First of all, you must be willing to learn new things continuously to be a Pentester, or you should be at home quickly. Second, you must have a strong understanding of Network and Web Security and an understanding of at least one coding / coding language. Third, you need skills. Fourth, you should be willing to accept the fact that sometimes your projects will be boring or repetitive. Fifthly el If you are still studying here, then I m sure you have what it takes to be a Pentester, then lets get to the details!
Technical Skills:
Yes, technical skills are the lifeblood of a Security Expert. Now, being a Pentester doesn’t mean you just have to focus on one thing — Network Pentesting or Web Apps. In fact, you need to have a broad knowledge of being successful in a technical specialty and even being perfect as a Pentester.
” Why? Iz In fact, Network Pentest, Red Team Work, Physical Security Assessments and even Hardware Security Assessments don’t do much for beginners and are usually planned for much more advanced testers, but you won’t be able to do this, and don’t do it after you prove it. It doesn’t mean that you don’t have the opportunity to do more, or you’ll probably do projects in this area, depending on what your expertise is.
In the next section, I will list a series of technical skills that I believe are the most useful (and not in a particular order) to become a pentester. You should be aware of using at least 1–2 of these skills (including Web Applications) at an intermediate level and at least 3/4 of these skills to be at the top level.
With each skill, I’ll give you a brief description of what you can do, then I’ll give you a list of resources to help you get started or learn more about it.
- Web Application Security:
Web Applications plays a vital role in today’s organizations as more software applications are offered to users through a web browser. Almost everything you could have done on the Internet involves the use of a web application — register for an event, buy items online, pay bills, or even play games.
Due to the extensive use of web applications, it is often the most attacked entity on the Internet and often has a wide consensus, such as Panera Bread and Equifax Breach.
Is it true that these violations can be prevented? Yeah! However, only web applications are tested internally or thoroughly by a consulting firm. Anyway — such vulnerabilities could be overlooked.
Can this be caused? To be honest, unqualified testers, restrictive coverage, a very large project duration, very little project time, too many web applications and enough testers, the source code is not available v the list goes on.
The result is a talented tester who understands web applications, understands how they are created, worked, communicated, and what libraries they use, and so on, that they can easily focus and understand a web application’s vulnerable or intriguing parts. Will the tester detect anything? No, of course, we’re not superhuman, but with experience and a good knowledge, you’ll be able to find enough security gaps to protect a web application from future attacks.
As a pentester, you’ll make WAPTs on Bank Applications, Internet Platforms, Hosting Services, Online Stores and more! Therefore, you should understand more than basic Web Application Vulnerabilities like XSS, SQli and CSRF. You need to know the vulnerabilities such as XXE, XML / JSON Injection, LDAP Injection, Blind Injection, Code Injection & RCE, Sub-domain Acquisition, Open Routes, SSRF, LFI and RFI. For example, you need to understand specific protocols and their applications. OAuth and SSO also need to understand the use of different platforms and security vulnerabilities such as Jenkins or ElasticSearch.
In addition, a tone helps to understand the language in which the web application was created, because the WAPT is mapped to Code Reviews. So knowing languages such as Java, JavaScript, Scala, AJAX, PHP and Ruby will really help to find hidden gems in the black box.
Resources :
- OWASP WAPT Testing Guide
- OWASP Top 10
- Hacker 101
- PentesterLab Bootcamp
- HackerOne Hacktivity
- Bug Bounty Writeups
- James Kettle / albinowax Research
- Detectify Security Blog
- GracefulSecurity
- SANS Penetration Testing Blog
- The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws
- The Tangled Web: A Guide to Securing Modern Web Applications
- Apps for Testing & Practice
- SANS 2016 Holiday Hack Challenge
- Network Security:
A Network Pentest aims to identify and exploit security vulnerabilities in enterprise or industrial networks, as well as in network devices and their associated hosts / systems. Such assessments often simulate a real-world attack to provide access to a hacker’s internal network.
Now, can a network be 100% safe and secure? Of course not! Nothing 100% safe! Take, for example, Hacking Team Breach. Any complex aggressor with adequate time, money and resources may violate a company; but that doesn’t mean that they should be easy for them when they’re in the network!
Another example would be the breakout of NotPetya Malware in Ukraine. This is a great example of how hackers with sufficient time and resources can compromise a company, and how to use them to further attack against other targets.
As a pentester, you are charged with trying to assess the risk of a real violation. This is not only about getting Domain Name Manager in DC, but also about checking which type of private data is vulnerable.
You should check that user accounts and credentials are easily accessible during the assessment. Are customer information and credit cards easily accessible? How well have members of the company been trained in security issues such as phishing? Are technologies and protections well positioned and properly configured? And more!
How networks work in order to realize Network Pentest, TCP / IP, LDAP, SNMP, SMB, VoIP, etc. You must really understand such technologies and communication protocols. In addition to Active Directory, Firewalls, IDS / IPS, Sysmon, Antiviruses, etc. In addition to understanding such protections, you also need to understand how Windows and Linux inserts work, and how you can use it to further compromise other users.
Although Network Pentests are complex and require many moving parts, it is not difficult to learn. After learning the basics of how to move around the network, everything else comes with experience — like everything else!
Resources :
- Windows APIs
- Red Team Tips
- The Hacker Playbook 3: Practical Guide To Penetration Testing
- Adversarial Tactics, Techniques & Common Knowledge
- AD Security
- harmj0y Blogs
- HackTheBox
- IppSec’s Videos
- Awesome Pentest
- CTF Series: Vulnerable Machines
- Windows Privilege Escalation Fundamentals
- Metasploitable
- SANS Penetration Testing Blog
- Pen Test Partners Blog
- Penetration Testing Lab
- Pentestit Lab Writeups
- SANS 2017 Holiday Hack Challenge
- Google…
- Code Review:
Code review is probably the most efficient technique to identify security vulnerabilities and improper configurations in applications. A manual review of code along with the use of self-test tools can help detect flaws that may not have existed before, when performing a black box pentest, such as logic flaws, authorization issues, incorrect configuration of encryption, and even injection attacks.
The only drawback of Code Review is that it is very time consuming and does not have enough time to cover the entire application if a single test device is too large. To combat this, a test usually focuses its attention on known vulnerabilities and the use of dangerous function calls in the language written in the application. For example, in C, strcpy () is known to be vulnerable. In buffer overflow or PHP, exec () can cause Remote Code Execution when not properly used.
If it wasn’t code review, then some of the most productive insects like Heartbleed, Shellshock, Drupalgeddon 2 would not be available, so you can see how important code review can be!
As a pentester, you’ll probably review a lot of applications using C, C ++, Java, JavaScript, Scala, Ruby, PHP, Python and even Go. You can review the application in detail and find security vulnerabilities or security issues necessary to understand the underlying language and problems that may arise in a good way.
Note that some vulnerabilities are more common in certain languages only; for example, Memory Overflows can be found in lower-level languages, such as C and C ++, then in higher languages than in Python and Ruby. At the same time, unlike Python, Ruby and Java, you may not find too much decentralization weakness in C and C ++.
As a result, it is really a good idea to learn a programming language that will help you make your way towards becoming a pentester. This will not only help the source code to review and understand the specific vulnerabilities, but will also allow you to create scripts and exploits that can be used during engagement — whether you are creating a Concept Document or building a fizzer immediately.
Resources :
- OWASP Code Review Introduction
- OWASP Code Review Project
- 24 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
- Awesome Code Review
- Awesome Static Analysis
- Static Code Analysis Tools
- Codecademy
- Google…
- Binary Reverse Engineering:
Reverse Engineering is an unexplained phenomenon where a hacker read some strange old languages and created an abuse for some magical reasons, or could not understand how the practice works Ters.
Binary Reverse Engineering is the process of separating a program to see how it works or how it works to find specific vulnerabilities. This application is often used by tricks when searched for 0 days or in certain industries or even when the source code is not provided. With reverse engineering, a tester can learn how the application performs certain operations, storing data, and even writing it into memory using a disassembler such as IDA Pro, Binary Ninja, and even Radare2.
You may think that Reverse Engineering is being used for Malware Analysis, such as WannaCry Malware, in order to fully understand the functions of malicious software, but this is not the case! Malware is just another program / application, so you’re reversing an app at the end Kötü
For example, 1 day exploitation for Cisco IOS used reverse engineering and debugging to take advantage of a vulnerability in Cisco Routers. This is something that cannot be done with simple and black box pentesting.
As a pentester, if you know the basics of reverse engineering, then you expect it to be put into concerts that require such knowledge. Usually it uses your information for research, 0 days, and searches for vulnerabilities, and you’ll know how applications work, especially when the source code is not provided on hardware embedded devices. You can also test BIOS and SMM, Virtualization, Containers, Secure Boot and more! To do this well, you need to be familiar with x86 and x64 ASM Architecture and to know how it works together with Stack / Mass Memory Allocation. At the same time, it is very useful to have a low level of knowledge about the internal functioning of operating systems!
For this, the learning curve is usually very high and it takes some time to be competent in this field — after learning it can be thought of as a nuclear bomb in your ammunition olmak then you can call yourself a full-fledged honorer!
Resources :
- Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration
- Introductory Intel x86–64: Architecture, Assembly, Applications, & Alliteration
- Intermediate Intel x86: Architecture, Assembly, Applications, & Alliteration
- Introduction To Reverse Engineering Software
- Introduction To Software Exploits
- Hacking, The Art of Exploitation 2nd Edition
- The Shellcoder’s Handbook: Discovering and Exploiting Security Holes
- HackDay: LEARN TO REVERSE ENGINEER X86_64 BINARIES
- Getting Started with Reverse Engineering
- Reverse Engineering Resources
- LiveOverflow Videos
- Exploit Exercises
- Hardware / Embedded Devices Security:
Reverse Engineering is closely followed by Hardware / Embedded Devices. Keep track of this with hardware and electronic information, as well as some ARM Architecture, allowing you to break up new devices from routers to bulbs, even cars.
With the increase in the development of IoT devices, there is now a growing interest and debate on security for such embedded systems.
Embedded Systems are seen almost everywhere and because they are based on microcontrollers, some computer and electronic engineering knowledge comes into play.
As a pentester, you are securing any hardware or embedded device, SPI, schemas, FPGA, UART, JTAG, etc. You need to understand things like. You also need to understand how to use the tools. multimeter, soldering iron etc. At the same time, the understanding of electronic components such as switches, resistors, capacitors and transistors is always great!
In addition, knowing x86 / x64 ASM and ARM Architecture will help you to test such devices when you take the system image from flash memory or access the source code.
Like Reverse Engineering, there is a large learning curve, but after learning the basics, the rest becomes easier and you gain experience after multiple evaluations over time. To be honest, the best way to learn is to jump on fire and learn when going.
Resources :
- Introduction to ARM
- Azeria Labs — ARM Tutorials
- Introduction To Basic Electronics
- How to Read a Schematic
- Reverse Engineering Flash Memory for Fun and Benefit
- Reverse Engineering Hardware of Embedded Devices
- Practical Firmware Reversing and Exploit Development for AVR-based Embedded Devices
- DEF CON 24 Internet of Things Village — Elvis Collado — Reversing and Exploiting Embedded Devices
- Embedded Devices and Hardware Security — Introduction
- Coursera: Introduction to the Internet of Things and Embedded System
- LiveOverflow Videos — Riscure Embedded Hardware CTF
- Micro Corruption Embedded CTF
- GreatScott! Videos — Awesome Electronics Tutorials, Projects and How To’s
- EEVBlog Videos
- Hackaday Blog
- Reading Silicon: How to Reverse Engineer Integrated Circuits
- Physical Security:
You can have the best security systems in the world, the most robust systems and the best security team, but if an attacker can only run your servers through the front door, nothing will be brought to any of them. Physical Security comes in!
Something unheard of, hackers entering companies … through FRONT DOOR!
But honestly, really take a second to evaluate this issue. We care a lot about the security of our computer systems, our web applications, and the networks that we don’t see in the human and physical dimensions. Anyone can enter a company that has improper security controls, that can steal data, generate malware, or even perform destructive actions.
As a pentester, you need to understand a wide range of issues, such as psychology, surveillance, locking, locking bypasses, RFID, camera systems and the use of universal keys, if you are performing a physical safety assessment. General considerations require you to research your physical location, detail entry / exit points, security of the ground, such as guards, cameras, pressure sensors, motion sensors, back cover defenses and more.
You will then need to enter the building through methods such as key collection (within scope), queuing, destructive entry (rarely in scope), and even social engineering. When you get inside, it’s like sitting on someone else’s desk, usually with certain goals, like stealing a laptop or connecting a dropbox.
Resources :
- Lockpicking 101
- Lockpicking — by Deviant Ollam
- Awesome Lockpicking
- TOOOL: The Open Organisation Of Lockpickers
- Lock Bypass
- Lock Wiki
- Deviant Ollam Youtube
- RFID Cloning
- UFMCS, “The Applied Critical Thinking Handbook”
- Red Team: How to Succeed By Thinking Like the Enemy
- 10 Psychological Studies That Will Boost Your Social Life
- The Ethics of Manipulation
- Psychological Manipulation Wiki
- Mobile Security:
With the growing use of mobile phones such as Android and iOS, smartphones have become a hot target for attackers. Everyone keeps their lives, including their pictures, documents, passwords, credit cards and more on their phones! Just by compromising one’s phone, we have a free reign to all of their accounts and even their lives.
Take this title, for example, C Millions of Android Appliances can be Damaged Outside the Box! Mi Crazy, isn’t it? Many of us believe that companies like Google and Apple are pretty sure they’re safe, that is, until we see another title, like “Google Corrects Critical Android Vulnerabilities Bir.
From the security vulnerabilities like Android’s StageFright, Apple’s ImageIO to even the weaknesses of third-party vendors like Qualcomm, the possibilities are endless! Mobile Security has now risen to rank with endless research and security reviews for vendors, mobile applications, and the core operating system, as such attacks can even jeopardize the safest users.
As a pentester, if you’re going to be doing Mobile Security, then you need to understand ARM Engineering as something you’ll see a lot with reverse engineering applications and the core operating system. It is best to learn and understand Java and Android Runtime for Android, but you need to learn Swift and Objective-C for iOS.
On the day usually reverse engineer applications, source code review, mobile web application pentests, or even reverse engineering and secure the main operating system! You may also be attacking other parts of the phone such as Bluetooth or Wi-Fi for SMS or MMS protocols and applications!
Resources :
- Mobile Security Wiki
- Awesome Mobile Security
- The Mobile Application Hacker’s Handbook
- Android Hacker’s Handbook
- iOS Hacker’s Handbook
- iOS Application Security: The Definitive Guide for Hackers and Developers
- Android Security Internals: An In-Depth Guide to Android’s Security Architecture
- Azeria Labs — ARM Tutorials
- Reverse-Engineering iOS Apps: Hacking on Lyft
- Reverse Engineering iOS Apps — iOS 11 Edition (Part 1)
- Beginners Guide to Reverse Engineering Android Apps
- Reverse Engineering APIs from Android Apps? — ?Part 1
- Reverse Engineering Android APK’s