Ask HN: What small habit(s) I can do daily to help me get into pentesting?
I'm a back end dev looking to make the jump into security with the main focus being pentesting.
My goal is to pass the OSCP by this time next year.
Aside from hitting the lab and go through the course, what small habit(s) can I do daily to help me with the jump?
Long time lurker first time posting so please excuse me for anything I might overlooked.
3 comments
[ 1.7 ms ] story [ 17.0 ms ] threadI think the most basic test you can practice is just changing the URL if you see a number in it. If you change the number should you see the information that is at the new number? Yes reveals a lot about the website and it's security measures and will let you keep poking further.
Last thing I'll say is, as you practice and learn do not be malicious, even if you could delete an entire set of data because of bad permissions, don't do it. Most, like 90% of companies are relatively appreciative of being told about an exploit. There are some that are not however :(
Practice makes perfect, if you can get marginally better at security them you will write better code and better applications so go for it!
There's some different stages to pentest. (roughly, people have different philosophies / levels of knowlege on this. this is mine...)
- decide scope (what are you testing? ususally consists of ip ranges, or some software package, or w/e the agreement or target might be) - enumerate (what is it really you are testing? - enumerate and find all the details about what's inside the scope you decided) - exploit (if you found something in enumeration phase, try and exploit it) - post-exploit (if you're on the box. try to escalate priveleges, lateral movement, look for credentials and other juicy stuff - re-using enumeration tools on the new host is common to try and use it as a stepping stone) - report (write very detailed a report on which you would be able to replicate all of the exposed flaws. a good practice to confirm you know what you did truely.)
These stages have various tools and techniques related to them which you could split by stage and start to learn.
Deciding scope, thats for yourself at the moment, as there's no client demands yet, perhaps in the near future, lets hope for you :).
Enumeration: there's lots of tools to enumerate depending on what you are looking at. So the scope will help you to decide which tools are useful. Tools can include but certainly not limited to: nmap, nc, dirbuster, sqlmap, wpscan, and much much much much more depending on what you're looking at.
exploit: this is a touch cookie, it involves often looking for specific exploits for versions of software and then editing them manually to suit your needs. metasploit is a big help in this within the pentest community, but having learnt basic assembly, C, python etc. is very useful here to be able to modify existing PoC exploits for your own target.
post-exploit: again this is very depending on what you really find, but i would definitely recommend for linux and windows to look at privelege escalation techniques, not relying on tools to do it for you. This is one of the most useful skills i think, as a lot of exploits will land you in a low privelege shell.
report: this is dull as hell as you can imagine, everyone hates it, but in the end it's a test of your knowledge to be able to tell exactly and specifically what, how and why you exploited a certain target, and what it gained you as an adversary. Since you are learning ,i would recommend this step atleast to the point where you regurgitate to yourself on-paper for a friend to read / try what you did. that way you can confirm that you understood what you did, and have some second opinion from a friend who will reproduce your results (or not). very valuable to do, even though it's dull!
To test and try these kinds of things there's tons of 'metasploitable' VMs etc. to learn with. You can set up a few on a lab network (some vms on your laptop!) and try to exploit, then move from one to the other via SSH tunnels etc. And on that topic, learn SSH deeply... learn all about all ways of tunneling and port forwarding it can do. it's magic... but can be confusing as hell when you start out. :)
know this is hardly a concrete tip, but perhaps it will give you some ideas for things YOU are interested in, as being interested will help most of all to learn :)
I'll try to plan my learning by breaking the process into different stages.