• 1 Post
  • 8 Comments
Joined 1 year ago
cake
Cake day: June 14th, 2023

help-circle
  • I’ve used Tenable Nessus Professional, and Tenable Security Center and both work well in their categories. Nessus Professional is a portable Nessus scanner a security person can take with them to do adhoc scans. Security Center (aka Tenable.sc) is a vulnerability management solution for an enterprise.

    Their competition is Rapid7 and Qualys, but I can’t speak to those myself.


  • Pentesting skills are built upon skills in Linux and Windows system administration from the command line, networking, some coding usually in Python, knowledge of web applications and web servers, and more. When starting out it can feel bad because you want to learn out pentesting topic X, but then you figure out that you need to go learn at least the basics of fundamental topic A and B first. It’s normal so don’t worry about. Just dig in and enjoy the knowledge journey.



  • Not a question but I’d like to provide some career guidance. If you’re interested in a career in penetration testing, please, please put some time in your training plan for technical writing. So many folks think the job is all hacking, but it’s really about a third project planning with meetings and such, a third hacking and a third writing. Writing rules of engagement, test plans, reports, presentations on results, etc. So business and writing is just as important as the technical stuff. A well rounded applicant will have better luck finding a role.

    Thanks for listening to my Ted talk.



  • IMO penetration testing is a skill that is built upon knowledge of the fundamentals in a pretty long list of topics. System admin using the command line only for Linux and Windows, network administration like switches, routers and firewalls, web applications, databases, and programming. Again, the fundamentals. No need to be an expert. Knowing command line is key because usually you won’t have GUI access to targets.

    So what I tell folks is to look at where they have gaps and do some introduction courses on those topics.

    For example if databases are a weak area learn the basics on some SQL and no-SQL databases. That will help lay a foundation for later learning database attacks like SQL Injection.

    Same applies to many penetration testing concepts. One needs to understand the underlying fundamentals that support the attack to really get it.

    Then it’s a matter of building skill in identifying weaknesses and matching those up with a technique that can exploit the weakness. That is a continuous learning process because tech never sits still. It’s perfect for the perpetual student type.


  • I recently achieved a multi-year goal of obtaining the OffSec Certified Expert3 certification after achieving the OSCP, OSEP, OSWE, and OSED penetration testing certifications. It was a serious grind but I learned a lot, the skills are applicable to my work, and hopefully all this alphabet soup helps if I end up looking for a new position in the future. Right now I’m glad the grind is over and I can start building depth of knowledge in some of these areas.


  • There is no one way to secure Linux servers because Linux isn’t one thing due to distribution sprawl. How you do things depends on the distribution. If you want a general guide the CIS Benchmarks are a decent place to start. Then you can make a guide on how to implement them with your target Linux server distribution. Keep in mind this is for the OS and application hardening is just as important, and is an entirely different can of worms. https://downloads.cisecurity.org/#/