In my previous post I’ve already mentioned that I will keep up learning new stuff. The title of my blog is securitypath and so security topics will be mostly present here. In the future I would like to get my foot in the door in the security industry. The most interesting part is the whole blue team / red team approach, where the blue team is defending and hardening the systems and infrastructures and the red team is trying to get around these things and get control of the target boxes.
Some days before I saw on Twitter a nice piece of code as infinite recursion. Starting with a new idea, losing motivation, abandon project and then having the next idea again. So according to this I’m currently at the “start with new idea” step, again. 🙂
At next I will work through the book “Penetration Testing – A Hands-On Introduction to Hacking” by Georgia Weidman. Publisher is No Starch Press. My copy is from 2014 but I think this is the first and latest edition of this book until today. I saw many positive recommendations and a lot of love for this book on Amazon.de and also Amazon.com, so I decided to get a copy of it.
At the moment I’m still in the beginning, chapter 1. This chapter is all about getting your penetration test lab started. You learn to set up Kali Linux with some additional tools like Nessus (a vulnerability scanner, which has a free version). And you set up a Linux box and a windows box, which work as vulnerable victims for your attacks.
The next chapters will walk through the penetration testing cycle with information gathering, finding vulnerabilities, exploitation and post exploitation. There are much more detailed chapters, but that seems to be the recurring theme through the book.
My goal is to get my hands dirty and to reach some hands-on pentesting skills, even if it’s on a low level. Currently I’m considering if I should approach to the OSCP (Offensive Security Certified Professional) certification in Pentesting because of the workshop content, the exam and the certification in the end. But this will be a challenging task and at first I want to finish the Pentesting book.
In my next posts I will report how it works out and which problems or success stories I experienced during my approach.