Wednesday, July 20, 2005
How to Be a Pen-Tester
Technology Updates
Read and learn about network protocols. Be able to quickly recognize things like.... a TCP session SYN, SYN ACK, ACK, - data - FIN, FIN ACK handshake.
Read about text-based network protocols, IE SMTP, POP3, TELNET, FTP, HTTP etc and be able to manage a session by hand without relying completely a script
Learn to look at the output of NMAP and know within 10 seconds what the purpose of each machine shown is. Learn which ports do what and what ports don't do anything. What ports are common and what ports are not. What ports are static and what ports are dynamic. Learn what ports are reserved and which aren't and what ports are superuser only and which ports are open season for any process.
Learn about firewalls and what brands are out there. Read about stateful packet inspection and absorb its usefulness and danger. Read about NAT and how it can impact security and accessability. Learn how the shape of the headers on a packet can determine many things ranging from the host OS to
the presence of a virus.
Learn about network topography and the difference between routing and switching and broadcasting. Learn about IP subnetting and the difference between public/private IP addresses. Learn about routers and how they work.. and WHY they work. And WHERE they work.
Read about the programming of the IP stack and how TCP/UDP on IP works in terms of windows and responses and learn how IP fits in with other network protocols and where TCP differs from UDP.
Learn how to code in C. Know what a buffer is and how it might overflow.
Be able to read complex C code (try the Linux kernel, last I looked at it, it was a spaghetti ball and ugly as hell, but beautiful at the same time)
Learn the difference between a virus and worm and the difference between a rootkit and a Trojan. And the difference between a cracker, hacker and a
script-kiddie. FYI, good pen-testers are BY DEFINITION, good hackers. Bad
pen-testers are almost always uhhh "white hat script-kiddies".
it could keep going... there's lots more.
but being a good pen-tester is basically akin to being a good cracker.
Being a good cracker is not like TV where someone click buttons for 45 seconds and WHAM, they broke into the IRS mainframe. It's about patience, knowledge, intuition, knowledge, experience, knowledge and most importantly, all of the above.
FYI, FOUR semesters of Graduate Level network infrastructure, network design and "information warfare" classes didn't come close to covering all of this material.
The pen-tester has to be close to the elite of the crackers or their test does nothing.
If all you do is run some tools and see that the tools can't do any damage, you're a script-kiddie, not a pen-tester.
Comment by Eric - Hagen
Read and learn about network protocols. Be able to quickly recognize things like.... a TCP session SYN, SYN ACK, ACK, - data - FIN, FIN ACK handshake.
Read about text-based network protocols, IE SMTP, POP3, TELNET, FTP, HTTP etc and be able to manage a session by hand without relying completely a script
Learn to look at the output of NMAP and know within 10 seconds what the purpose of each machine shown is. Learn which ports do what and what ports don't do anything. What ports are common and what ports are not. What ports are static and what ports are dynamic. Learn what ports are reserved and which aren't and what ports are superuser only and which ports are open season for any process.
Learn about firewalls and what brands are out there. Read about stateful packet inspection and absorb its usefulness and danger. Read about NAT and how it can impact security and accessability. Learn how the shape of the headers on a packet can determine many things ranging from the host OS to
the presence of a virus.
Learn about network topography and the difference between routing and switching and broadcasting. Learn about IP subnetting and the difference between public/private IP addresses. Learn about routers and how they work.. and WHY they work. And WHERE they work.
Read about the programming of the IP stack and how TCP/UDP on IP works in terms of windows and responses and learn how IP fits in with other network protocols and where TCP differs from UDP.
Learn how to code in C. Know what a buffer is and how it might overflow.
Be able to read complex C code (try the Linux kernel, last I looked at it, it was a spaghetti ball and ugly as hell, but beautiful at the same time)
Learn the difference between a virus and worm and the difference between a rootkit and a Trojan. And the difference between a cracker, hacker and a
script-kiddie. FYI, good pen-testers are BY DEFINITION, good hackers. Bad
pen-testers are almost always uhhh "white hat script-kiddies".
it could keep going... there's lots more.
but being a good pen-tester is basically akin to being a good cracker.
Being a good cracker is not like TV where someone click buttons for 45 seconds and WHAM, they broke into the IRS mainframe. It's about patience, knowledge, intuition, knowledge, experience, knowledge and most importantly, all of the above.
FYI, FOUR semesters of Graduate Level network infrastructure, network design and "information warfare" classes didn't come close to covering all of this material.
The pen-tester has to be close to the elite of the crackers or their test does nothing.
If all you do is run some tools and see that the tools can't do any damage, you're a script-kiddie, not a pen-tester.
Comment by Eric - Hagen
# posted by David Low @ 3:02 PM 
