I am back!
It has been a long time since I last wrote on here. Life has been full of up’s and down’s, but I feel like I finally have a firm enough grasp of the basics of information technology and information security, that I can start my pentesting journey.
My goal is as follows:
Training:
· Practical Ethical Hacking — The Complete Course (https://academy.tcm-sec.com/p/practical-ethical-hacking-the-complete-course)
·
· Open-Source Intelligence (OSINT) Fundamentals (https://academy.tcm-sec.com/p/osint-fundamentals)
·
· External Pentest Playbook (https://academy.tcm-sec.com/p/external-pentest-playbook)
·
Certification:
· Practical Network Penetration tester (PNPT) (https://certifications.tcm-sec.com/pnpt/)
·
· PEN — 200 Penetration Testing with Kali Linux (OSCP) (https://www.offensive-security.com/pwk-oscp/)
I am very excited to start this journey. I know that it will take a lot of work to become proficient enough with the skills required to complete the certifications, but I am ready and willing.
The first course I am taking in the training for the PNPT is the “Practical Ethical Hacking — The Complete Course”. As of writing this post, I am only 34% complete with the training. From my limited exposure to all things “Ethical hacking” related, it has been very good. The videos are well put together, the material is covered and explained in a common sense way, and not only are you able to follow along with the demonstrations, but you are also running the scans, and taking screen shots on your own virtual machine. This way you get the knowledge and theory of ethical hacking, but you also have a chance to get some hands on experience with the tools. You get an opportunity to learn the syntax of the tools, and what is the preferred tool for which task. As a complete beginner, this has been very helpful, and I appreciate the fact that I am not expected to know a ton of things before starting this training.
This course starts off with a short introduction of the course and what will be covered. It gives you a roadmap for what to learn and what will be covered on the certification exam. Everything you need to pass the certification exam will be covered in this course, there is no need to do additional study outside of the course material, however, any practice on sites like “Hack the Box”, “VulnHub” or “TryHackMe”, will certainly be beneficial.
The course then covers how to take effective notes. As someone who is still very new to all things ethical hacking, this seemed like an odd thing to include in the course, but it makes sense after thinking about it for a while. You need to have a way to keep track of everything you have done, or potential vulnerabilities, etc. This comes in handy for when you get stuck on a pentest, or CTF, or whatever you are doing. Plus, if you are doing a pentest for a client, you can use your notes to help you write your report.
After the note taking section, it does a quick networking refresher. After this refresher, it jumps into setting up your home lab. You get a walkthrough of setting up Kali linux, and a brief high level overview of some of the tools included with Kali.
Then you have an introduction to Linux, and learn how to do most of the basic things like making directories, changing directories, copying files, etc.
You then have a short section on Python, and learn about the basics of reading and writing some basic scripts.
This is followed by an introduction to the five stages of ethical hacking in the ethical hacker methodology. Information gathering (reconnaissance), scanning and enumeration, vulnerability scanning with Nessus, some exploitation basics, then some capstones to practice everything we have learned so far.
Then the course has an introduction to exploit development (buffer overflows), followed by an active directory overview, some active directory labs, and then a pretty deep dive into attacking active directory.
After that, they cover post exploitation, then jump into web application enumeration, the OWASP top 10, wireless penetration testing, and then they end with how to write quality reports and some final career advice.
I am very excited to go through this course, and I hope to learn a lot. The good news is that the training for the PNPT overlaps significantly with the training for the OSCP, so my end goal of earning both certifications before December 2022 is well within reach. I will continue to post here about my adventures in becoming a penetration tester, I hope to see you along the way!
