Intro to Offensive Security and Penetration Testing Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

4 hours 21 minutes
Video Transcription
to do that. Of course, as with many other things, you're gonna require a lot of tools. Uh, the
forensic investigator and incident response is the only career path in the world. I think that comes close to matching pen testing. In terms of the number of tools.
There are so many pen testing tools that if you search them, you'll get lists that are like, Oh, we you know, we've got it all boiled down. We only have 85 tools on our list. We only have 116 tools on our list. And honestly, that's pretty optimistic because pen testing your emulating threat actors and pro doctors are always producing new tools and new techniques. You have to stay up on that.
Some of the big ones that you're pretty much always gonna be safe using. Obviously, Callie isn't really its own tool.
Callie. What Callie actually is is sort of operating system with a bunch of tools on it. But because of how well integrated there and because of sort of the way Callie functions to to incorporate all of them deserves to be sort of talked about as though it were its own tool
It's more of like the sort of sand swift that that Ken was talking about in his previous slide is just It's a lot of tools that work together effectively. And then, of course, medicine. Lloyd
Medicis played uses You know, the known CV E's known vulnerabilities, and it lets you throw exploits against them without having to be
an actual exploit developer yourself without having to understand really, really deeply held. All these exploits were You just know which one it is. You build your packet and you send it
wire shark shows up everywhere. Just if you work with networks, you need to know how wires that works. It's just awesome zit attack proxy, which is that
produced by owe us, which is absolutely fantastic organization. You definitely check out if fantastic is something you're interested in,
said Attack Proxy has a bunch of different functionality, but functionally it's It's a big part of his man in the middle of tax aircraft NGS for cracking WiFi. There are a bunch of other tools for doing that, but aircraft is by far the most popular. Cane is just an example of password cracking or as they depicted on on a lot of the list. Password recovery.
What they failed to mention is that you're usually recovering someone else's password.
Andi, just so many more again hundreds. I could easily just start listing tools on this slide and go until we ran out of time. What's more important in patent testing, Whatmore essential in pen testing is to understand the job, the ways to approach the job and then go out and find the tools to match what you need. If you try and develop a tool based solution to your problems,
you're just gonna spend all of your time just documenting what tools you use.
So what is a typical day in pan testing? This one? You'll see. I fleshed out a little bit Maur, mostly because this is one that I've got a lot more familiarity with. It's one that I've spent some time on. A typical day, you're gonna have a lot of client meetings. One of your primary jobs again as a pen tester, is setting the scope in the rules of engagement,
seeing what the actual size of the attack is gonna be. Are you trying to get access to marketing or you're trying to get access to anywhere on their network.
Are there specific things that are off limits that you can't touch? No matter what is their proprietary information they're unwilling to share. That's what they discussed the goals. Is it going to be based on finding, you know? Are you looking for a specific subset of vulnerabilities? Are they doing a compliance test? You know what? What are they actually trying to get out of this pen test and how can you help them achieve those goals? And it's very important to communicate in that language.
How are you helping them achieve their goals?
Because one of the things you're gonna learn when you start doing pen testing is that it is an upsetting job. People get very, very angry with you because your entire job is to show up and tell them Not only are you doing everything wrong, you're doing it so wrong that I got in, stole your stuff and got back out.
I can tell you I have never I shouldn't say never. I very rarely had a pen tests go through from start to finish without someone getting upset, depending on where they are. Depends on how upset they might be or why they're upset. But it's very common to get to the end of a pen test and have someone say you have there says Oh, or whoever the security team is,
hate your guts and try and just knock everything down.
They're not always gonna be petty. They're not always going to be rude about it.
But it's It's something you need to be prepared for. Going into this field is you're going to ruffle a lot of feathers. Now, if you have an abrasive personality,
maybe this is the feel for you, but what's really important is being able to communicate. Like I said at the beginning of this Rand being able to communicate goal oriented points, being able to say this is you know, I found these vulnerabilities, but by remediating them, this is how we're going to be able to achieve your goal. This how we're gonna help you protect your data
on being able to communicate sort of in a positive creative way helps them
kind of the sugar that's gonna help that medicine go down. Medicine is bitter
on. Then you're gonna be doing you know, after you've signed a whole pile of paperwork. Usually at least a couple of India's statement work, that sort of thing. You'll be doing your initial assessments. Initial assessments are sort of the broad, but shallow. You're just throwing. You know, you leave a pile of US bees USB six in the parking lot, which, by the way, always works.
I've never had that fail.
If you find the USB stick in your parking lot, don't plug it into stuff.
I'm begging you. Anyway, what's important is, you know, broad but shallow. You're not really targeting a very specific vulnerability. You're targeting human nature. You're targeting general system problems, things that you're used to seeing. You might throw some, you know you might do an end maps can. You might do some basic sort of analyses from a technical perspective,
but most of your time for an initial assessment spent in ocean social just kind of
playing around and seeing what you can hit very what you're low hanging fruits are. Once you've done your initial assessment, then you started on your targeted attacks, targeted attacks or where you get to be very technical on. This is where you probably get the closest to like, you know, the Bob Hacker Man, kind of legitimate movie style that you'll never really do but movie style. Ask pen testing
where you get to really, you know, you find the systems that have up. You identify vulnerabilities on them or you create one or not create, but I don't know, you know, unknown vulnerabilities. You find TV's whatever,
and by doing that you gain access to the system. You get to really, really dig in, kind of root around their stuff. It could be a lot of fun again. It's very much. It's much more like crossword puzzles or Rubik's cubes than it is anything you'd see in a movie. It's all a problem solving and critical thinking, really thinking through every problem in analyzing your situation so that you can always be effective. Assault.
Yes, that's your general day. You're gonna have your client meetings tow either start, bring them up to date or clothes. You're gonna have your initial assessments your first, you know, low hanging fruit and you're gonna have your targeted attacks granted a lot of days, depending on how long the attack is, or depending on how long your pen test is, it may be that the 1st 2 days your client meetings the second you know, the
the week or two after that, our initial assessment,
a week of targeted attacks and then a couple of days of wrap up. Or it could be that you literally do all of this in the matter of 24 to 48 hours. That's not super common. Usually you're going to get that when they realize they haven't had a pen tests. They've got a compliance audit coming up, but that can and does happen. So you've got to be prepared for that sort of a very tight schedule.
So job prospects This is in terms of job prospects. This is the very, very exciting one, uh, the offense of security in general and plantations in particular. Their median salary is about 80 K,
but they are wildly variant, and what's really important there is that 70 80 k 79 k is kind of everywhere. So one of the cool things about fantasy is that oftentimes you could do it remotely, so there are plenty of people who live in. You know, I have a couple of friends who live in Nebraska in basically a cabin with excellent, what with excellent Internet coverage.
Who do their pen tests against companies in New York? Companies in D. C Company's in Paris Cos. Wherever. If you like to travel, there are a lot of opportunities to travel with. Pen tester. You're doing a lot of contract work. You're doing a lot of short term work, but you have the ability to work from just about anywhere. Which means that your median salary, you know, the buying power of that salary can often be a lot higher than it seems. You know if you're making
that 80 k or you're making it well into the six figures, which plenty of contract pen testers do all the time.
But if you're making you know well into six figures and you're living somewhere in the Midwest, you're gonna be doing a lot better than, say, somebody who's, you know, who gets 150 k job in Silicon Valley and convey really afford a one bedroom apartment.
They're public and private sector jobs available in the government, out of the government, basically every government,
two at once. If you really want to go to jail,
on. Then, Of course, the year over year growth for this is why it's so exciting. Cybersecurity is a field has about a 26% year over your growth
pen testing in particular in 2014 the year over year growth prediction was 18%. Since then, it's gone up to 28% year over year. So by so by 2021 it's anticipated that about 3.2 million jobs are gonna be unfilled in the cybersecurity world.
Now, some of those jobs are gonna be spread out about among the other career paths that we talked about.
But a lot of them are gonna be in this sort of red teaming offensive security area. So it's a huge growth market. It's an absolutely fantastic place to get started.
But again, it is tougher than it looks. And it involves a lot of boring paperwork, so just kind of manage your expectations on that. But it is a great opportunity and well worth pursuing.
Now, if you want to get into pen testing, you know what kind of educational kind of certification What what are you looking for? In terms of credentials, there are a lot of these. Not as many as there might be for just generally. But there are a lot of them, and a lot of them were competing.
Security Plus is a very good intro level. Yet you started. CH is kind of a load beginner too. Early. Middle C p T l p i L p I is a big one
l v l p T.
That's a typo.
Wait a minute. That doesn't sound right at all. L p T license penetration tester is for a long time has kind of been the gold standard of the industry. Now, Cambodia, which you may know is sort of the every plus examine a sec. Pleasant, Pleasant. All that they recently published their pen tests, plus,
which is a very, very new circuits Actually knew enough that I'm still in the process of getting it,
which is a great plug. You know, if our company is watching this, you should teach another class. But more seriously, pen tests Plus is comedy is new offering. It's gaining a little bit attraction. It's one of those were just like with every other sir, you're going to see who gets it. I'm going to see if it it becomes a big deal, but it's worth looking into. And then, of course, kind of. On the more advanced side you have G pen,
which is a great sort of advanced practitioner.
C E S P O S C. P. There are a lot of certifications that they kind of you can pretty easily build a road map out. But what's important understand about pen testing is that it's much more focused on skill than a lot of other, because it's such a sort of bespoke role. You're doing such such different operations for every client
while there are commonalities and there is sort of a process you'll always follow for pen testing. That's something we'll talk about when we get into the pen testing video.
It's important. Understand that you don't necessarily need to fit a specific been of pen tester. You don't you know it's not. You have to have set Plus, then ch then Oh, Petey, it maybe you have no search, but you have a lot of experience red teaming for the government of red teaming for some company or whatever. So pen testing is one of those fields where you could break into with a relatively low educational, barred entry,
but a pretty high technical burn injury.
And of course, if you want to get into that field and you want to know the skills and learn about how to do it,
we have, Ah, we have a career path of a little piece I bury become a penetration tester. Career path. It's probably our most advanced career path right now. It's definitely one that you wanna start out, get some of the intra knowledge, maybe cement a network engineer knowledge. You know that sort of thing into your skill set and then move on to the pen tester. But it is a great career path, and it's really gonna help guide you sort of
through your career into becoming a successful pen tester. Whether that's contract, whether that's risk Pacific company or specific organisation,
the skill set you're gonna wanna have the basic skills that we help you learn is gonna serve you well through all of those
Up Next
Introduction to IT & Cybersecurity

In this FREE IT and cybersecurity training for beginners, you will learn about the four primary disciplines of information technology (IT) and cybersecurity. This introduction to IT course is designed to help you decide which career path is right for you.

Instructed By