Search This Blog

Friday, November 23, 2012

Where to Start: n00b 'pen-tester'? Part uno.

I would like to start by stating that I am a n00b.  Even after years of using Ubuntu as my sole OS, I don't really know that much about Linux, and even less about being a pen-tester.  Come to find out you can't just load up some videos off you-tube with some software and start doing whatever it is you do.  Negative.

This is where I will stop and say nothing in this blog is intended to teach you how to do anything malicious to anyone, anything, anytime.

Q.  Where do I find information on becoming a Pen-tester?
As a W$ (windows) user, I only had self-taught computer skills, and it is not like you can just go asking people on the street for information about network security, so I decide to start to become familiar with the information of it, through the Google and the You-tube.  You will learn it is almost impossible to learn about things if you do don't know how to search for them.  Putting hacking into a search engine is going to be about as useful for you as it was for me.  This is where we learn how to use Google to search for what really want, by being specific with our search terms.

Forget get adding articles (a,an,the) with your terms, instead use the'+' sign in between parts of the search.  Example:  If I am searching for information on penetration testing for beginners, instead of searching for: penetration testing for beginners, search for: pen-test+beginners+tutorials.  Or by looking over this information on it.  Get into the habit of searching for tutorials.

Q.  What information do I trust?  Does the author know what they are talking about?

I still have trouble with this one.  There are a couple approaches one can employ.  You could become a member of a forum and start asking questions about hacking and taking over networks, but this will usually get you banned.  It should.   Or you can do it all by yourself, too scared of everything, to nervous to ask any questions at all.  Not it either.  The smartest approach IS to understand people are not going to spoon feed you any information about these subjects, and expect at the very least for you make serious effort at solving your problems before you come to them.  You are going to have mentors, testers who you follow, whether through blogs, FB,G+, whatever, just make sure you look for patient teachers who provide you solid information.  The kind that keeps you out of trouble, because with this knowledge...well let's just say we things can get crazy.

One ninja/tester I follow is n1tr0g3n.  His page is at, I highly recommend his information and his style.  Also you can check out a site called Top-Hat-Sec, THS.  Click the forum tab and register or stay a guest, whatever.  Look for General Discussions and your in. Before you ask questions there, USE THE SEARCH FUNCTION ON THE PAGE.  The artisans there won't flame you for asking dumbass questions, but appreciate the effort we were talking about earlier.  THS is a paid forum, and this is something I would recommend.  It is cheap for what you get.

I will be answering more questions I have had, up until now in part dos.  Please leave any comments you have.


No comments:

Post a Comment