It is difficult sometimes for someone without any experience that he wants to join the field of the penetration testing to establish which tools he should know as a starting point. Based on what the industry usually expects from rookies during the interview or in their first year if they join the company that is hiring, the following list has been created as a pointer with the most common tools.
These tools can cover the basics in an infrastructure and in a web application penetration test. Of course all of these should be used in a safe lab environment and not across the Internet.
An interview is an opportunity for someone to chase something better for his career. It is the time that he needs to shine and demonstrate that he has the professional behaviour. Being professional it means two things: responsibility and maturity.
There are some generic rules that every interviewee should follow in order to impress and increase his possibilities to have a job offer. Except of the technical knowledge a good candidate should focus on the below:
- Think before you answer any question
- Know your CV fully and be ready to respond about it
- Wear professional clothes
- Arrive at least 10-15 minutes before the interview
- Perform a background check on the company
- Perform a background check on the interviewer
- Give clear answers and concise
- If you don’t know an answer admit it
- If you don’t understand a question ask for clarifications
- Be ready to ask questions about the role and the company
- Be polite and enthusiastic
- Thank the interviewer for his time at the end of the interview
Every penetration tester should be fluent with the Windows command prompt since various commands could be used in different stages of a penetration test like domain recon and post exploitation.
Of course there are plenty of windows commands to use and the purpose of this post is not to cover all of them but only those that are needed during an exam certification, interview or a basic penetration test.
The following commands are considered the most common:
- whoami – List the current user
- net share – View current network shares
- net use X: \\IP_Address\c$ – Mount a remote network share
- net localgroup – Retrieve the local groups
- net localgroup Administrators – Retrieve local administrators
- net user pentestuser pentestpass /add – Add a new user to the current host
- net localgroup Administrators pentestuser /add – Add pentestuser to the local administrators group
- net user pentestuser /domain – View information about a domain user
- net group “Domain Admins” /domain – Retrieve domain administrators
- net config server/workstation – View the domain name of current host
- net view – List all hosts in the current workgroup or domain
- net view /domain – List all domains available
- net user /domain – List all the domain users
If your job interview requires a practical component then you need to prepare in certain areas. Obviously due to time constraints it is not possible for a candidate to cover everything in his preparation and future employers doesn’t expect that as well. However candidates need to demonstrate that they know how to perform basic penetration testing activities up to level and are confident.
Employers usually they are looking for candidates that they know already how to perform the basics as it will take less working time to train them and they can be billable faster.
The following skills are required for almost any technical interview:
- Scan a Subnet Network to Identify Hosts
- Nmap – TCP/UDP scan and Service and Version Detection
- Metasploit – Search and Configure Modules
- Meterpreter – Dump hashes and Privilege Escalation
- Unix – NFS Export, Connect to a Share Folder, Telnet Authentication Bypass
- Windows – Netapi vulnerability
- Database – xp_cmdshell
- Authentication Bypass
- Modify Cookie Values
- Reflected and Stored Cross Site Scripting
- SQL Injection
- Command Execution
- File Inclusion (RFI and LFI)
Most of the penetration testers have their own blog or website where they share their research, techniques or personal tools. Keeping a list of well-known blogs to follow it will allow you to learn about a specific technique which it cannot be found on books or a new script that will assist you during your daily penetration testing activities.
Below is a list of some of the most popular blogs which are recommended to follow and read:
For the people that they want to make a start into the penetration testing industry it is really important to build their knowledge in a structure way. Books can provide guidance and build the foundation knowledge that is required for a start.
In nowadays there are plenty of books written by penetration testers for penetration testers that provide technical examples so it would be easier for the reader to understand them and obtain as well some practical skills.
The skills that someone will require by reading a technical book and following the examples in his home lab environment will not only be useful for a potential job interview but on his day to day job as well.
As a starting point the following books are recommended:
One of the questions that university students with an interest in the field of penetration test are having is how they can keep up to date with the latest news, tools and techniques. The answer is simple since the majority of the InfoSec people exist on Twitter and they use it as a platform for sharing knowledge, tools and ideas.
If a major vulnerability is discovered or there is a data breach then this is going to be discussed over Twitter. It is really important to follow the correct people so you can have all the latest news on your timeline.
It is recommended to create a Twitter account if you don’t have already one and to follow the accounts below: