Ethical hacking / Pentesting

I was just about to pick up this topic again...

Strangely enough, I am on the other side. I'm a programmer (limited networking experience unfort) wanting to get into this field. Data/information security specifically and pen testing/ethical hacking comes in on my interests too.

Chatted to the guys at SensePost (a while back) and REALLY want to do a course, but data/information security doesn't seem to be on most companies list of things to worry about...so now I'm kind of stuck as they don't want to invest in the training as they see little need for it right now. :(

I would need to do the courses myself, and ja well...don't really have that kind of money right now. So I am stuck and now looking at self study options. As OP states, any help on acquiring the knowledge and skills will be great.

//sorry for mini hijack :o
 
Last edited:
Zipkoppie said:
But if you are looking for a class room environment, sensepost is the way to go, as far as I know they are the only company in SA offering that, they also offer courses at black hat in vegas every year, so they are also well respected in the industry, not just in SA.
Click to expand...

SACS also provide good classroom based education.
Mervin Pearce, the owner is very capable and have tons of experience.
 
Your company is wrong if they think there is very little need for investing in security. As the saying goes, there are two kinds of companies, those who know they have been hacked and those who don't know they have been hacked.

If you are interested in self study and dont have the funds you can check out this link:
https://www.jayschulman.com/the-ultimate-coursera-guide-for-the-infosec-professional/

All of their course are free.

Offensive security also has a free course for metasploit:
https://www.offensive-security.com/metasploit-unleashed/

If you are interested in exploit development, a good place to start is smashing the stack for fun and profit
http://insecure.org/stf/smashstack.html
 
Zipkoppie said:
Your company is wrong if they think there is very little need for investing in security. As the saying goes, there are two kinds of companies, those who know they have been hacked and those who don't know they have been hacked.

If you are interested in self study and dont have the funds you can check out this link:
https://www.jayschulman.com/the-ultimate-coursera-guide-for-the-infosec-professional/

All of their course are free.

Offensive security also has a free course for metasploit:
https://www.offensive-security.com/metasploit-unleashed/

If you are interested in exploit development, a good place to start is smashing the stack for fun and profit
http://insecure.org/stf/smashstack.html
Click to expand...

Thanks for this, and fully agree. Unfortunately they are of the opinion that the software/systems they have in place already have their default "security", and that's good enough but I don't agree.

I will get there, just need to move in the right direction to acquire the knowledge ;)
 
MisterBigglesworth said:
Thanks for this, and fully agree. Unfortunately they are of the opinion that the software/systems they have in place already have their default "security", and that's good enough but I don't agree.

I will get there, just need to move in the right direction to acquire the knowledge ;)
Click to expand...

It is not just software security that needs to be thought off. There should be awareness in the company about social engineering techniques. Seemingly unimportant information gathered from different people (reception, PA's, etc), could be used to get to sensitive information. A firewall, or other software is not going to help you here. The human factor is the biggest "problem" area.
 
Nod said:
It is not just software security that needs to be thought off. There should be awareness in the company about social engineering techniques. Seemingly unimportant information gathered from different people (reception, PA's, etc), could be used to get to sensitive information. A firewall, or other software is not going to help you here. The human factor is the biggest "problem" area.
Click to expand...

For sure, and daily I can see the loopholes/gaps etc - too relaxed for my liking...
 
Great! If you want some vulnerable VMs to practice on you can check out https://www.vulnhub.com/

Good luck with Kali, there will be a ton of reading involved depending on your Linux skill level, if you get stuck and want to post on the Kali forums for help, please read the rules first or you might get a PM from me :)


MisterBigglesworth said:
Many thanks! :D

Setting up a Kali Linux VM - time to get stuck in now, and looks like LOTS of reading :)
Click to expand...
 
MisterBigglesworth said:
Hehehe...ok cool, thanks again. Complete Linux noob...as noob as they come :o
Click to expand...

Hehe you are in for an adventure but enjoy the ride ;) If you really get stuck, feel free to PM me here or on the Kali forums and I'll help you out or at least point you to the right direction.
 
At least here, nobody disses Linux.. well in this thread at least...
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X