Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Penetration tester skill set,

from [Michal Merta] Network Security [Permanent Link]
Subject: Re: Penetration tester skill set,
Date: Tue, 25 Jul 2006 21:12:22 +0200 
Agree with you, Scott.
good knowledge of protocols and operating systems behaviour is almost
mandatory and pen tester should start with this.
I red interesting idea couple days ago.
Good penetration tester should be trained for dealing with other
people, because of Social engineering.
The results from social engineering are very often incredible!
Regards, Michal


On 7/25/06, scott <redhowlingwolves@bellsouth.net> wrote: 
IRM wrote:
> All,
>
> I am new to the list and also to the security. I hope this is the right
> forum to ask a question since it is called "security-basic" forum. I
> came across to the archive on this forum and found an interesting post
> called "Death of the security community"
> (http://www.securityfocus.com/archive/105/428207/30/1590/threaded)
>
> Straight to the point, I would like to know; what is the 'typical' skill
> set that a penetration tester should have. The reason why I asked this
> question is because part of penetration testing is a vulnerability
> assessment. On most of the penetration testing report it's required you
> to insert the "proof of concept" section on how to get in to the
> specific condition maybe in this case an administrator/root privilege.
>
> Running tools like Rainbow Crack or Nessus does not required a lot of
> skill. In fact it is something that everyone can do! This is definitely
> does not bring any values to the customer. At the same time, I need to
> be a realistic too that finding a bug and writing the exploit as a proof
> of concept are required a lot of effort. For some reason I can see a
> dilemma in here.
>
> So back to my question; what is the typical skill set that a penetration
> tester should have?
>
> Can anyone in here give me some light about this?
>
> J
>
>
>
>
>
>
> ---------------------------------------------------------------------------
> This list is sponsored by: Norwich University
>
> EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
> The NSA has designated Norwich University a center of Academic Excellence
> in Information Security. Our program offers unparalleled Infosec management
> education and the case study affords you unmatched consulting experience.
> Using interactive e-Learning technology, you can earn this esteemed degree,
> without disrupting your career or home life.
>
> http://www.msia.norwich.edu/secfocus
> ---------------------------------------------------------------------------
>
>
>
One thing that i forgot:know the protocols for different layers in the
whole ip stack.Or at least have a grasp for the way the different layers
interact.
Enough from me.I'm sure there are people better able to explain this
than me.
Just IMHO,my 2 or 3 cents worth.


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------




--
Michal Merta
Network Security Engineer
http://www.misuta.cz

The information contained in this electronic message and any
attachments to this message are intended for the exclusive use of the
addressee(s) and may contain proprietary, confidential or privileged
information. If you are not the intended recipient, you should not
disseminate, distribute or copy this e-mail. Please notify the sender
immediately and destroy all copies of this message and any
attachments.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Detecting multiple hosts behind a single managed switch port, Matt Kaar
Next by Date:  Re: National Security : e-Passport, shyaam
Previous by Thread:  Re: Penetration tester skill set,, scott
Next by Thread:  Re: Penetration tester skill set,, Alice Bryson <abryson@bytefocus.com>
Indexes:  [Date] [Thread] [Top] [All Lists]