8

I would like some tips on what I can study to be a better penetration tester. That is what I would like to work towards being, although I have trouble knowing where to start.

I have a decent knowledge of varying security technologies, exploits webapps and operating systems. I reviewed the CBT Nuggets instruction videos and materials for the Certified Ethical Hacker course and found it to be far too basic/elementary.

At the same time I have been trying to practice on WebGoat, yet it seems to advanced for me. When it comes to the injection or ajax attacks especially I am unable to solve the problems successfully, without resorting to checking the solution.

What courses can I take or books can I read to fill this gap, where I can understand and solve something like WebGoat with ease?

Jason Sander
  • 81
  • 1
  • 2
  • Maybe you can try Metasploit and Nessus, these are the most accessible tools and can pen-test any network. For application hacking, you would need to learn how the programming works like PHP, OO and some basics of hardware and CPU http://www.cplusplus.com/doc/tutorial/, as well something about LAMP stacks, and common configuration errors. Also common Windows misconceptions and "typical bad policies" or something. There you can pen-test anything, you need also Back Track Linux for this. – Andrew Smith Aug 07 '12 at 21:09
  • Doesn't Nessus just show vulns? There isn't a lot to understand if you recognize the vulnerability and know that there is an exploit for it? – Jason Sander Aug 07 '12 at 21:27
  • Yeah but what if there is unknown exploit, or 20 potential, you need to fix it too – Andrew Smith Aug 07 '12 at 22:54
  • @JasonSander My advice is to brush up on programming. You have to be familiar with programming languages and techniques to be able to successfully exploit them. –  Aug 08 '12 at 09:58

5 Answers5

12

Sans has a Web Penetration Testing and Ethical Hacking: Capture the Flag class you might be interested at https://www.sans.org/security-training/web-penetration-testing-ethical-hacking-capture-flag-day-6-13632-cid

There are some capture the flag sites that you might learn from using

A larger list can be found at http://captf.com/practice-ctf/

I have done one of the certifications at http://www.securitytube.net/ and found it very useful. They also have videos available that will teach you different skills.

I would also recommend getting some credits at http://www.safaribooksonline.com/ and using them to cycle through some good books.

such as Hacking the art of exploitation Shell coders handbook Reversing Metasploit: The Penetration Tester's Guide

Phillip Nordwall
  • 1,024
  • 9
  • 13
  • I have answered this before but am unsure as how to flag the question as having been asked in the past. – Phillip Nordwall Aug 07 '12 at 21:17
  • Under the question there's a "flag" link. Click it, and choose "Exact duplicate". From there you can enter a link, or browse similar questions. – Polynomial Aug 07 '12 at 21:22
  • The SANS courses are out of my budget unfortunately. Are these CTF sites instructional or do they just offer the challenge? If the latter it isn't really what I'm after. – Jason Sander Aug 07 '12 at 21:26
  • You can download Back Track and make yourself a training the way that you actually perform pen-testing on some real-life business or organisation, hence this counts as it was professional education. – Andrew Smith Aug 07 '12 at 21:30
  • 1
    @AndrewSmith I'm familiar with tools, I need to be more familiar with theory and techniques. BackTrack won't help me solves problems like the Webgoat challenges. – Jason Sander Aug 08 '12 at 00:46
  • @JasonSander What kind of Pentesting do you want to do? OSCP does not go deep into web apps, but it does train you in techniques and theory in host pentesting. – schroeder Aug 08 '12 at 14:38
  • http://enigmagroup.org as well, is a good place. – M. Suleiman Mar 09 '13 at 05:41
3

As previously mentioned, CTFs are awesome and having run them myself, I can see that folk learn so much from them.

SANS are excellent but like most folk, you are finding them expensive. As I said here OSCP have some excellent penetration testing, covering various levels and elements (network, o/s & a specific web-app course now also). It's pretty intensive and I've only heard good things about them (I myself have been lucky enough to do the SANS courses, which are awesome but expensive). OSCP is much cheaper and you can read more here.

Additionally, I'm not sure where you're based, but check out your local community for CTFs or similar security education events as they usually free or only require a nominal charge.

For example, Owasp regularly hold training at their AppSec conferences such as this one in Ireland and it's cheaper than Sans. Maybe check out the nearest Owasp chapter/conference (the chapter often run such events also, like this recent one in Dublin).

Another possibility could be local security groups such as ISSA. I know that folks in the US, have organised CTFs (where they provide instructions and education) such as this one and the costs is usually only ISSA membership.

Community
  • 1
Mark Hillick
  • 2,124
  • 11
  • 14
3

Web Security Training and Experience
If you are looking for specific training on Web Apps, try the Coliseum. It will train you how to crack WebGoat, and it is both cheap and starts from the basics.

You can also try the 'hackable' applications available (Mutillidae), and their tutorial videos.

As a bonus, check out videos of people hacking servers (g0tmilk). There are some very useful techniques that I have picked up by watching how others approach a problem.

Network PenTesting
 If you are looking for training in host/network penetration testing, I personally recommend the OSCP. It is not easy, although it is meant for beginners.

schroeder
  • 123,438
  • 55
  • 284
  • 319
3

If you're looking for Web Application Testing information then there's quite a few potential routes.

  • Web Application Hackers Handbook. I'd thorougly recommend this book for web app testing. It covers most of the bases and the guys who wrote it know what they're doing. I've not tried the labs access that they provide, but it's likely good as well.
  • As @schroeder mentioned, labs like Coliseum and vulnerable apps are useful for training. OWASP have a Broken Web Apps project which provides a pre-configured VM for training.
  • OWASP material. The testing guide (although somewhat out of date at the moment) covers the kind of ground that WebGoat looks at..
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
1

I recently signed up for The Hacker Academy, after having spoken with them at their booth at DefCon and having read reviews of them online. Their format is that you buy a year's membership which gives you access to everything they have. All subjects are covered by a video lecture with an accompanying lab which is all set up for you in a virtual environment. I've just barely started watching the videos, so I can't yet comment on the labs at all. But so far I like it.

Also, I'll agree with a previous answer that said in order to grasp the concepts of web app exploits you've got to do some actual web programming, front end JavaScript and backend programming (PHP, ASP.NET, Ruby, whatever) including at least basic reads & writes to a database.

Good luck!

Luke Sheppard
  • 2,217
  • 3
  • 15
  • 21