<h1 style="text-align:center";>Pentesting</h1> 1. Cyber Security > points are specific to pentesting and product or application security engineer ``` Points:- This Are for every Pentester or for every Cyber security enthuiast TO ALL First visit the Imp Links mainly and more important understand the Resume Links and check it out Every skills in the resume for the approriate post.... Remaining all for my understand The Links will be very useful to you ``` ``` IMP LINKS Skills https://www.infosecmatter.com/25-essential-skills-of-every-pentester/#hardware_and_networks https://cybersecurityguide.org/careers/penetration-tester/ Resumes https://www.hireitpeople.com/resume-database/82-quality-assurance-resumes/68000-penetration-tester-resume-arlington-va https://www.hireitpeople.com/resume-database/79-other-resumes/23384-sr-penetration-testerresume-profileowings-mills https://www.livecareer.com/resume-search/r/penetration-tester-consultant-25926a15cbac482883f8d00d26da0d86 https://www.mintresume.com/resumes/penetration-tester Interview Questions https://resources.infosecinstitute.com/topic/how-to-become-a-penetration-tester-resume-and-interview-questions/ Tools https://phoenixnap.com/blog/best-penetration-testing-tools ``` Books  https://github.com/Ne3o1/PayLoadAllTheThings ``` What should we know 1. V IMP Python c c++ javascript PHP Assembly Database :- MYSQL NOT NECESSARY LIKE V IMP React Node RUBY PERL 2. Learn How to use cloud @aws In and out of aws... Terms :- Buckets and Lamda Function 3. How to AUtomate tasks API Testing and APi security ``` ``` **OWASP TOP 10 VULNERABILITIES** Injection Broken Authentication Sensitive Data Exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting (XSS) Insecure Deserialization Using Components with known vulnerabilities Insufficient logging and monitoring Links:- https://sucuri.net/guides/owasp-top-10-security-vulnerabilities-2020/ ``` ``` **Know abt these things in details** Switches Routers Directory Servers (Active Directory, LDAP, Novell) Core infrastructure services (DNS, DHCP, WINS) File and Print Sharing Services User Workstations Database Servers Internal Client-Server Applications Internal Web Applications Firewalls External Routers Web Servers Domain Name Servers (DNS) Remote Access (VPNs, SSL VPNs, etc.) Secure Encrypted Connections (site-to-site or B2B VPNs) Email Systems File Transfer Servers ``` ``` Tools Must use Wireshark Aircrack Burp Suite Nessus Kali Linux SQLmap Metasploit BeEF John The Ripper Password Cracker ``` ---  --- ``` **Skills** Strong networking skills Many vulnerabilities are network-based. Understanding computer networks at an expert level enables pen testers to exploit vulnerabilities and identify issues others may miss. System administration skills. Understanding how computers, servers, and network appliances work and are configured is an important part of pen testing. For example, if you understand how to harden a server, you know where to look for misconfigurations. *nix skills. While you should be familiar with a variety of operating systems, *nix systems are particularly important. Many network security tools are Linux-based and getting comfortable with the Linux terminal will be beneficial. If you are going to make a career out of pen testing, running an operating system like Kali makes sense. Programming skills. You don’t necessarily need to be a software developer to be a pen tester, but programming skills are helpful. Scripting languages (e.g. Bash, Python, Perl, PHP, and Ruby) and languages common in web development (HTML, CSS, JavaScript, SQL, and ASP.NET) in particular can prove quite useful. Automation skills Scripting languages help you automate tasks and hit the ground running with many tools. Web development languages get you familiar with a common attack surface. However, any language can prove useful given the right context. Even a general understanding of how different languages work can make you a better pen tester. ``` ---   --- ``` Some Nice Website suggestion as comments 1. Mastery of an operating system. I can’t stress how important it is. So many people want to become hackers or systems security experts, without actually knowing the systems they’re supposed to be hacking or securing. It’s common knowledge that once you’re on a target/victim, you need to somewhat put on the hat of a sysadmin. After all, having root means nothing if you don’t know what to do with root. How can you cover your tracks if you don’t even know where you’ve left tracks? If you don’t know the OS in detail, how can you possibly know everywhere things are logged? 2. Good knowledge of networking and network protocols. Being able to list the OSI model DOES NOT qualify as knowing networking and network protocols. You must know TCP in and out. Not just that it stands for Transmission Control Protocol, but actually know that structure of the packet, know what’s in it, know how it works in detail. A good place to start is TCP/IP Illustrated by W. Richard Stevens (either edition works). Know the difference between TCP and UDP. Understand routing, be able to in detail describe how a packet gets from one place to another. Know how DNS works, and know it in detail. Understand ARP, how it’s used, why it’s used. Understand DHCP. What’s the process for getting an automatic IP address? What happens when you plug in? What type of traffic does your NIC generate when it’s plugged in and tries to get an automatically assigned address? Is it layer 2 traffic? Layer 3 traffic? 3. If you don’t understand the things in item 2, then you can’t possibly understand how an ARP Spoof or a MiTM attack actually works. In short how can you violate or manipulate a process, if you don’t even know how the process works, or worse, you don’t even know the process exists! Which brings me to the next point. In general you should be curious as to how things work. I’ve evaluated some awesome products in the last 10 years, and honestly, after I see it work, the first thing that comes to my mind is “how does it work”. 4. Learn some basic scripting. Start with something simple like vbs or Bash. As a matter of fact, I’ll be posting a “Using Bash Scripts to Automate Recon” video tonight. So if you don’t have anywhere else to start, you can start there! Eventually you’ll want to graduate from scripting and start learning to actually code/program or in short write basic software (hello world DOES NOT count). 5. Get yourself a basic firewall, and learn how to configure it to block/allow only what you want. Then practice defeating it. You can find cheap used routers and firewalls on ebay, or maybe ask your company for old ones. Start with simple ACL’s on a router. Learn how to scan past them using basic IP spoofing and other simple techniques. There’s not better way to understand these concepts than to apply them. Once you’re mastered this, you can move to a PIX, or ASA and start the process over again. Start experimenting with trying to push Unicode through it, and other attacks. Spend time on this site and other places to find info on doing these things. Really the point is to learn to do them. 6. Know some forensics! This will only make you better at covering your tracks. The implications should be obvious. 7. Eventually learn a programming language, then learn a few more. Don’t go and by a “How to program in C” book or anything like that. Figure out something you want to automate, or think of something simple you’d like to create. For example, a small port scanner. Grab a few other port scanners (like nmap), look at the source code, see if you can figure any of it out. Then ask questions on forums and other places. Trust me, it’ll start off REALLY shaky, but just keep chugging away! 8. Have a desire and drive to learn new stuff. This is a must; It’s probably more important than everything else listed here. You need to be willing to put in some of your own time (time you’re not getting paid for), to really get a handle on things and stay up to date. 9. Learn a little about databases, and how they work. Go download mysql, read some of the tutorials on how to create simple sample databases. I’m not saying you need to be a DB expert, but knowing the basic constructs help. ``` ``` What do penetration testers do? What do penetration testers do? Generally speaking, pen testers typically perform threat modeling, security assessments, and ethical hacking of networks, systems, and web-based applications. More specifically, assurance validation involves some or all of the following tasks: Gather and analyze Open Source Intelligence (OSINT) to find information disclosures. Provide subject matter expertise focusing on offensive security testing operations, working to test defensive mechanisms in an organization. Conduct assessments on a wide variety of technologies and implementations utilizing both automated tools and manual techniques. Develop scripts, tools, and methodologies to enhance testing processes. Assist in the scoping of prospective engagements, leading engagements from initial stages through implementation and remediation. Conduct social engineering exercises and physical penetration tests. Test wired and wireless networks for security vulnerabilities. Examine assessment results to identify findings and develop a holistic analytic view of the system within the environment in which it operates. Identify the root cause of technical and non-technical findings. Publish an Assessment Report that documents findings and identifies potential countermeasures. Track findings that are repeated across multiple assessments and communicate these findings. Upon completion of assessments, communicate methods employed, findings, and analytic. Provide technical support to ISOs in remediating assessment findings. Provide technical support in network exploitation and evasion techniques to assist in comprehensive incident handling and forensic analysis of compromised systems. Penetration tester job description Penetration/ethical hacking job scopes vary widely based on the employer and seniority level. Looking at stated responsibilities for senior-level positions provides insight into the eventual dream job for all ethical hackers. This real-life job description gives you an idea. Lead enterprise and system-focused network and application penetration assessments to identify security risks and vulnerabilities. Perform testing on a wide scope of systems, including web applications, security controls, network infrastructure, wireless, and mobile deployments. Conduct hands-on technical testing beyond the use of automated tool validation. Plan, execute, report, and lead technical debriefs on testing activities and outcomes. Execute covert Red Team Cyber operations to mimic adversary tactics and work closely in a Purple Team to test exploits needed to build detections. Communicate findings and remediation strategies effectively to stakeholders, including technical staff and executive leadership. OSCP, GPEN or GXPN certification preferred. Information security needs become exponential more critical in organizations dealing with state secrets, such as military suppliers and national security organizations. This real-life job description was posted by a major US military equipment manufacturer for a senior-level pen test position. Performs penetration tests and vulnerability analysis on web and other applications, network infrastructure and operating system infrastructures. Briefs executive summary and findings to stakeholders to include Sr. Leadership Have an understanding of how to create unique exploit code, bypass AV and mimic adversarial threats. Assesses the current state of the customer’s system security by identifying all vulnerabilities and security measures. Helps customers perform analysis and mitigation of security vulnerabilities. Researches and maintains proficiency in tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, and network security and encryption. Provide support to incident response teams through capability enhancement and reporting. Mentor junior and mid-level staff members by creating and teaching the latest techniques in ethical hacking and vulnerability analysis. ```