird file type?
Google how to do it from the command line! You must learn linux.
Learn Python:
Python is the most important programming language you could learn for hacking. Over 50% of all exploits are written in python, and nearly all great hacking tools are written in python.
Metasploit (originally written in Ruby) is now supporting the importing of python modules, and I expect, in the future, all modules will be in python.
Python is also great for scripting and writing your own tools. In order to learn python, I suggest two different (but similar) sources:
https://learnpythonthehardway.org/
https://www.udemy.com/learn-python-and-ethical-hacking-from-scratch/
Zaid Sabih is a fantastic instructor on udemy, and his python and ethical hacking course is one of the best Offensive Security courses I have ever taken. I believe it is still on sale for $11.99 on udemy. I highly recommend that course. He also gives a few tips on working in linux.
If you prefer the college course style of learning, then “learn python the hard way” is a textbook / recorded lectures style and it is a very good course from completely learning python from scratch as well. It is $30, but if you decide to go that route, I can share the entire course with you.
I recently uploaded the whole thing to google drive for a friend (its DRM free), so just send me your gmail and I can add you to that google repo and you can download it for free.
Get Certifications:
Ok this is going to be some non-standard advice here… Most the IT industry focuses heavily on certs. If you look on Linkedin, you will see most people in IT Security just piling up certs on top of certs (A+ , Net+ , Security+, CASP, CISSP, etc…) Here is my breakdown for pentesters:
IF you want to pentest for a living, then you need OSCP!
OSCP is the only certification that mattered for me to get my penetration tester job with Secureworks (the largest, most successful red-team in the world.) I have other certifications, but they could not care less. The ONLY certification that currently exists, that is considered proof that I can hack, is the OSCP (Offensive Security Certified Professional).
This certification is from Offensive Security and it is the gold standard. There’s only an estimated 5500 people worldwide who have this certification, so it is an instant job if you manage to get it.
This is NOT something you should start right away, this is what should be your final goal on the path to a penetration testing job. This is the end game.
Get the OSCP and you will be a pentester. Everything else you do, and everything else I list here, should be done in an effort to get your OSCP cert, because once you have it, you are ready to hack.
The other certifications I suggest are:
- CompTIA Security+ - very good cert, I consider it the most broad, and most broadly applicable across the industry.
- CompTIA CASP - if you get Security+, you may as well do this ‘advanced' version, which I thought was easy after doing Sec+ , and if you ever work the Defensive side of security, this cert will get you a very good job.
- CeH (Certified Ethical Hacker) - I have mixed feelings about this cert.
Lot’s of people get it, and lots of people have it, who have no idea what hacking really is or how to do it. They also couldn’t copy a file from one folder to another on a linux machine…
However, it does have value, in that it forces you to learn all the hacking terms, tools, and methods, in preparation for the test. It is an overly expensive certification, and I do not think many employers outside of government really place much value in it.
What I suggest is buying a CeH book, or some other study materials for the exam, such as a course on Udemy or something similar, and doing the coursework, but maybe don’t bother with the test, unless you have an extra $1100 laying around.
It’s not worth it, and you can spend the same amount of money getting OSCP, which is what you really need.
READ, READ, READ:
If you don’t like to read, or are not willing to do massive amounts of research on a regular basis, then this job is not for you. Here’s a list of books you should buy ASAP:
The Hacker’s Playbook 2 (Not version 3! Do version 2 first, it focuses on Metasploit, where version 3 uses empire, and version 3 assumes you have done version 2. Version 1 is too old.) https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B01072WJZE/ref=sr_1_fkmr0_3?ie=UTF8&qid=1550673510&sr=8-3-fkmr0&keywords=ethical+hacking+playbook+v2
Hash Crack v2 (This is the only book you need for password cracking): https://www.amazon.com/Hash-Crack-Password-Cracking-Manual/dp/1975924584/ref=sr_1_1?ie=UTF8&qid=1550673630&sr=8-1&keywords=hash+crack+v2
RTFM (Red Team Field Manual): https://www.amazon.com/Rtfm-Red-Team-Field-Manual/dp/1494295504/ref=sr_1_1?ie=UTF8&qid=1550673684&sr=8-1&keywords=red+team+field+manual
There are many other great books on the topic. Try some out!
LEARN BY DOING:
The best way to learn to hack (or penetration test) is by trying to do it. Now, this doesn’t mean try to hack your school network and erase your tardies… Don’t do that. Thankfully today, there are tons of places where you can legally practice and learn, to hack. Below are my favorite environments for doing so:
HackTheBox.eu - This site is great (though a bit advanced.) You will need to hack your way in to register (if you get stuck, I’m sure there are guides online.)
After that, you can download a vpn package and have access to over 20 servers built by the community for the purpose of hacking challenges and learning.
The forums are great for getting hints and tips, and the people there are generally very helpful by direct message. I’m also there, my handle is itsnemesis. Feel free to message me for help.
Vulnhub.com - Like Hackthebox, but offline. People build Virtual Machines for hacking into and learning, and post them here for everyone to have for free.
Download a few, spin them up in virtualization software, and try them out. The great thing about vulnhub, is that people post walkthroughs and how-to for these machines.
A quick google search for “vulnhub Raven walkthrough” will produce great walkthroughs for that machine name. Great tool.
OSCP Lab - The OSCP certification I mentioned before is setup like the hackthebox.eu lab.
If you do everything else, then when you are ready and you tackle the OSCP for the first time, you will spend months hacking over 40 servers in their state of the art private network. Doing Vulnhub and hackthebox.eu will prepare you for this final test.
Virtual Machines - Spin up your own! You can install Virtualbox from Oracle for free! You can also get free Windows 7, 10, 2012 R2, 2016 Server virtual machines for free from windows: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
Build some Virtual Machines and start testing against them! See what you can break!
Of course, you will also need your attacker (hacking) machine… There are two main hacking Operating Systems, which you can also get for free, but I prefer Kali Linux: https://www.kali.org/downloads/
You can also try out Parrot, though it is not my preference, it may be a better one to start with, since it has a bit more flair in the GUI: https://www.parrotsec.org/download.php
Try them out and pick the one you like!
So I feel like that’s a great start for the technical side of things…
In terms of getting into the industry, there are a couple good steps to take as well. As I said, getting OSCP will solidify your path for a pentesting career.
However, there are other steps you can take to start earning good money, and to get your foot in the door, in the industry, right away.
Once you get the CompTIA Security+ certification, you can get a job on the defensive side of the house.
If you want to start working in the industry, this is the fastest way to get there. Armed with Sec+ , I would start looking for junior analyst positions in your area.
In my experience, these jobs are mostly centered around schools (maybe check with your college!) or large cities (Columbus, Ohio is the largest IT center in Ohio.) If you like Michigan, there’s also a lot of these jobs in Ann Arbor, MI.
Write your resume in a way that leverages your Programming experience at IMCO, as well as your experience doing computer repair / technical work (refer to that as maybe help desk or computer technician).
If you get CASP, you can get a very well paid Defensive job, while you work on OSCP and transition to offense.
With CASP, I would look for mid-level cyber security analyst jobs (check Linkedin!) I actually could refer you to several people that would be more than happy to hire someone like you with this certification. Stay in touch and when you get the certs, let me know! I can definitely help you get a job.
Lastly, go to conferences, if you have the money and time.
I am going to CypherCon in Wisconsin in April. I will be going to DefCon and Blackhat conferences in the fall, and many more.
If you have the resources to get out to a few Cyber Conferences, do it. They are fun and you will learn a lot in a short time span. You will also meet people in the industry, who are always looking for new talent.
Participate in CTF (Capture the Flag) challenges. These can be in person or online.
Though until you have more experience, I would start with the in-person ones. I know the founder of the Northwest Ohio ISSA chapter, and they recently ran a CTF event in Toledo, Ohio. Contact Dylan Foos: https://www.linkedin.com/in/dylanfoos/ to find out more! Tell him I sent you.
Well that should get you started. And honestly, I guarantee, if you do all these things, you will be a penetration tester.
Now, since this path is not easy, and can actually be very difficult, and at times tiresome, here are some more fun resources to keep you going when things get tough:
- Mr. Robot - Great TV show. Check it out.
- Ghost in the Wires - Book by Kevin Mitnick. Great hacking book, true story.
- War Games - 1980s movie about hacking. Cheesy, still cool. The old hacking tech is awesome.
- Hacker Wars - Documentary about Anonymous https://www.youtube.com/watch?v=ku9edEKvGuY