The Pentester Blueprint: A Guide to Becoming a Pentester

all right well I will hand it over to you and let you introduce yourself I've taken up enough time already I think so go for it yeah thanks Adrian and thanks for everyone for attending my talk this is my first time presenting it besides Knoxville and I look forward to doing this in person next year so if everyone is having a good day so far and a little bit about myself I'm Phillip Wylie my certifications are cissp OS CP in the sans web app pentesting cert I'm a senior red team lead at a large consumer product company imagine professor Richland College I teach ethical hacking and web app pentesting and I'm also the founder of the pone

school project teaching got me interested in expanding my teaching outside of the classroom doing workshops and doing meetups and we actually stream these talks to we started streaming last year and fortunately with all the quarantine stuff were able to still operate as well as my classes I've been in InfoSec and i.t for a little over 22 years spent my first six and a half years six plus years as a system administrator I like to go through this in detail because you know this talk is how to become a pen tester in your background so you can kind of see my background for the past 16 plus years I worked well for 16 have 16 plus years I

worked in security a knapsack the last eight plus years and pen testing my first five years were in consulting I highly recommend consulting if you ever get the chance to do it because you get to learn it at an accelerated pace I don't feel like I'd be where I'm at without that experience and I'm also the co-host of a new web podcast series that just started here recently the uncommon journey and it's hosted by itsp magazine so check us out we talked to different people in security and they share their story how they got in and kind of like my story not everyone got in so straightforward my path to InfoSec was pro wrestling when I graduate from high school I had

no plans in my friends you know said you know since you're a power through your big guy why don't you be a pro-wrestler so I decided to give it a chance got married and had to find a more stable career so I moved moved into CAD drafting from there I found out about sysadmin and from sysadmin I moved in the InfoSec and then from there tent testing and so back then whenever my wrestling days I actually wrestled a 750 pound black bear but you can see pictured in this slide this is a slide I share each semester with my students and also just to kind of give you more detail on this talk this talk is based

on my first lecture of the semester so one things I like didn't let everyone knows you know well you know pen testing or hacking with with permission is legal but without it it's illegal you don't to get yourself in trouble if you're in security want to get into security it's kind of hard to get jobs if you have a felony on your record so only hack if you have permission even better written permission hacking without permission is illegal and quotes by Voltaire but my first exposure to it was from spider-man Uncle Ben Uncle Ben said with great power comes great responsibility so we need to remember this you know regardless of your pen test or any other areas of

security what is pen testing pen testing is assessing security from adversarial perspective attempting to exploit vulnerabilities to gain unauthorized access to systems and sensitive data a lot of times people just think a root or empty system Authority or domain admin and when it comes down to it it's the information that's the most important part so pen testing gives you the adversarial perspective as security you better you have a better understanding of the risk severity exploitable vulnerabilities or high risk and a higher priority for remediation as well as justifying the budget sometimes companies need a little more proof to provide the budget to to remediate the vulnerability and sometimes they just don't you know just doing a

vulnerability scan is not enough so understanding that it's and there's a risk and gives them more reason to remediate especially when some vulnerabilities could you know it could be very expensive it may not be something like a simple HTTP header change on a web server it could be implementing some new firewalls or new endpoint protection or something so this information collected during a pen test will give them better ammunition to go get justification for budgeting to remediate regulatory compliance is a big driver for pen testing pay payment card industry data security standard PC PCI DSS has been a large influence on pen testing you have to have pen tests performed to be compliant so this is

drawn a lot of work you see a lot of pen testers and banks for this reason and a lot of pen testing it's a fun job even though I've been doing this for over year over eight years anytime I hack into something is still a big thrill so it's a lot of fun it's a pretty good area for opportunities because although it's not a new field there's been a lot of companies have used consultants and contractors to do their work and not everyone can afford that much consulting time so it only makes sense to bring in your own pen test team so a lot of companies are starting to add pen test teams if they

don't have one then there's a good possibility that they will impair testing jobs and kind of some of the terms penetration testers the professional term shortened to pen tester sometimes this fall under security consultants or analysts or engineers so when you're looking for jobs you may not be able to just clearly find a job that says pen testing and so you have to look through the job description because sometimes HR can't break down every single job into a job class and all that so you just have to be cognizant that it falls under different titles you just have to look at the job descriptions and see the tools being used and the type of work to

give an idea of it's a pen testing job sometimes the main title might be something else but pen testing will be related will be listed somewhere in that description different words synonymous with pen testing is ethical hackers which is more common one and more easy to explain to the general public for those that are not don't understand the term pentesting offensive security adversarial security are some terms that are widely used for this this area of security threat and vulnerability management is common Department this falls under sometimes sometimes it can be separate it could be the vulnerability scan team may be under this alone the remediation team but a lot of cases this falls under threat and

vulnerability management contesting skills in other areas this is not only important to to pen testers it's important to other areas and kind of evidence of that is if you look at the the mitre attack framework it discret describes different apts how these hacks happen and so that kind of gives you the importance of this knowledge so Sauk analyst network engineers and security and network security analyst being able to identify malicious traffic is very important dfi are people you know if you're responding to an incident if you understand some of the attacks it makes it easier makes your job easier to do you'll understand the attack patterns and and get a better idea of how the certain system was

exploited and breached in purple teams is kind of more of a newer thing and this is where your offense and defensive teams play together they work together to improve the defenses so whereas you could be doing your pen test and what the blue team know what's going on and they're there monitoring the traffic then they can write better signatures to detect that type of activity and this is also a way to see how they're responding as well as like red team engagements be able to test the response and help improve those areas and application security this is a an area where these skills are very handy understanding those attacks are very important understanding the OWASP top 10 in

applications security was where I got my interest in pen testing I ran web app vulnerability scans had no idea about hacking but from that I learned about a loss of top 10 and the field of pen testing this was back in like 2005 so a lot less common back then so I found out about pen testing and that's what drove me to eventually want to become a pen tester and we were doing a pen test there's different types of targets you're gonna be testing most commonly you'll see networks and this could be internal facing external and wireless networks applications are very popular to webapp thick client mobile and cloud and then hardware and this can be your

network hardware this could be a IOT this could be medical devices your medical devices need to be secure someone's able to breach an insulin pump or something then they could cause harm to someone even even cause death so that's reasons for these areas to be tested transportation so with your autonomous vehicles these self-driving vehicles you need to make sure they're secure because they give you weaponize they're just you know you don't want any kind of security vulnerability exploit and cause harm to someone so these are this has become very important areas and then when you getting these other one these last two are kind of somewhat combined at times you get the people aspect your your pen testing people so

through social engineering and buildings through trying to access the buildings by cloning cards picking locks or just you know tailgating those type of things so these are you know you can have a very secure network but if your people are not secure your buildings not secure then it makes it easier for an attacker to get into your building and access these these assets and types of pen the target knowledge and so these like a different knowledge that you have on the targets so black box is usually more indicator of what a malicious actor would attack this is more like a real-world attack so you've got limited information usually maybe just IP addresses I did a Penta black box pen

test for a company and we just knew the address physical address to be able to test the physical security and it was up to us to find the network blocks through Poe sent to be able to test that target and so this is more like a real-world attacker white box is just opposite a spectrum you got detailed information when it comes to web application pen testing you've got accounts different documentation working with the developers to get a flow of the application how it works because of white box testing you want to make sure you don't miss anything and white box testing is also referred to as crystal box and this is very important a web app

because you know if the external security controls may be really tight and you can't get in so what happens if someone is able to bypass that how secure is the application beyond the surface so it's important to test on different levels you want to test that admin unauthenticated and some of the lower level users you may have an application that has been used in different regions and you have admins for those regions so you want to test all those roles because even as an admin there's like stuff like Social Security numbers that they don't need to see so you need to make sure that that information is not being leaked and then gray box is more common this is more

common what you're gonna see as a pen tester you get your IP address ranges there's more information where you can do the test and it's these all three options are really dictated on the amount of depth that needs to be tested and the time if you've got a lot of time then black box could be a good option and if you very short on time then white box may be a better solution and just like I said the white box you can more thoroughly test the systems but all three of these methods and extremes are good to test and types of types of steps within vulnerability assessments and vulnerability testing include vulnerability scans and so a lot of

companies will have a dedicated team that all they're doing is vulnerability scans they're running necess or NEX pose to look for vulnerabilities and this is turned over to the different teams to remediate those vulnerabilities the next step above that is vulnerability assessment and these first two options they're not pen tests a vulnerability assessment you're taking that further your good a vulnerability scan and you're validating those vulnerabilities to make sure they're not false positives and aside from that you're also running other tools like in map to look for open ports and services other ways the test but in this year you're doing it's almost like a pin test but you're not exploiting the system not hacking into

it so you're looking for vulnerabilities and validating to make sure they're not false positives in some companies they will request this opposed to a pen test because some people are worried about the risk maybe their environment is a hospital and they've got medical devices connected to their Wi-Fi network and they're wanting be careful so sometimes people will go with the vulnerability assessment instead and pen test is the next level so this is we've done your vulnerability scan port scans validated any of the vulnerabilities that you found next you're going to your pen testing tools your scripts and your exploits and try to hack into those systems and like we've mentioned before you know if this is exploitable then

it's a higher risk vulnerability but then you get into your adversarial simulation the red team and adversarial tests one of the best descriptions I heard of this was from waterfowl that ones Dallas hackers association he refers to red teaming is testing the blue teams so you're going in and testing the controls the technology the response to these attacks and so you're doing more of an attack simulation whereas a pen test is less of a TAC simulation people usually know what's going on with the red team very few people know usually management maybe but they're really trying to keep this quiet just to see the response and after the the test is done they can go back and

find ways to you know improve the response from the instant response team and the blue team on blocking these activities there's different specializations actually the first one the generals is really not a specialization this is kind of where most people start out so if you've got a network background you're gonna start out as a generalist if you have an application development background then you're gonna start out with webapp pentesting but the generalist you need to understand networking Wi-Fi and light web app because during your test sometimes the only vulnerable is you maybe you may find earthly web applications there's some applications for managing IT functions or different technologies they have web front-ends so it's good to be able to know this even

as a generalist and then your application this covers web app mobile thick client and cloud and then social engineering social engineering physical go hand-in-hand so you're in you're trying to hack people in buildings as we mentioned before the transportation some people specialize in this and I've seen people that work in automotive industry that have gone over from being someone that works on the computer systems to troubleshooting those to moving over to vehicle pen testing and then red teaming and with your adversarial simulation and sometimes is there's a lot more you get some of the social engineering and physical that go hand in hand with red see me and for the the part of the presentation most people are here for

how do I become a pen tester so you know you have to have this base knowledge you need to understand the technology you need to understand networking operating systems especially Windows Linux and UNIX your enterprise networks are gonna be a mostly Windows but then your your web is gonna be mostly Linux and so you need to understand these it assists admin level so if you get a shell to a system that you've you managed to hack into if you don't understand the command line and it's gonna slow you down so you really need to understand that technology understand security applications and hardware and these are these important items because you have to understand the technology before you can secure it

before you can hack into it and a way to gain so once you get that technology knowledge then you need to learn how to hack and this was where I was at when I moved from app sack to pentesting I had experience with web application vulnerability scanners Network vulnerability scanners and some other tools but I didn't know how to hack so I had to learn how to hack and that's when I signed up for the the O SCP course to learn how to hack systems so you can gain this knowledge through classes conferences like this different meetings and meetups there's a lot of local Hawass chapters and local Def Con groups that you can go in and and learn from

other people and sometimes taking these first steps and conferences and meetups as a way to see if you're really interested sometimes you may not want to invest the money into something unless you know it's something that you're wanting to do self-study is a big one even if you do the classes and stuff you definitely need to to do some self say so one of the best options here is home labs getting the hand on hands-on experience there's a lot of good videos on there hacking walkthroughs on YouTube and different educational videos tutorials are good there's a lot of good tutorials on how to use the tools how to do different hacking techniques blogs and articles and Twitter the InfoSec

twitter is a great place to find information prior to Twitter I used to get my information from blogs and RSS feeds now through Twitter sometimes you may find out it's about some new exploit before it actually makes it to some magazine articles so you can get your information quicker and get links to proof of concept code and connect with a lot of other security professionals that you can learn from and also networking and networking is Bigham on finding jobs as well as gaining knowledge and so the hacker mindset you can understand the different hacking tools and how to do certain hacks but you have to develop the hacker mindset that's be able to chain together different exploits and

vulnerabilities be able to exploit those different vulnerabilities and see how you can get further you maybe we'll get passed into the lair but if you can't exploit the system then you may be stuck there so understanding this is very important and you develop this kind like you do troubleshooting by hands-on experience and if you're doing you know Network administration or sysadmin work or development if you when you're starting out when things install and go perfect that's great but if you if things don't go wrong and you miss out an opportunity to troubleshoot and hacking similar to troubleshooting you know it's getting the hands-on experience and pen testing is one of the areas and security that that is a

combination of creativity and analytical thinking so you have to be creative and this is how helps you develop the hacker mindset and the hacker mindset takes repetition to develop and it's best develop with hands-on learning we like labs in the formula for becoming a pen tester is as we discovered you have to understand the technology the security of it that target as well as have the hacker mindset and once you have all these then you're on your way to becoming a pen tester having what it takes and you'll be patient with yourself while you're learning for me this wasn't a really easy topic to learn so give yourself patience take time while you're doing this you know take

time to really understand where you do it if you don't take the time to understand it then you there's a good chance you're going back and having to relearn it all over again and developing a plan so we're you kind of do a gap analysis so you need to fill in the gaps that you're missing if you're just getting started out then the basics like operating systems hardware and networking web development some kind of development that's a good background to get IT experience if you're working in IT and you'll have Linux experience or security learn that so learn those items those Basics in InfoSec experience there's you may work in some area that compliance or something missing some of

these areas so go back and fill in these areas that you're missing the better you learn something the better pentester you're going to be less googling and research you have to why you're doing a pen test the better and it's gonna take some of that at first but as you get into it and learn certain exploits then you'll kind of know once you see this circle really hey I can use this exploit and build on that so participating in pen testing hacking hacking in CTF sblood bounties and building a lab are really good ways to get experience filling these gaps and for everyone no matter what level you're at build a lab I even have a lab at home

so if you're wanting to learn some new hacking techniques even if you're in the field as a pen tester then sometimes you wanna test it in a lab environment so to make sure it's not going to have any negative impact on the network or the systems you're testing and this getting way to test your proof of concepts prior to using it because sometimes exploits or you use it once and you can't use it again because uh you know sometimes it messes up like a tcp/ip port or a service and you're not able to run it again so having that lab to test your proof of concepts is it's a good idea in your lab setup so there's different

options out there for you and based on your budget and your time you have to spend in it these kind of start out with the most time the least time needed to setup and troubleshoot - the most time needed to setup and troubleshooting the most money so you're minimis lab this is what I recommend starting out is you take your your desktop or your laptop and you install some VMs on it you install your attack platform I think you install some vulnerable VMs and your attack platform can actually be your host OS as well and then you get in your dedicated labs this is where you're starting to have separate systems you can have like a separate computer that's

working as a server with different VMs on it different vulnerable VMs and then you can get more advanced labs where you got your routers and switches and your your computers and servers that you're actually attacking seek but one thing to keep in mind with this if you're really in a crunch to try to learn something the more complex you get you can spend more time troubleshooting your lab early in my career I did web web development or actually web design on the side I built websites and hosted them at home on Linux server that I had home and so the problem I'd run in from time to time is if I had a failed hard drive

then I was troubleshooting trying to fix issues if I was having problems with the webserver I was troubleshooting and fixing your issues so I have go into using web hosting companies so I could spend more time on the part I was making money off of so keep that in mind you can spend more time troubleshooting and this is good too if you're trying to learn networking but just have to balance your priorities at the time if you really need to learn this then you may stick with more the minimalist lab and advantage to the minimalist lab but you can have a combination of these you know if you've got a laptop with vulnerable VMs if you're home studying sometimes

you get bored and burn out sometimes to change your scene or going to a coffee shop when they open back up and you know go to the park or somewhere else and just test if you're traveling for work or something you can clear out your lab on the plane while you're traveling so the mem lists the portability is really what I like about that option I've kind of got both of those going on home I get kind of a dedicated lab in the minimalist thing going on and then you have to have your attack platform this is the operating system that you're going to use to perform your attacks with Kali Linux is a popular when

peridot s is a pretty good option as well Kali I like it's been around longer it was developed by pen testers for pen testers they're also the creators of the OS CP certification so there's a lot of good experience going behind that and I feel like you know it's it's a brand that's gonna be around for a while so they'll have that they'll keep supporting that and they keep making improvements on the operating system some of the recent changes to the operating system where you're not logging in as root makes it a little more secure so it can actually be used as a daily driver in the past there will be something you have to be careful if

you use as your daily driver or do a little more lockdown on your security to make sure you know you're not going to get your attack machine breached and another option too is Ubuntu you can use the pen tester framework script by trusted set and it's a that will sit there and install all these different pen testing tools there like in in cali so this is a good option to if you want to just install them on ubuntu and another option is have a Windows 10 VM or operating system and install the fire I command OBM scripts this installs all the windows based hacking tools and sometimes you need a Windows VM to better attack Active

Directory or some Windows devices so having those admin tools can be very helpful and kind of for me I always have like a Windows VM as well as the Kali VM to test so it's good to have more than one option and you have to have your targets in your home lab so you can create virtual machine targets from using vault up and some really good choices to start out with is exploitable to annex Metasploit able to a Metasploit will three and the good thing about these vulnerable VMs is there's a lot of vulnerabilities on it to exploit whereas the gifties same amount of vulnerabilities on other vm she meant to install multiple so you can kind of you

can start out with Metis point well to you and that'll keep you busy for a while if you get stumped go online look up some walkthroughs the walkthroughs can be very educational you can see how different people exploit these same systems a no wast webgoat there's also a vast array of vulnerable apps that you can use juice shop is a good one damn vulnerable web app Mattila day there's a bunch of them out there for the for vulnerable web apps and create your own vulnerable VMs you can download the software from exploit DB as well as having exploits they have links to some of the vulnerable software versions so if you want to test the exploits out you

can download and build your own vulnerable VMs with this software and recommend it reading so you you know these are some really good books to start out with the pen testing a hands-on introduction to hacking by Georgia weepin this was my class book textbook for my ethical hacking class the first semester first first year actually and it's a really good book it teaches you how to build labs and the only reason I really moved to the pen test plus content is to give students a certification prepare for but this shows you how to build a lab and also how to do pen testing so this book is a really good good one to start out with and this is

what I recommend and start with in the next book I would get moved to is that the hackers playbook version two and three are out but I would start out don't skip over a version version to version two is more pen testing centric and version three gets into more red teaming so you're more adversarial simulation so both of these are good and they play on each other so I would start out with the hackers playbook too and then progress to version three and four web app pen testing one of the best books out there is the web application hacker's handbook discovering exporting flaws make sure to get version two of that there's two versions out in version

two is the latest version I use this from my web application pen testing class it's a really good book to learn from and the creators of this or the creators is actually one of the writers of burp suite which is one of the most common in popular web application pen testing tools and then you have the red Red Team Field Manual this is just a good reference to have very thin lightweight easy easy book to carry around it's got a lot of different syntax for Windows Unix Linux and maps of the different pen testing tools so it's a really quick reference and sometimes you're testing a network and you may not have access to the Internet

and so having this book can be handy and here's here's a list of learning resources and the first the first group of resources you can kind of see at the top there's a kind of a gap there these first ones are not free resources they go from where most expensive down the least expensive sans is really good content but not everyone has employers that can pay seven thousand dollars for training and then travel if travel is required for the training it's really good content it's written by some of the industry industry bests and a lot of them work in in consulting the really sharp lines yeah people like Tim Madine teaching there that that created

Kerberos ting so it's a really good resource and if your company will pay for it I recommend taking I've been through there with about pentesting course of their advanced pen testing and exploit development class the GX pn as well as i went to a hosted ICS pen testing course there and they were all really good very helpful courses and then even at security is another it's another opportunity to learn this is the this is really good price usually the max you're gonna pay is about $1,200 there's different levels and the levels vary on where you have to do all of your learning online or some of them you can download PDFs and then the amount of lab

time you get in the labs and it's really good there's certifications that go along with it and you have to perform pen tests on the pen testing certs and then there's also virtual hacking labs which is this is fairly inexpensive think you can get like a year's worth the lab time for $750 so if you're going the OSAP route this is a good way to start because they've got like a course with it as well as a virtual lab setup that you connect via VPN like the osep labs but with a difference with this they have different level boxes and they're actually listed on their difficulty and they will give you hints and tips to

help exploit that system as you get into more difficult systems they give you less help so they're kind of building you up you're starting up and then they take your training wheels off at the end and so it's up to you to be able to hack into the systems without the help so it's a good way to to prep you in a good way to prepare for the OSC P and pentester lab this is a really good one for web application pen testing they take you past the typical looked here's how you do a pop-up window for cross-site scripting some of these actually show you how to get a shell to a system so it goes really deep into the

hacking part of web app pen testing and then there's practical pen test labs this one is like $64 for lifetime access I think most of the systems are Linux I'm not sure if there's a Windows systems but it's a really good place to start there's a VPN a set up that you connect to it via VPN and and test that network and it's 64 dollars for four years lifetime access so that's a really good deal and then bugcrowd University and hacker one these are our bug bounty platforms and they offer some educational content so these are good areas there for video hacker one 101 through hacker one actually has like a CTF so you go through the CTF learning

so they these bug bounty companies put out a lot of great content on web app pen testing and then the sans blog they've got a lot of cheat sheets on there on how to use in Map Metasploit different pen testing and hacking tools then there's hacking tutorials org this was created by the people that created virtual hacking labs they have tutorials on in map different vulnerability scanners Metasploit and different tools so this is a good way to learn those tools while you're learning for this process so if you don't have experience with a map then this is a good way to pick up how to use and map those different tools and then cyber AIT I've

got it listed in the free category there is some paid content but their pen testing and advanced pen testing courses on there are free and actually use the advanced pen testing videos in my class when I was using George's book because the the content was written by Georgia Weidman and it mirrors fairly close to the book if you're going through the book I would go through both of these because you'll pick up some stuff from both that you may not get and there's you know video on how to do this so if you're a visual learner this is a good good resource to add to that and the web application security Academy from ports wicker this is kind of an extension of

the web application hacker's handbook instead of updating the book they went ahead and decided to put learning content online for free as well as the labs so you go through here and it's gotten pretty pretty thick I use these labs in my class and it's gotten where now this takes you from kind of more entry-level stuff up to very advanced so this is one as one of those type of resources that will will last you for a while and as you go through the learning content the labs are online so you can access the labs and there's no no cost for that the labs can be used mostly with with the Community Edition burp sweet but my understanding there

are some some of the labs that require the pro version and then a wast org this is a great site because you get a lot of testing guide in the OWASP top 10 if you're giving into webapp pen testing then this is a real good place to learn you can go to that site and learn a lot blowing pretty much mostly what you need to learn as well as there's a list of vulnerable apps on there some that you can download they're vulnerable VMs and some links to some online apps that are that are hosted up in the cloud so you can use use that that's really good and then you have hack the box this is a

really good place to practice your hacking some of the stuff is more kind of CTF oriented but there's a good chart out there by TJ Noll on how to prepare for the OSC P using boxes that are very similar to the OSC P labs and then over the wire CTF offers some online hacking resources which are really good and I really recommend this if you're really trying to learn Linux security that's a good place to start and there's a link down the bottom to the resources this would be available online that you can go to this page with all these resources so that way if you don't take a screenshot or download the slides which

you're available you can go to that link and get that information certifications and one thing I want to say before I mention the certification part of this certifications are good at getting your foot in the door and they can be very helpful some people have been successful without them some people they've been successful with them me personally they've helped me but even if you do preserve that pursue any of the certifications spend the time to learn the content the worst thing you could do is go through and learn this go through one of these and complete the certification and then not retaining the material and then you need it later on you got to go back and relearn it and

also you're doing people that do that you're doing the certifications in justice because people will say ok this person came in had this cert and didn't know what they're doing so some entry-level certs seh from EC counsel is one of the one of the first and most widely known this one is a good one because it kind of helps bypass the HR firewall HR is very from with the certified ethical hacker a lot of hiring managers they really are plugged in to the industry recommend this it's also a DoD cert so companies that do government work or if you work for the government this is a highly sought after cert along with the CISSP for government work and then the pen

test plus is a little newer of these entry-level certs but the thing I really like about the pen test plus is it's really heavy on methodology it's not just tool based it doesn't just teach you how to use the tools it shows you the methodology and how to put things together during a pen test and this is kind of piak content it really builds on some of the previous CompTIA contents have you been through like security plus and some of the other certs you'll you know you've touched on some of these topics so it kind of builds on that that's one of the things I really like about pen test plus is some of the

CompTIA content and then you get into your intermediate certs some people will consider will say Oh SCP is an entry level cert mind you it's entry level to ethical hacking pen testing so it's not like an entry level security certification it's not not easy and you have the G pen both of these are very popular certs when people are looking for for pen testers they typically will look for the cheap in osep or the sans webapp pen testing cert and osep you actually have a practical exam where you're hacking into systems performing a pen test and you have to get a certain amount of points to be able to pass the exam so this gives you hands-on

experience and one of my my second pen test job I got because I had this cert they normally do a hands-on interview where they give you a vulnerable VM to pen test and since I had that that got me parsed past the the lab portion of the interview and the Jeep in this is a question/answer typical like the sand certs they may bring up like a certain tool and have you asked answer questions towards that and then your advanced certifications the gspn advanced pen testing and exploit development by sands and OSCE by offensive security these are advanced pen testing and exploit development certs and as far as these go your which one to get a lot of companies what

equally ask for the sand certs as much as the offensive security certs my recommendation would be what helped me the most was the OS CP because I actually learned how to hack through that so you actually have to prove that these methods you learned are working and some job tips so professional networking you know be part of your local meetups different clubs and groups and go to conferences that way it's a good way to network even their knees virtual conferences get in discord talk to people network my last three permanent full-time jobs even including mine my teaching job I got through referrals people I know meetups Gaming referrals to jobs and at the time I

really wasn't looking for a job so stay unplugged in connecting to your community is a good way to find jobs and I really have to put in a lot of effort in seeking out jobs and then LinkedIn is good and that's your virtual resume make sure you have that populated keep it professional and make sure you update it regularly when you learn things make sure it's on there so recruiters will find you so most the recruiters I hear from or directly through LinkedIn if not through referrals and interview tips prepare for the interviews know the hola spot can no matter what kind of pentest job you're applying for you're always gonna get asked some interview question

about the last option cross-site scripting the different types how to remediate sequel injection so you can ask letters and then some of the basic stuff when you're interviewing for upper level management they've been away from it for a while they may ask you questions about freeway TC PCP handshake and the OSI model so kind understand those and anything you put your resume or LinkedIn make sure it's stuff you've done if you know you have a working knowledge of it because when you write your resume you're basically giving the interviewer an outline of what questions to ask you so you have something you really don't know that well you could get asked questions on it so keep that

in mind and if you don't know it don't put it on your resume and here's my contact information how I got into teaching was through just men and helping people that were interested in getting into pen testing and so here's my contact information I'm pretty responsive and happy to help people out I've helped a lot of people get started my website is the hacker maker comm I usually post information on my upcoming classes at Richland College and I run the pone school project so we livestream our meetings and there's recording content on there as well as a link to our slack Channel and also check out the podcast the uncommon journey on ITP sb itsp magazine it's available on other

platforms but check those out and that concludes my presentation if anyone has any questions I'd be happy to take those now all right yeah we've got I know we've got at least one here and you might have answered it this question came in pretty early during the talk and I know you touched on certifications later but the question is what are your thoughts on cyber security master's programs you know any point in going that route or just stick with certifications for me it's it's you're really gonna Bend depend on your end goal if you're want to move into management I've seen companies that will only put people management some of these are like some you're big for consulting

companies and even some of them as far as used to require bachelor's degrees aren't requiring it but I would say if you're just getting started out you've got the time to spin in school it's not gonna hurt you to have it but definitely if you want to be a pen tester you don't have to have a master's degree if that's something you want to get I would get it it's definitely not going to hurt you at all and if you ever decide you want to teach it's good to have so any kind of formal education sometimes what this is gonna do if you go to school get a computer science degree or a cyber security degree this

is going to give you some base knowledge coming in because if you don't have that you're not working in IT you're still gonna have to learn you know learn technology to be a pen tester another ideas on certifications training programs etc that are focused on the red team side of things including social engineering physical security testing and adversarial emulation I think you touched on a lot of those but go ahead some of the classes pentester academy has like a course on and their their red team courses are really focused around a active directory it kind of slipped my mind rastamouse there through zero security has some kind of course that goes through I think they leverage the pro

version of ethical hack packed the box so that's a really popular one zero security actually has a cert board and that's based on you know the logical side not really the technical side not so much the physical or social engineering part of red teaming there's some people after that offers some some courses like that a lot of that it's gonna be probably easier found at like blackhat I know also Jason Street does some social engineering courses from time to time someone recently shared one with me it was like Red Team Academy or something around that lines and they go into a lot of physical and lock-picking and stuff sans used to offer like a hosted one or two day class that was on

like physical security so so they're out out there but it's not as real already available as some of the the hacking pieces and red teaming there's a lot of good stories out there too I know a speaker we had earlier Adam Compton has a whole podcast series that he's done on YouTube on pentest fails you know and they're just so many stories on how I went to jail or almost went to jail Jason Street that a dark dark net Diaries you know about how we robbed the wrong bank and I mean it's it's I've got some myself but I find those are those are can actually be pretty useful and like like stuffed some red team

situations you can get into trouble so those are holding that on the osep right yeah yes uh that's one of the things too is go through any of these things learning how to hack you need to learn the methodology too so you know don't just get hung up on the hacking part and learn the methodology because I've seen people that came in that the one thing got their osep they knew how to hack all day long but they come back and told me man there's a lot more to pen testing than I thought so wrestling the bear did you win well technically I have to say no the bear didn't take me down but I

didn't take the bear down either and so yeah that was actually wrestled that bear twice and it was back during my pro wrestling days I worked part time as a bouncer because I wasn't making enough pro wrestling getting started out so they did a promo on a Sunday because they were bringing in this bear to bring in you know extra business on Sundays because Sunday's would normally slow so it was interesting experience not in B team but it was pretty crazy how hard it was to move that bear is like trying to to move a parked car so we we all agreed in the chat on discord that you won because you survived it yeah so so based on that

alone the fact that you know he had what a 4-4 400 450 pound advantage over you you win by surviving with both eyes not disfigured yeah well awesome I don't think we have any other questions but this was great lots of questions about you know certainly if you can get these or if you've already got the slides up where people can get to them I've gotta give resources in there yep there are re-upload ask it last night awesome awesome thank you very much Phillip I wish you luck have you already given you other talk no not yet okay well good luck on that and and thank you for delivering such a great talk for us yeah thanks for having me

yeah our pleasure our pleasure thank you thank you