View Single Post
Old 7 November 2014, 14:13
CV's Avatar
CV CV is offline
Authorized Personnel
Join Date: Apr 2003
Location: US
Posts: 7,979
Learning is Easy

Here's my lunch-break addition for the thread...

Vulnerability assessments and penetration testing are skills that can be learned with little to no buy-in. Meaning, the tools required are generally free, or have a free version. Couple this with the fact that you can run virtual computers (VMs) at home, and you can really get up to speed if you are dedicated.

Certification versus Functional Knowledge

I covered this before, but it's worth restating that if you obtain a certification such as CEH, it doesn't mean you're a hacker or pentester. It means you likely have a solid baseline amount of knowledge that can then be molded and specialized. In other cases, you may just be a wiz at taking tests (in the later, it's easy for someone to decern). This is not to poo-poo certifications, but know that the real world functions completely different.

Functional knowledge is where you're going to really kick ass. By setting up VMs and playing around with various tools, you'll be able to master specific areas and provide real-value to any organization you work for.

I recommend taking a look the OSI model (For the majority of this entire thread, I am making the assumption that you (the reader) has a modicum of knowledge related to networking technologies.).

Each layer of the model contains threats, vulnerabilities, and exploits that you can play around with to your hearts desire (in your virtual environment).

Virtualization Software
There are paid options out there, such as VMware, that work great, but as you're likely wanting to get in cheap, check this link out for options. Honestly, Oracle's VirtualBox (in the link as well) is the best option in my opinion.

Go set up several virtual machines. All you need is an .ICO of the operating system you are wanting to run. You can even pick up free evaluation software for major distros like Windows.

If you are feeling chippy, or already have the know-how, I recommend setting up a couple web-servers, database servers, and/or replicate an actual network entironment. The closer you can get it to a production environment, the better. If you can't do all of this, don't sweat it. It's not required.

Virtualization also gives you a slight advantage if you're concerned about privacy issues (which you should be, in general). Check out the pinned topic on data security and privacy here in the Tech forum. There's a lot of good info, and Poly has given out solid advice as well.
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote