Ethical hacking / Pentesting

MisterBigglesworth

Expert Member
Joined
Aug 15, 2006
Messages
3,322
I was just about to pick up this topic again...

Strangely enough, I am on the other side. I'm a programmer (limited networking experience unfort) wanting to get into this field. Data/information security specifically and pen testing/ethical hacking comes in on my interests too.

Chatted to the guys at SensePost (a while back) and REALLY want to do a course, but data/information security doesn't seem to be on most companies list of things to worry about...so now I'm kind of stuck as they don't want to invest in the training as they see little need for it right now. :(

I would need to do the courses myself, and ja well...don't really have that kind of money right now. So I am stuck and now looking at self study options. As OP states, any help on acquiring the knowledge and skills will be great.

//sorry for mini hijack :eek:
 
Last edited:

Nod

Executive Member
Joined
Jul 22, 2005
Messages
9,771
But if you are looking for a class room environment, sensepost is the way to go, as far as I know they are the only company in SA offering that, they also offer courses at black hat in vegas every year, so they are also well respected in the industry, not just in SA.

SACS also provide good classroom based education.
Mervin Pearce, the owner is very capable and have tons of experience.
 

Zipkoppie

Well-Known Member
Joined
Jul 1, 2009
Messages
158
Your company is wrong if they think there is very little need for investing in security. As the saying goes, there are two kinds of companies, those who know they have been hacked and those who don't know they have been hacked.

If you are interested in self study and dont have the funds you can check out this link:
https://www.jayschulman.com/the-ultimate-coursera-guide-for-the-infosec-professional/

All of their course are free.

Offensive security also has a free course for metasploit:
https://www.offensive-security.com/metasploit-unleashed/

If you are interested in exploit development, a good place to start is smashing the stack for fun and profit
http://insecure.org/stf/smashstack.html
 

MisterBigglesworth

Expert Member
Joined
Aug 15, 2006
Messages
3,322
Your company is wrong if they think there is very little need for investing in security. As the saying goes, there are two kinds of companies, those who know they have been hacked and those who don't know they have been hacked.

If you are interested in self study and dont have the funds you can check out this link:
https://www.jayschulman.com/the-ultimate-coursera-guide-for-the-infosec-professional/

All of their course are free.

Offensive security also has a free course for metasploit:
https://www.offensive-security.com/metasploit-unleashed/

If you are interested in exploit development, a good place to start is smashing the stack for fun and profit
http://insecure.org/stf/smashstack.html

Thanks for this, and fully agree. Unfortunately they are of the opinion that the software/systems they have in place already have their default "security", and that's good enough but I don't agree.

I will get there, just need to move in the right direction to acquire the knowledge ;)
 

Nod

Executive Member
Joined
Jul 22, 2005
Messages
9,771
Thanks for this, and fully agree. Unfortunately they are of the opinion that the software/systems they have in place already have their default "security", and that's good enough but I don't agree.

I will get there, just need to move in the right direction to acquire the knowledge ;)

It is not just software security that needs to be thought off. There should be awareness in the company about social engineering techniques. Seemingly unimportant information gathered from different people (reception, PA's, etc), could be used to get to sensitive information. A firewall, or other software is not going to help you here. The human factor is the biggest "problem" area.
 

MisterBigglesworth

Expert Member
Joined
Aug 15, 2006
Messages
3,322
It is not just software security that needs to be thought off. There should be awareness in the company about social engineering techniques. Seemingly unimportant information gathered from different people (reception, PA's, etc), could be used to get to sensitive information. A firewall, or other software is not going to help you here. The human factor is the biggest "problem" area.

For sure, and daily I can see the loopholes/gaps etc - too relaxed for my liking...
 

Zipkoppie

Well-Known Member
Joined
Jul 1, 2009
Messages
158
Great! If you want some vulnerable VMs to practice on you can check out https://www.vulnhub.com/

Good luck with Kali, there will be a ton of reading involved depending on your Linux skill level, if you get stuck and want to post on the Kali forums for help, please read the rules first or you might get a PM from me :)


Many thanks! :D

Setting up a Kali Linux VM - time to get stuck in now, and looks like LOTS of reading :)
 

Zipkoppie

Well-Known Member
Joined
Jul 1, 2009
Messages
158
Hehehe...ok cool, thanks again. Complete Linux noob...as noob as they come :eek:

Hehe you are in for an adventure but enjoy the ride ;) If you really get stuck, feel free to PM me here or on the Kali forums and I'll help you out or at least point you to the right direction.
 

Sonic2k

Executive Member
Joined
Feb 7, 2011
Messages
7,637
At least here, nobody disses Linux.. well in this thread at least...
 
Top