Zero To Hero - How To Become A Pentester

Introduction

Do you want to become a pentester but have no experience or qualifications? Don’t worry, I went through this journey to change careers and have some tips to share from my experience. This will be a rough guide on how to move into pen testing from a position of little to no experience or knowledge. Let’s get started!

What Is Pentesting ?

Penetration testing or pen testing is carried out by a cyber security professional to find vulnerabilities in computer systems or networks. Often called “ethical hackers’’ they have a legal agreement with an organization to test/identify weaknesses in their systems and consult them on remediation.

Who Can Become a Pentester ?

If you like problem-solving then this could be a great career choice for you! No matter what your career background is, there are always skills you can bring over into pen testing. Every job has its own set of skills that can be transferred, whether it’s working under strict time restraints or being well organised.

You will often find penetration testers coming from all different backgrounds. The penetration testers that I know all have varied professional experience, for example, one of them came from studying medicine while another was previously a chef. This just goes to show it doesn’t matter what career you are in right now, you can become a pentester. My experience, I was a CAD engineer which involved a lot of forward-thinking that I could adapt and apply to pen testing. 

But What About Qualifications ?

Of course, getting a degree can help a lot in getting you into cyber security, but it is not compulsory. Not everyone has the time or money to go to university, but there are ways you can obtain the skills on your own.

What skills do I need for Pentesting?

When you think about hacking, you probably think about Hollywood movies where someone is slapping away at a keyboard in a dark room saying dramatic buzzwords like “isolate the node” or “sir, system breached”.

So what are the most important skills? I asked some of the Security Consultants I’ve known for a long time. Being a good pentester requires “really good structure and time management” while another explained “good communication skills with the client” is in his top 3.

Let’s take a look at some of the skills you will need.

Hard Skills

  • Enumeration is king.
    • Enumeration is the act of gathering information about a target system. Think of it like playing a video game, in the game are lots of items scattered around the map. You pick the items up even if you don’t know what they are or what they do just in case you might need it later. Well the same is with information gathering.
  • Comfortable with a variety of pentesting tools such as nmap, SQLMap, burp suite, NetExec just to name a few.
  • Good understanding of certain protocols such as TCP/UDP and the OSI layers.
  • OSINT (Open Source intelligence gathering).
  • Privilege escalation on windows and linux.
  • Comfortable with using linux operating systems such as kali linux or parrot OS.
  • Knowledge of OWASP’s top ten for web vulnerabilities.

Soft Skills

As a pentester, you need to convey your findings in a nontechnical or technical manner, depending on who you are speaking to. We often do this through report writing and also direct calls with the clients. Writing and speaking are just as important as exploiting computers.

  • Problem-solving
    • Every environment is different and what works in one, might not work the same in another. You will need to work out alternative solutions
  • Organisation Skills
    • Some assessments for a web application could have 5 user roles, 3 tenants, 2 APIs, and whatever other madness the client throws in there. Trying to keep track of 15 different users all with different permissions and seeing if they can access each others data will turn into a mess very fast unless you find a way to stay organised.
  • Troubleshooting
    • This is especially important because tools can break and every network is different. Being able to troubleshoot issues is a skill all of its own.
  • Methodical mindset
  • Reading and writing skills
  • Verbal communication
  • Note taking
    • Similar to staying organised, although at first glance, it doesn’t seem that important, having structured and well-written notes will save you a colossal headache

Not a skill as such, but a special mention

  • A hunger to never stop learning.

The industry changes so fast that you need to always be on the ball with the latest technologies/exploits that come out.

Okay, sounds great!… So where do I start?

First Steps

There are so many good learning platforms to choose from, but for a complete beginner, tryhackme.com is a great place to start. It has some more advanced modules but also caters to people looking to take the first step and does a great job of holding your hand along the way. This platform is a mix of theory with some practical tasks thrown in here and there.

My personal opinion is to start with a broad topic to learn the fundamentals not specific to pen testing, but to IT in general. This will give you a great foundation for moving forward. Here are some modules I recommend to get started.

  • Introductory Networking
  • Introduction to cyber security
  • Web Fundamentals
  • Linux Fundamentals Parts 1,2,3
  • Intro to Windows

 

There are so many more modules to choose from. A great thing about tryhackme is when you feel more confident and have a grasp of how the basics work, tryhackme has created pathways for you to take that guide you through topics for your desired goal.

Consistency Is Key

One thing I would like to note is that consistency is key. You are much better even doing 30 minutes to an hour of learning each day than doing 6 hours one day a week. At first, it might seem completely indecipherable and you won’t understand anything, but don’t worry, this is normal and little by little you will slowly develop skills and knowledge.

I recommend pulling up a google tab for any word you don’t understand and researching it. After an hour, you will be deep in a rabbit hole, but it’s all part of the learning process.

Note Taking

Note-taking is a big part of your progress to becoming a pentester. Nobody can remember everything as the field is so big! Notes are very important to jog your memory or have a command at hand. There are a huge amount of applications to help you out with this.

Do your research as at the end of the day note taking is a personal preference and what works for one person might not work for you. Everybody learns differently, however for me personally I found it beneficial to handwrite notes for theory to help it sink in, alongside keeping digital copies for more practical information. I personally use Joplin for my digital notes as I can self host it. I also like the structure of the application and the mark down capabilities.

I recommend getting set up for well-organised note-taking from the very beginning. Now let’s get hands-on!

Practical Training

Today, we are very lucky to live in these modern times from a pentester’s perspective. There are so many excellent platforms that allow you to hack for training purposes, also known as capture the flags (CTF’s). I recommend you have a basic understanding of Linux, Windows, networking and common services before starting this.

Firstly, you will need a Virtual machine. VMware or Virtualbox are both great with free options available. The two most common operating systems to use are Kali Linux and Parrot OS. These are essentially flavours of Linux with pre-installed hacking tools on them. Some paid learning platforms will have built-in virtual machines you can use as well.

One of the most popular platforms to practice on is hackthebox.com. Here you will be able to connect to vulnerable networks and machines (commonly called boxes) and be able to exploit them. “Starting point” is a great place to begin. You go through a series of questions you need to answer while exploiting relatively simple boxes.

Then when you feel comfortable, you can have a dabble at the retired machines where they offer a walk-through. Never feel too proud to look at the walkthrough as when you are first starting, they are a great learning tool. I would strongly suggest following along with ippsec’s YouTube tutorials as you work through the boxes as he is extremely knowledgeable, and it’s great to get a visual guide too.

Active machines are more challenging as you do not get a walkthrough or any online guides on how to exploit the boxes. Once you feel confident, you can try out some other fantastic platforms.

 

  • Virtual Hacking Labs
  • Burpsuite academy
  • Offensive Security Proving Grounds
  • Vulnhub
  • Overthewire
  • Vulnlab

 

All of these are great places to learn. However, prices vary and tailor to different areas of pen testing, so make sure you look into each one to find what suits you most.

Other Helpful Resources

Some notable mentions to help you along your journey. YouTube is your digital friend. There are lots of amazing pentester content creators doing tutorials, webinars or podcasts. A few channels I often use:

  • Ippsec
  • Elevate Cyber
  • John Hammond
  • The Cyber Mentor
  • HackerSploit
  • David Bombal
  • DarkNet Diaries (More for entertainment)

 

Another thing to bear in mind, a lot of the hacking platforms I mentioned earlier have Discord channels. The communities on these channels are incredible and you will find people happy to help you if you become stuck on a box or need advice.

Certifications

So you are pwning boxes left and right, you’re feeling good, craving that next shell. It’s time to take the next step.

Certifications are a great way to show employers your capabilities. If you can afford it, they are a great additional notch to your pentesting belt. They are hard work but nothing you’re not used to by now, right? Below are some Certifications out there to consider: 

  • Offensive Security Certified Professional – PEN-200 (OSCP-PEN200)
  • ZeroPoint Security – Red Team Ops (CRTO)
  • TCM Security – Practical Network Penetration Tester (PNPT)
  • HTB – Certified Penetration Testing Specialist (CPTS)
  • Certified Ethical Hacker (CEH)
  • Certified Penetration Tester (CPT)

 

Although you won’t get a certification from it, I want to do a special mention to Udemy. There are some amazing courses you can do there to further your experience.

When To Apply For Jobs ?

Unfortunately, there is no simple answer to this. Everyone learns at different paces and has different time restraints. Somebody with 8 hours a day for 6 months could most certainly get into a hiring position. Whereas another person could spend a few hours a week and take 2 years. What’s important is that both will reach the same goal. Without wanting to scare you, there is so much to learn and you may never feel you are ready to apply. You will have to step out of your comfort zone and I assure you that you will be rewarded eventually.

Conclusion

To conclude, everyone is in a unique situation with diverse skill sets and various learning requirements. This isn’t a set-in-stone checklist but a more gentle guide to help someone wondering where to begin.

Do things at your own pace and do what works for you. Your end goal is achievable and although it might seem extremely daunting at the beginning, (as was the case for me!) stick with it and over time you will see significant progress. Don’t push yourself too hard and risk burning yourself out and, most importantly, enjoy the journey!