So how do you become a pen tester? Well, I mentioned before There aren't really a ton of official programs. There aren't a ton of people with skill set compared to the market in the demand. There aren't a lot of like pen testing degrees, their cybersecurity degrees or cops I degrees. But because there are really a lot of pen testing offensive security degrees search for a really big deal in this field
ch pen test. Well, pendants blesses a new one, so I don't want to necessarily say
that one's going to set you up for life. C h l B T and O S C p r. I would say easily The three most recognizable and three of the best sort. Ch is kind of a beginner. Lbd is more intermediate middle and then o S C P is the really advanced search, which, generally speaking, if you have your o S c. P, you can find work as a pen tester anywhere you go
and then key. I mentioned before. Experience is just a huge,
huge part of being a pen tester. Practical experience. That's the reason why here on cyber really focus on having so many practical labs and working on getting c t s up. Things like that because the most important thing to do is a pen tester is to practice and tow have actual practical experience.
So, Joe, one quick question. So if I just get some certifications and I got to go or should I get, like, experience
and something else first?
What kind of recognition?
Absolutely so Certs are great. As I mentioned, to go a long way search will often have a practical aspect to them. But generally speaking, when you're getting a certification, a lot of that's going to focus on the theoretical knowledge. O S C. P is a little bit of a dark horse in that case, because O S C. P is very, very focused on using using the pen testing tools and performing pen tests.
They've got, like, a 24 hour exam. In the end, that's actually a practical exam.
But in general search, you're gonna provide you with theoretical knowledge and they're gonna get your foot in the door.
But you're absolutely gonna wanna practice and you're gonna wanna have really hands on experience before you ever try and get a job as a pen tester. Be that through you hacked the box challenges me that through C T f B that through our labs here on Cyberia whatever you're gonna be using,
it is absolutely key to have practical experience along with your service.
So the pen testing process we're gonna You may have noticed we talked a little bit faster. Today we have a lab that I've set up. It's what I talked about earlier with the A bunch of'em in the D. V W A server. So we're gonna do a little bit of water on that. We're not gonna do the full 10 pen testing process because, frankly, it takes a long time. But I wanted to give you kind of a sense of what it might look like.
So the face pen testing model there a few other pen testing models out there. Theatre Act matrix from goodness
Company's name is escaping miner miners. Attack matrix is very, very commonly used. I like it a lot personally, but it's got a lot more steps to it, so it doesn't lend itself quite as one of this sort of class. But the general phase pen testing model What you'll see in a lot of places is reconnaissance, scanning, gaining access, maintaining access and covering tracks. And I gave some very simple examples of each of those reconnaissance
you might be using the Google hacking database, which we're gonna look at it. Just a second
scanning You're gonna use end map, or you're gonna use whatever sort of discovery tools you need to do. I'm a huge fan of Ed map. It's It's easily one of the most powerful tools in the world for what it does. Gaining access is all about creating a reverse shell. So when people talk about pen testing when they talk about hacking most of the time, they're thinking about the gaining access and maintaining access steps,
gaining access like it's generally speaking, that's
getting your reverse shell getting your access to the system, where you're able to execute some arbitrary command. Maintaining access includes, you know, escalating privileges, getting more power, changing users, creating users, scheduling jobs, developing some method of persistence, you know, so long as you're going to need it and then, of course, covering tracks is clearing about logs getting rid of the history.
It might be deleting users you've created, it might be going through. And
if you can't actually get rid of all of your tracks, that might be blowing up whatever you not literally blowing up unless you're a very, very specialized hacker. But get destroying. You know the source of whatever data. There are a lot of cases where people who are performing pen tests can't cover up that they were there, but they can mask it as being different operation. Right? So if you're there to steal data,
you might instead make it look like Adidas attack on your way out the door.
So they're going to be responding to that. They're not going to look sort of through the haystack for that particular needle
again, these five steps break out into, you know, sometimes weeks of work pen tests Could be anything from, you know, ah, one day endeavor to a monthlong search. It just depends on the organization and sort of what you're working on.
You have anything you want to add to this? This part of the process before we jump into the actual demonstration can
Yeah, I guess the only thing I would, uh you know, some people may not know reconnaissance is so basically, you're just getting information. Joe kind of show you that in the lab. But I've had that question of my CH course. I just want to bring that up.
Absolutely. And there is. That's actually a really good point arena because there's a delineation between reconnaissance and scanning, generally speaking, that the probably the most accepted delineation there is that reconnaissance is non interactive. You're not usually going to touch your target system directly during your reconnaissance. Scanning is
you can make skinny very quiet, but it's going to be a little bit louder, more direct, touching, that sort of thing. So
that's sort of the basic delineation between the two.