So You Want To Be a Pentester

The first rule of Fight Club is: you do not talk about Fight Club.

We need to get this out of the way, if you are uncomfortable with these tools you’ll have a really hard time moving forward.

The Bash Guide

Learn vim progressively (not strictly required, but you must be at ease with a console based text editor…vim, nano, emacs or whatever you like)

vim Awesome & Vundle 

Effective text editing

List of DOS commands

Powershell 101

The second rule of Fight Club is: you DO NOT talk about Fight Club! 

More stuff to get out of the way, you assimilate the first two rules to build muscle memory. Moving forward we shouldn’t be talking about these either.

Python Regular Expressions

Practice creating regular expression patterns & RegEx Playground

Awk in 20 minutes

Learn Python the hard way

Little book of ruby

nmap cheat sheet

System fingerprinting

Metasploit unleashed

Web Penetration Testing workshop - Intro to Mutillidae, Burp Suite & Injection

Third rule of Fight Club: if someone yells “stop!”, goes limp, or taps out, the fight is over.

It’s getting real now - Metasploit Framework is a great tool, but ultimately you need to understand the ins and outs of what makes an exploit tick.

ASM fundamentals (actually, what you need to know before diving into assembly)

Understanding Code (elementary, like the previous one)

Malware analysis basics

Win32 Assembly Cheat Sheet

Code as Art: Say hello to x64 Assembly [part 1]

Python arsenal for reverse engineering

Malware Unicorn - Reverse Engineering Malware 101 & 102

Fourth rule: only two guys to a fight. 

Stages of a penetration test (future blog post, please hold)

Post Exploitation

Fifth rule: one fight at a time, fellas.

Opsec for Hackers Freedom Fighters (just the slide deck here)

Ethical Hacking and the Legal System

Computer Fraud and Abuse Act (US)

https://www.wikiwand.com/en/Computer_Misuse_Act_1990 (UK)

Sixth rule: the fights are bare knuckle. No shirt, no shoes, no weapons. 

It’s not all green console font and glamour - Reporting is a crucial part of being a penetration tester, you can pop every host and every server, but if you fail to effectively communicate your findings, it will all be a waste of time and money.

Public Penetration Testing Reports

Evidence Gathering (future blog post - please hold)

Presenting findings (future blog post - please hold)

Adapting your orals to your audience  (future blog post - please hold)

Seventh rule: fights will go on as long as they have to. 

It’s not all technical. (future blog post, your call is important to us)

And the eighth and final rule: if this is your first time at Fight Club, you have to fight.

CTFs OSCP + OSCESEC560 and 660 (professional certifications - not a must but a nice to have)

Written on September 14, 2017