Summary - How to become a professional penetration tester?

From: David Fuller (burchoff2000at_private)
Date: Tue Jun 12 2001 - 08:34:39 PDT

  • Next message: John Doe: "RE:Ethical Hacking Courses"

    For the past two to three weeks I have received about 15 emails asking me to
    post or send a summary or what I received off list unfortunately every time
    I try to post the replies I received it gets rejected by the list moderator.
    So I have chosen to give a break down of what I received.
    
    I received emails from three companies informing me of the availability of
    Internships and summer jobs at there company. There names are Fishnet
    Security (www.fishnetsecurity.com), Spidynamics (www.spidynamics.com) and
    Ncider (www.ncider.com). Where my question about courses that I could take
    in university are concerned Brian Joseph gave a very nice reply which you
    will see below:
    
    Brian Joseph's Email
    
    >David,
    
    >You should look at courses that focus on networking and system OS's.  It
    seems
    >that schools are very affraid to teach their students how to become good
    >hackers, but if you are smart and put it all together, you will realize
    that
    >they are giving you the tools to do so.
    
    >I recently graduated from the Rochester Institute of Technology.  During my
    >last quarter there, I developed a class called "System Security," which
    >focused on Windows and Unix OS security.  I wrote the labs for this course,
    >and compiled a list of texts.  I recommend the book "Steal This Computer
    Book
    >2" by Wallace Wang, and all the O'Rielly books you can afford (actually,
    you
    >should be able to get them for free off the web).  In my research I
    realized
    >that the information you are asking about is out there.  You may want to
    start
    >by learning how to keep people out... firewalls, routing ACL's, intrusion
    >detection systems, etc.
    
    >RIT also offers a distance learning class called "Computer Crime"... you
    can
    >take this class anywhere in the world, as long as you have internet access.
    >It is a good class because you will learn the laws.  There are very few
    >institutions that offer Information Technology as a degree, and I recommend
    >RIT not only because I went there, but because they were one of the first
    >schools to offer IT.
    
    >If you are new to hacking, try starting by researching a ton of resources.
    >Don't just jump into it without understanding the laws and ethics.  People
    who
    >do this are called "script kiddies," and they get no respect from the
    >community.
    
    >Learn programming (especially C) and shell scripting.  Take a look at some
    >hacking scripts that are available, and rip them apart.  See how they work,
    >and then realize that they are nothing more than manipulating what you
    >probably already know.  These codes are usually brute force attackers (such
    as
    >"CrackWhore", "BackOrifice", etc.).
    
    >Another idea would be to set up a honey pot and allow people to break into
    >your stuff.  You will be able to see how they do it.
    
    >As for an internship, it is hard to find one in what you described.  I
    guess
    >look on Monster.com and places like that.  You may want to try to start by
    >getting on a firewall team or network security team for a large company
    like
    >Sun, EDS, M$, Cisco, IBM, or the like... a company that has a lot of money
    and
    >can train you.  My advice is don't limit yourself.
    
    >Hope this helps.
    
    >-Brian
    
    
    Also, on the  subject of university courses professor Larry Leibrock at The
    University of Texas at Austin (http://praetor.bus.utexas.edu) teaches a
    short course on penetration testing, Outside of university course I was told
    that I could look into the courses offered at www.sans.org. That was all the
    information I received from my post to the list hopefully the moderator will
    let this message be posted so that I don't have to find another way to get
    it out to those people who are very interested in the information I
    received.
    
    David.
    
    
    _________________________________________________________
    Do You Yahoo!?
    Get your free @yahoo.com address at http://mail.yahoo.com
    



    This archive was generated by hypermail 2b30 : Tue Jun 12 2001 - 20:38:44 PDT