Home page logo

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: Dragos Ruiu <dr () KYX NET>
Date: Sat, 9 Sep 2000 18:01:26 -0700

May I break with convention here and recommend an alternate
recommended pen-test educational path recipe bucause
I don't think there is a one book answer(sorry bout the unix bias):

"The C programming Language" = Kernighan&Ritchie
(sorry, the classic is still the most concise, clear, best damn
book on C ever)

Any book on x86 assembler programming.
The O'Reilly Perl book.

"The Design of the Unix Operating System" - Bach
"The Design of the 4.3 BSD Unix Operating System" - Lefler, McKusik, Carels, Quarterman

then... Stevens TCP/IP book....
and a glance through Douglas Comer's TCP/IP Vol 1
Aho Hopcroft and Ulman's, Data Structures book...

The O'Reilly "Managing IP networks with Cisco Routers" book...

Add a sprinkle of Christian Huitema's excellent "Routing in the Internet"

and season with Bruce Schneier's "Applied Cryptography"

Have a good look through the Linux source code, HOWTOs, and
Microsoft MSDN docs...

Then go implement some networking to get some practical experience.
Become familiar with the default Win2K, Solaris, Linux, and Free/OpenBSD
installs by building up some systems.

Read every phrack ever published throroughly...
Then spend a lot of time reading through the code at www.technotronic.com
Then get familiar with the utilities at www.whitehats.com, and

Read Ron Gula's, how to become a Level 12 Hacker paper...
(Sorry don't have a URL, but hey if you're gonna start, you
should at least be able to find that yourself...  check NSW's
site library ;-)

Try re-writing an exploit from scratch.  Analyze a coredump.
Scan though the bugtraq archives.

Go read the BOFH stories...  :-)  Hang out in the ADM suite at DefCon. ;-)

My point here is that the more you understand how something works
the better you will be at understanding its strengths and weaknesses,
and taking advantage of them or giving someone else an estimate of


dursec.com ltd. / kyx.net - we're from the future
pgp fingerprint: 18C7 E37C 2F94 E251 F18E  B7DC 2B71 A73E D2E8 A56D
pgp key: http://www.dursec.com/drkey.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]