Pen tester knowledge is cheap
Author: Stefan Waldvogel
A Penetration tester path (first steps) for under $100
People love ethical hacking, even so, the job market is difficult to work as a penetration tester, due to the extremely high wanted knowledge. Out of all Cybersecurity jobs, penetration testing is the most hyped field and probably the most difficult area to get a job.
It is easy to get a solid understanding of penetration testing skills for a cheap price. The next picture shows one way to get the knowledge for under $50. This path does not give you a certification.
It is easy to get a solid understanding of penetration testing skills for a cheap price. The next picture shows one way to get the knowledge for under $50. This path does not give you a certification.
What do you get for under $100?
You might think the knowledge is not deep, but I can tell you that your basic level is solid if you all of these courses and dive into it. You will not get a job with it in the US, but you have a start point. From this point on, you can understand everything enough to do self-learning. You know how to use GitHub, many tools, and if you see something new, you quickly learn it.
For under $100, you can see if you like penetration testing or not. Maybe you do not like it, but you are going into the blue side. I will tell you one thing: Your knowledge and understanding of red attacks will help you a lot. You are a blue teamer with a hacking background. This knowledge gives you an immense advantage to understand your job. One example: You check a log, and you see this: ..%2f..%2f..%2f..%2fetc%2fpasswd
For most people... these are numbers, but you know it better, and you see it immediately.
I do not have $100 and I want to learn pentesting!!
Do not worry. Heath Adams PEH course (old version) is on YouTube. Google for "Zero to Hero Pentesting" and "The Cyber Mentor". To follow this course without bigger problems, you should use a Kali Linux 2019.3. You can download it here: old.kali.org/kali-images/kali-2019.3/ These are iso files (pick one maybe kde-2019.3) and you have to install it on a VM or on a separate machine.
How long do you need for this single picture?
Even if you study every day, you need between 2 months and a year. The reason is, you build a rock-solid foundation in very different areas and this takes time.
What next?
If you like penetration testing and want to work in it, you most likely need some certifications.
A brand new option is CERTIFIED PRACTICAL ETHICAL HACKER (CPEH) for $299 (certifications.tcm-sec.com/cpeh/). It is based on what you learned before.
A path could be eCPPT -> OSCP. If you do not have the money for certificates, you can dive into MITRE (attack.mitre.org/) and things like Atomic Red Team (https://github.com/redcanaryco/atomic-red-team). If you understand these things, you reached a professional level.
You might think the knowledge is not deep, but I can tell you that your basic level is solid if you all of these courses and dive into it. You will not get a job with it in the US, but you have a start point. From this point on, you can understand everything enough to do self-learning. You know how to use GitHub, many tools, and if you see something new, you quickly learn it.
For under $100, you can see if you like penetration testing or not. Maybe you do not like it, but you are going into the blue side. I will tell you one thing: Your knowledge and understanding of red attacks will help you a lot. You are a blue teamer with a hacking background. This knowledge gives you an immense advantage to understand your job. One example: You check a log, and you see this: ..%2f..%2f..%2f..%2fetc%2fpasswd
For most people... these are numbers, but you know it better, and you see it immediately.
I do not have $100 and I want to learn pentesting!!
Do not worry. Heath Adams PEH course (old version) is on YouTube. Google for "Zero to Hero Pentesting" and "The Cyber Mentor". To follow this course without bigger problems, you should use a Kali Linux 2019.3. You can download it here: old.kali.org/kali-images/kali-2019.3/ These are iso files (pick one maybe kde-2019.3) and you have to install it on a VM or on a separate machine.
How long do you need for this single picture?
Even if you study every day, you need between 2 months and a year. The reason is, you build a rock-solid foundation in very different areas and this takes time.
What next?
If you like penetration testing and want to work in it, you most likely need some certifications.
A brand new option is CERTIFIED PRACTICAL ETHICAL HACKER (CPEH) for $299 (certifications.tcm-sec.com/cpeh/). It is based on what you learned before.
A path could be eCPPT -> OSCP. If you do not have the money for certificates, you can dive into MITRE (attack.mitre.org/) and things like Atomic Red Team (https://github.com/redcanaryco/atomic-red-team). If you understand these things, you reached a professional level.
© 2021. This work is licensed under a CC BY-SA 4.0 license