What is a Pentester? 🖊️

When you think of the term penetration tester, it makes more sense when you think about someone trying to penetrate the security of a computer, a network, the building in which a network is located, or a website. While the term ethical hacker is a little easier to understand, people are surprised to hear that such a job exists.

Pentesters assess the security of computers, networks, and websites by looking for and exploiting vulnerabilities–commonly known as hacking.

To be clear, not all hackers are bad. Nevertheless, the terms hacker and hacking have been vilified for many years. Ethical hackers use their skills for good to help uncover vulnerabilities that could be exploited by malicious hackers.

The most common types of hackers are known as white hat, gray hat, and black hat hackers. These terms were taken from old westerns, where hats were used as a descriptor to tell the good guys from the bad guys:

• White hat hackers: Ethical hackers (aka pentesters).
• Gray hat hackers: Gray hats fall into a fuzzy area. Their intent is not always malicious, but it is not always ethical either.
• Black hat hackers: Their intent and purpose are illegal. Cybercriminals fall into this category.

Other commonly used terms for pentesting and pentesters include ethical hackers, offensive security, and adversarial security.

Pentest Targets and Specializations

Numerous technologies should be considered when conducting pentests. Technology is constantly evolving and creating new opportunities for threat actors to exploit and gain access to systems and the information that they store. Targets may benefit from general pentesting. Some pentesters work in a variety of areas, and some choose to specialize.

Some areas where a pentester can specialize are as follows:

✔️ Generalist (network, Wi-Fi, and light web app)

✔️ Application (web app, mobile, thick client, and cloud)

✔️ Internet of Things (IoT)

✔️ Industrial Control Systems (ICS)

✔️ Hardware (including medical devices)

✔️ Social engineering (people)

✔️ Physical (buildings)

✔️ Transportation (vehicles, airplanes)

✔️ Red team (adversarial simulation)

Skills Required to Learn Pentesting 🔧

A lot of different technologies are out there in the wild, and it can take time to learn them sufficiently. You are not required to know everything regarding technology to be a pentester, but you need to know the basics, as having a good basic understanding will allow you to learn about new technologies as they are released. Understanding OSs, including Windows and Linux, and networking is “must-have” knowledge to get started and to build upon.

Operating Systems

An operating system (OS) is required for the operation of systems including computers, servers, network devices, and mobile devices, such as mobile phones and tablets. Windows and Linux are two of the most widely used operating systems.

Here are some common Linux distributions:

• Kali Linux
• Debian
• Ubuntu
• Red Hat Linux
• CentOS
• Arch Linux

Networking

Websites, IoT, and mobile devices make up our modern, connected world. Networks, both wired and wireless, provide a threat vector that can be exploited by threat actors to access devices and sensitive information, so it is important that networks be assessed. Pentesters use attacker techniques, and therefore networking skills are required.

Information Security

Pentesters need to understand security, and this skill is needed to be successful as a pentester. This is part of the basic prerequisites for your job. To hack a system, you need to understand the technology of the target as well as the security. Weak security configurations are one of the main reasons why systems get hacked.

There are a lot of learning options, but the following is a quick guide using CompTIA certification-based learning resources as an example.

• A+
• Network+
• LInux+
• Security+

Programming Skills

Programming Skills are another crucial skill to becoming an ethical hacker. Programming means “The act of writing code understood by a computational device to perform various instructions.” So, if you want to be an ethical hacker, you need to know the various programming languages used by hackers and the languages required for hacking.

There are many programming languages to learn but I recommend is to learn Python.

Database Skills

Database skills for Ethical Hacking is another vital skill set an Ethical Hacker needs. Database Management Systems or DBMS is the development and management of all databases. Although database systems such as Microsoft SQL Server, MySQL, and Oracle are supreme in value, their security vulnerabilities have come to the forefront.

Accessing a database where all the data is stored will put the business at considerable risk, so it is necessary to ensure that this program is hack-proof. To help the company create a powerful DBMS, an ethical hacker must clearly understand the Database and various database engines and data schemes.

Bash Scripting

Bash is the common-line language of Unix-based operating systems, including Mac OS and Linux. It is an extremely useful skill for a security professional. In Cybersecurity, you are certain to work in a Linux environment. In those situations, you want to be comfortable using the bash scripting language for navigation, working with tools, and automating repetitive tasks. Since bash comes pre-installed, you can find it on any Linux machine you work on.

Information Security Basics 🔒

The CIA Triad

The most fundamental concept in information security is the CIA triad. No, this has nothing to do with the Central Intelligence Agency. The CIA triad stands for confidentiality, integrity, and availability. All information security vulnerabilities, exploits, and attacks pertain to one or more of the three components of this triad.

→ Confidentiality is making sure that data is only accessible to authorized parties.

→ Integrity is making sure that data isn’t changed, altered, or removed without authorization.

→ Availability means that data is there when it’s needed.

Malware

Malware is all malicious software. People often refer to any kind of malware as a virus, but computer viruses are just one of the many types of malware.

Malware can be categorized according to its behavior and how it replicates from one computer to another.

Viruses

Viruses replicate by infecting a file, or multiple files, on a computer and then they copy themselves onto other computers through networks (such as the Internet or a company’s LAN) or through removable media such as CDs, DVDs, and USB drives.

Worms

Worms are another way to classify malware according to how it spreads from computer to computer. Unlike viruses, worms carry themselves in their own containers rather than needing to alter the contents of existing files on their target. They can also spread through networks and removable media.

Ransomware

Ransomware describes how this type of malware behaves. Ransomware works by encrypting the files on its target’s data storage with a decryption key that’s inaccessible to the victim. Ransomware is designed to show a ransom note to the victim, which is often done through a text file or a local web page. The ransom note typically explains that the victim’s files were encrypted and that they’ll need to pay the attacker money in order to get their files back.

Cryptominers

Cryptominers aren’t always malware. They use computer processing power to solve complex mathematical problems in order to generate cryptocurrency. Sometimes, a user will consent to allow a cryptominer to operate on their machine.

Botnets

Botnets are networks of machines that are infected with zombie malware that allows a cyberattacker to control them. Cyberattackers use command and control servers to synchronize all of the zombies in their botnets to execute large-scale attacks. Botnets are also often used to execute DDoS attacks.

Spyware

Spyware is malware that threatens a victim’s confidentiality. As the name suggests, spyware spies on users. It shows cyberattackers some or all of the activities or data on infected computers. For example, spyware might send an attacker data about your web activity or email.

Rootkits

Rootkits acquire unauthorized access to targeted machines, and they try very hard to evade detection. The root is a word that’s often used to mean administrative access to a computer, hence its name. A rootkit’s malicious actions are those that would require administrative access.

Rootkits can be very dangerous indeed because they can possibly do anything to a computer’s operating system and applications that you can imagine!

Eduction Resources 📚

Acquiring hacking knowledge is required. A lot of learning resources are available, and trying to figure out which resources to use can be tough, especially for those with no pentesting experience.

Courses

Following are the training companies that offer courses.

• eLearn Security
• SANS Institute
• Pentester Academy
• PentesterLab

Books

Following are cybersecurity books.

• Penetration Testing: A Hands-on Introduction to Hacking by Georgia Weidman.
• Penetration Testing for Dummies by Robert Shimonski.
• Penetration Testing Essentials by Sean-Phillip Oriyano.

• The Hacker Playbook: Practical Guide to Penetration Testing Series by Peter Kim.

• So You Want to Be a Pentester?. Jack Halon lists a large number of useful resources that you can use to explore pentesting further. Jack also provides an overview of some of the technical skills that you’ll need to have as a pentester.

YouTube Channels

• David Bombal
• Cyber insecurity
• Cyberspatial
• John Hammond
• NetworkChuck

Hacking Systems

A pentester uses a computer to perform pentests and hack targets. You can install hacking tools directly on your computer or on virtual machines.

• Commando VM
• Trusted Sec
• Oracle VirtualBox

Popular Pentesting Tools 🧰

There are thousands of different applications that pentesters use. Which applications you use will depend on the types of networks, computers, and applications that you will be ethically hacking. The following is a summary of some of the most common applications that pentesters use.

• Kali Linux
• Nmap
• Wireshark
• Metasploit
• Tenable
• OpenVas
• Hak5

Hacking Targets

• PentestBox
• VulnHub
• Offensive Security Lab

Certifications 🎓

Certifications and degrees can be helpful for people trying to get into pentesting as well as other areas of information security, and having these credentials is especially helpful when you have little to no experience in the employment field that you are pursuing. Opinions differ, however, on the need for degrees and certifications—there are skilled and successful pentesters both with and without degrees or certifications.

Entry-Level Certifications

• Certified Ethical Hacker
• PenTest+
• eLearn Security Junior Penetration Tester

Intermediate-Level Certifications

• Offensive Security Certified Professional
• GIAC Penetration Tester

Advanced-Level Certifications

• Offensive Security Certified Expert
• GIAC Exploit Researcher and Advanced Penetration Tester

Gaining Experience 🚩

One of the hardest things about starting a new career is getting experience. Even entry-level jobs commonly require experience.

Here are some of the ways to get experience.

Capture the Flag

Capture the Flag (CTF) competitions are a way to gain ethical hacking experience. CTFs conduct hacking and other challenges that build infosec skills. Some CTFs have a greater focus on hacking, and these are the best options for those who want to be pentesters.

Following are some great resources for CTFs:

• CTFtime: This is a great resource for finding a schedule of CTFs.
• picoCTF: picoCTF is a good resource to check first for finding CTF competitions.
• VulnHub: VulnHub lists VMs that were previously used for CTFs.

Bug Bounties

Bug bounties are a great way to get a web app pentesting experience because you get to hack web applications in a production environment. Bug bounties are rewards tech companies offer people who find bugs in their software and hardware.

By participating in bug bounties, you gain the skills you need to become a pentester, and the experience you gain is helpful in interviews because you can explain how to perform a pentest and use pentesting tools, as well as discuss vulnerabilities, how to exploit them, and how to remediate them.

• Bugcrowd
• Hackerone
• Synack

I hope you liked this article.

This article is published for the Hashnode #blogswithcc challenge.

Follow me on Hashnode, Twitter, and LinkedIn.

Thank you.