So You Want To Be a Pentester
The first rule of Fight Club is: you do not talk about Fight Club.
We need to get this out of the way, if you are uncomfortable with these tools you’ll have a really hard time moving forward.
Learn vim progressively (not strictly required, but you must be at ease with a console based text editor…vim, nano, emacs or whatever you like)
The second rule of Fight Club is: you DO NOT talk about Fight Club!
More stuff to get out of the way, you assimilate the first two rules to build muscle memory. Moving forward we shouldn’t be talking about these either.
Third rule of Fight Club: if someone yells “stop!”, goes limp, or taps out, the fight is over.
It’s getting real now - Metasploit Framework is a great tool, but ultimately you need to understand the ins and outs of what makes an exploit tick.
Fourth rule: only two guys to a fight.
Stages of a penetration test (future blog post, please hold)
Fifth rule: one fight at a time, fellas.
Sixth rule: the fights are bare knuckle. No shirt, no shoes, no weapons.
It’s not all green console font and glamour - Reporting is a crucial part of being a penetration tester, you can pop every host and every server, but if you fail to effectively communicate your findings, it will all be a waste of time and money.
Evidence Gathering (future blog post - please hold)
Presenting findings (future blog post - please hold)
Adapting your orals to your audience (future blog post - please hold)
Seventh rule: fights will go on as long as they have to.
It’s not all technical. (future blog post, your call is important to us)