Penetration Testing Book by Georgia Weidman

In my previous post I’ve already mentioned that I will keep up learning new stuff. The title of my blog is securitypath and so security topics will be mostly present here. In the future I would like to get my foot in the door in the security industry. The most interesting part is the whole blue team / red team approach, where the blue team is defending and hardening the systems and infrastructures and the red team is trying to get around these things and get control of the target boxes.

Some days before I saw on Twitter a nice piece of code as infinite recursion. Starting with a new idea, losing motivation, abandon project and then having the next idea again. So according to this I’m currently at the “start with new idea” step, again. 🙂

pentest-weidmanAt next I will work through the book “Penetration Testing – A Hands-On Introduction to Hacking” by Georgia Weidman. Publisher is No Starch Press. My copy is from 2014 but I think this is the first and latest edition of this book until today. I saw many positive recommendations and a lot of love for this book on and also, so I decided to get a copy of it.

At the moment I’m still in the beginning, chapter 1. This chapter is all about getting your penetration test lab started. You learn to set up Kali Linux with some additional tools like Nessus (a vulnerability scanner, which has a free version). And you set up a Linux box and a windows box, which work as vulnerable victims for your attacks.

The next chapters will walk through the penetration testing cycle with information gathering, finding vulnerabilities, exploitation and post exploitation. There are much more detailed chapters, but that seems to be the recurring theme through the book.

My goal is to get my hands dirty and to reach some hands-on pentesting skills, even if it’s on a low level. Currently I’m considering if I should approach to the OSCP (Offensive Security Certified Professional) certification in Pentesting because of the workshop content, the exam and the certification in the end. But this will be a challenging task and at first I want to finish the Pentesting book.
In my next posts I will report how it works out and which problems or success stories I experienced during my approach.

Starting with building a penetration testing lab

Currently, I’m looking for informations about how to build an own penetration testing lab. Regarding to my research, I will need to set up a single box with a lot of RAM and then use VMware or VirtualBox to simulate some computers to test with. But setting up a completely dedicated machine for this purpose is currently not in my budget. So I looked what is still available at home. I have an old case in the basement, but the hardware inside is definitely outdated. For example the mainboard cannot work with more than 4 GB RAM. So this is not suitable for the virtual machine purpose.

But I have a relatively modern desktop PC in my flat, which has already 8 GB RAM. It’s not perfect, but I hope it will do the trick to get one or two VMs running on that system. My Kali Linux is a VirtualBox on my notebook, which is running fine there. So, I have my Kali Linux always ready to go and I can start some other boxes on my desktop machine if needed. This should be okay for my first steps. 🙂