How to Learn Penetration Testing
I personally believe people who want to get into penetration testing should have a very strong foundation in computer science and have either worked professionally as a programmer or an individual in infrastructure.
If you still feel like you are cut out for hacking then here’s a guide to how you can approach learning. All of these sites are legal and safe for practicing hacking if you follow all guidelines and rules.
I’m not an expert at hacking by any means but I have been working in software for about 10 years and have a very strong understanding of this.
I recommend going in a certain order for maximum growth. Crawl, then walk, then run, in that order.
Some sites like HackTheBox are not recommended for beginners.
So You Want to Be an Ethical Hacker?
Are you a life-long self learner? Are you compulsively driven to learn by a force you can’t control? Are you a risk taker? Do you think outside of the box? If this sounds like you then you might just be cut out for it…
This is not for people who can’t learn on their own.
How to Get Started with Hacking?
First and foremost, you must download a Linux penetration distribution. I recommend Parrot OS because it’s the most modern and it’s personally my favorite. You can either install this on a machine or use Virtual Box and download the OVA from their website.
I would use Torrent downloads they seem to be more reliable.
I started by downloading VulnHubs and using walkthroughs. I found this a great way to conceptually understand how web servers get hacked. I learned the basics of using tools, finding, exploiting vulnerabilities, and basic privilege escalation. After 6 months I had the basics down.
Linux is very intuitive and I find it easier to learn than Windows. I strictly focused on using Parrot OS and pen testing Linux servers first. Why? In the beginning, it’s important to get a strong understanding of the basic tools and processes. By learning how to apply the tools to Linux servers first, it made it easier to transition to Windows later. Not only that, Parrot OS and Kali are Linux distributions so if someone is not familiar with Linux they may need to get that down first.
Now, this is a very overlooked portion of learning but a lot of people want to dive into the fun, sexy pen-testing aspect of security. However, this is a fundamental flaw in the approach. It’s important to learn the business side of things so you can effectively communicate to management, clients, and succeed at interviews. This introductory course to Application Security really dives into that thought process and is one of the best videos I’ve seen on that.
Christophe Limpalair
https://www.udemy.com/course/introduction-to-application-security-appsec
Sites Recommended for Beginners
VulnHub – FREE! At VulnHub you can download Virtual Box images of vulnerable by design servers. They have intentional misconfiguration that will allow you to practice ethical hacking.
TryHackMe – They have a course for “Complete Beginner” and they provide video tutorials.
Root Me – I haven’t used this site but I’ve heard it’s a good place to start.
Cybr.com – This is a great site that will teach people who are new or experienced and provide instructional training videos.
The Birds Eye View
If someone is brand new to penetration testing and computers then they will have an enormously challenging time getting started. This isn’t easy… It is very important that they understand everything they need to learn to be proficient at hacking.
You absolutely need to be aware and learn these skill sets to be proficient at basic hacking…
Development & Programming Skills
I have found that I’ve had to learn these technologies below to be able to do pen testing effectively.
- Scripting languages like Python, Shell, Bash, and PowerShell.
- Basic C/C++
- Programming with Ruby (metasploit), Python (exploits), Lua (nmap scripts)
- Web programming languages like PHP, .NET, and Java are extremely common.
- Basic front-end web technologies like HTML, JavaScript, and CSS are a must if you’re testing web applications.
Infrastructure Concepts
- Web Hosting
- Mail Servers
- SAMBA
- Proxies and Web Application Firewalls (WAFs)
- Active Directory
- Network Topology
- Subnetting
General Penetration Testing Tools
Linux Penetration testing operating systems like Parrot OS and Kali Linux are good for beginners. More advanced users may use BlackArch. These are all basic tools that I used frequently when practicing penetration testing.
- nmap – used for porta scanning
- netdiscover – network discovery tool
- dirb/gobuster – directory discovering tool
- wpscan – WordPress site scanner
- enum4linux – scans hosts for information gathering
- sqlmap – SQL injection testing tool
- john – password cracking tool
- hydra – brute-forcing tool
Advanced Penetration Testing Skill Sets
- Application penetration testing tools like OWASP Zap and Burp Suite Pro ($400/year).
- Metasploit/Meterpreter
- C2: Covenant, Metasploit Pro, Cobalt Strike
- C2 frameworks (Empire, Silent Trinity)
- Proxying traffic SSH, Metasploit
- Docker
- Writing your own malware
- Buffer overflows
Corporate Penetration Testing
A lot of red teaming will deal with pen testing large corporate businesses. They have a lot of risks that need to be managed and will have budgets to support security testing.
- Active Directory
- PowerShell / .NET
- Covenant C2, Empire, Metasploit Pro, Cobalt Strike
- Cloud Infrastructure AWS/Azure/Digital Ocean
- Phishing
- Exploiting network printers
- Cloud Infrastructure
Random Trade Skills & Niche Skills
These are things you will need to learn that you might not be aware of. Lock picking is part of the trade. Black hat hackers will stop at nothing to compromise a companies security. It’s important to think like one to catch one.
- Lock Picking
- Steganography
- Forensics
- Technical Writing
- Pentesting Devices (Hak5)
I have been working as a software developer for about 10 years and I have found this to be the most challenging and rewarding thing I’ve learned.
@mrjamiebowman
Improving Linux Skills
Developing and consistently improving your Linux skills will be vital to your success. The majority of penetration distros are based on Linux. Most cellular devices run on a derivative of Linux. Web servers operate frequently on Linux. Linux! Linux! Linux! Learn it!
TryHackme.com ($10/m)
This is a great platform for beginners but they also have a room, “Learn Linux” that will teach people the basics of Linux.
https://tryhackme.com/room/zthlinux
Over The Wire (Wargames)
I really enjoy playing these games, they are a fun and very challenging way to improve your skills. Basically, you SSH into a server and there is a challenge that requires using your Linux skills. Once you find the key you use that as a password to the next SSH server and you can work your way up.
Vim Adventures (FREE/$25)
If you want to improve your Vim skills there is a game called “Vim Adventures” that requires you to use Vim to play it. This is a fun way to improve and learn Vim. Each level of the game will teach you Vim commands.
Linux Academy ($50/m)
This is a great place to learn and prepare for certifications. This platform allows for courses with videos that will get you up to speed on Linux very quickly.
Application Penetration Testing
Burp Suite Academy
Port Swigger makes an amazing application penetration tool called “Burp Suite”. Their pro version is $400 dollars per year for a license and is well worth the money. There is a community edition but it is much slower than the pro version. They also offer free training for basic web application security.
https://portswigger.net/web-security
PentesterLab Pro ($20/m)
They certainly have a lot of information here that aligns with application pen testing. There are plenty of exercises that cover CSRF, JWT, XSS, Cookies and more.
Downloadable Labs
This lab includes pre-made vulnerable applications like Damn Vulnerable Web App (DVWA), OWASP’s JuiceShop and more.
https://www.vulnhub.com/entry/lab26-11,190/
Damn Vulnerable Web App (DVWA)
https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/
Penetration Testing Labs & Training
TryHackMe.com
This is a great site for beginners and people who are experienced. There are rooms that teach your certain skill sets. The site has learning paths that will take you down “Complete Beginner”, “Offensive Pentesting”, “Primer Series”, and “Web Fundamentals”.
Hack The Box ($120/y)
This is one of the best platforms for practicing penetration testing. This is not an environment for beginners. Conceptually, it is set up to rank and measure users by their skill sets. It’s very competitive. Just to get into the site you have to hack your way in using the console app in the browser. Before I got serious, I was able to hack my way in. It’s very easy and if you can’t figure that out then you should not start here.
Pentester Academy ($40/m)
This is one of my favorites and is a great platform for learning but I don’t recommend it for absolute beginners. I think once someone has the idea of how hacking works this is a great platform to grow your skills on. There are individual labs that will teach you certain skills. It’s very easy to improve by picking up niche skillsets here.
247/CTF
This website hosts over 47 challenges that will test your technical skills across cryptography, networking, reversing, and exploitation.
Cyber Sec Labs
This is a site that allows you to VPN into their servers and spin up vulnerable machines. You may then practice your skillsets on them. This is very similar to how HackTheBox works.
https://www.cyberseclabs.co.uk/
CTF Time
This is a website that shares CTFs that are hosted by individuals and organizations.
Red Teaming Labs / Corporate
Red Teaming is the bigger picture of penetration testing. This is where operators work as a team to pen test an entire network. This is typically the case. Often this means pen testing a Microsoft Network with Active Directory that mimics a corporate network.
Pentester Academy ($40/m)
I think Pentester Academy is one of the best places to learn red teaming. There are a lot of videos on pen testing Windows and Azure. This is a great place to learn from highly skilled experts. There are plenty of labs that will allow you to practice individual techniques that you will learn. Their red teaming labs will take your skillets to the next level.
https://www.pentesteracademy.com/
Pentester Academy: Red Team Lab
https://www.pentesteracademy.com/redteamlab
A red teaming lab is very expensive and can cost up to $400/month. The difficulty level here is very high and not recommended for novice or medium-skilled hackers. If you’ve been training for 1.5 – 2 years you may be ready for this. Some of the more skilled IT workers may be ready sooner.
In the red team labs you can learn things like domain enumeration, situation awareness, extracting credentials, replaying those credentials, domain privilege abuse, brute force, local privilege escalation and more.
Azure/AWS (Roll Your Own)
Alternatively, some of the Red Team labs are extremely expensive. Expect to pay between $250-$450 dollars per month for a really good red team lab. I’m working on Infrastructure as Code (IoC) using Terraform and Ansible to create mock environments for practicing pen-testing tools and techniques. Alternatively, you can create this your self. Azure provides Azure Active Directory services that can be easy to set up and torn down when needed. This is great for practicing and gives you the ability to learn Cloud infrastructure as well. The downsides are that you may not be able to get older legacy Windows Servers.
