Path to Pentester (Anon's Quest v2)

1. Path To Pentester – Anon’s Quest
2. TLDR; Learn linux, learn some python (don’t need to be able to write your own programs, just
3. to recognize code and maybe fix a couple broken lines). Get kali linux. Download vulnerable
4. vms from vulnhub and attack them. When you get stuck, check walkthroughs. Join
5. hackthebox.eu. Get a premium account. Hack every box you can, starting with low to medium
6. rated difficulty. Do OSCP! OSCP took me 3-4 months while working 50 hours a week at a
7. separate job. If you are a NEET, it will be easier. You can dedicate more time and focus on it
8. more than I could. If you start to struggle with this, I put in some options for getting into lower
9. level certs and jobs while you continue your quest. Find me on /biz or protonmail. I will help
10. you in your quest. I’m an oldfag, you anons mean a lot to me. I want you to succeed.
11. FULL GUIDE;
12. Learn Linux:
13. I say this, because although I do know a few guys who hack from Windows, most do not. And
14. even if you use Windows/macOS, you still will be hacking into Linux servers! Linux is an
15. absolute must. If you have linux experience, then learn bash scripting and python. If you have
16. never used linux, then my recommendation (and what I did personally,) is to get a cheap or old
17. laptop/PC , wipe it completely, and install a linux OS. Use this PC for all your basic computer
18. needs. Force yourself to learn linux, and more importantly, force yourself to work from the
19. command line as often as possible. Don’t know how to move a file or can’t remember where
20. applications are installed? Don’t know how to install an application or open a weird file type?
21. Google how to do it from the command line! You must learn linux.
22. Learn Python:
23. Python is the most important programming language you could learn for hacking. Over 50% of
24. all exploits are written in python, and nearly all great hacking tools are written in python.
25. Metasploit (originally written in Ruby) is now supporting the importing of python modules, and
26. I expect, in the future, all modules will be in python. Python is also great for scripting and
27. writing your own tools. In order to learn python, I suggest two different (but similar) sources:
28. https://learnpythonthehardway.org/
29. https://www.udemy.com/learn-python-and-ethical-hacking-from-scratch/
30. Zaid Sabih is a fantastic instructor on udemy, and his python and ethical hacking course is one
31. of the best Offensive Security courses I have ever taken. I believe it is still on sale for $11.99 on
32. udemy. I highly recommend that course. He also gives a few tips on working in linux.
33. If you prefer the college course style of learning, then “learn python the hard way” is a textbook
34. / recorded lectures style and it is a very good course from completely learning python from
35. scratch as well. It is $30.
36. Get Certifications:Ok this is going to be some non-standard advice here... Most the IT industry focuses heavily on
37. certs. If you look on Linkedin, you will see most people in IT Security just piling up certs on top
38. of certs (A+ , Net+ , Security+, CASP, CISSP, etc...) Here is my breakdown for pentesters:
39. IF you want to pentest for a living, then you need OSCP!
40. OSCP is the only certification that mattered for me to get my current penetration tester job. I
41. have other certifications, but they could not care less. The ONLY certification that currently
42. exists, that is considered proof that I can hack, is the OSCP (Offensive Security Certified
43. Professional). This certification is from Offensive Security (https://www.offensive-
44. security.com/) and it is the gold standard. There’s only an estimated 5500 people worldwide
45. who have this certification on Linkedin, so it is an instant job if you manage to get it. This is the
46. end game. Get the OSCP and you will be a pentester. Everything else you do, and everything
47. else I list here, should be done in an effort to get your OSCP cert, because once you have it, you
48. are ready to hack.
49. Now this next section is for brainlets. If you don’t know a damn thing, and you think this
50. quest is going to take you a year or more, then you should get 1 or all of the certs below,
51. which can help you get to the 80k+ mark while you continue questing for OSCP. Not everyone
52. has to do this, it is a completely optional, and Longer timeframe path. I leave it here as info
53. for those not ready, or struggling to go straight into OSCP. If you want to go right into OSCP,
54. then skip past the certs to the “READ READ READ” title below and keep going.
55. The other certifications I suggest are:
56. CompTIA Security+ - very good cert, I consider it the most broad, and most broadly applicable
57. across the industry.
58. CompTIA CASP - if you get Security+, you may as well do this ‘advanced’ version, which I
59. thought was easy after doing Sec+ , and if you ever work the Defensive side of security, this cert
60. will get you a very good job.
61. CeH (Certified Ethical Hacker) – I have mixed feelings about this cert. Lot’s of people get it, and
62. lots of people have it, who have no idea what hacking really is or how to do it. They also
63. couldn’t copy a file from one folder to another on a linux machine... However, it does have
64. value, in that it forces you to learn all the hacking terms, tools, and methods, in preparation for
65. the test. It is an overly expensive certification, and I do not think many employers outside of
66. government really place much value in it. What I suggest is buying a CeH book, or some other
67. study materials for the exam, such as a course on Udemy or something similar, and doing the
68. coursework, but maybe don’t bother with the test, unless you have an extra $1100 laying
69. around. It’s not worth it, and you can spend the same amount of money getting OSCP, which is
70. what you really need.
71. READ, READ, READ:
72. If you don’t like to read, or are not willing to do research on a regular basis, then this job is not
73. for you. Here’s a list of books you should buy ASAP:
74. Hacker Methodology Handbook:https://www.amazon.com/Hacker-Methodology-Handbook-Thomas-
75. Bobeck/dp/1731258380/ref=asc_df_1731258380/?tag=hyprod-
76. 20&linkCode=df0&hvadid=312696355873&hvpos=1o1&hvnetw=g&hvrand=154308625476522
77. 58970&hvpone=&hvptwo=&hvqmt=&hvdev=c&hvdvcmdl=&hvlocint=&hvlocphy=9008165&hvt
78. argid=pla-775869692112&psc=1
79. The Hacker’s Playbook 2 (Not version 3! Do version 2 first, it focuses on Metasploit, where
80. version 3 uses empire, and version 3 assumes you have done version 2. Version 1 is too old.)
81. https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-
82. ebook/dp/B01072WJZE/ref=sr_1_fkmr0_3?ie=UTF8&qid=1550673510&sr=8-3-
83. fkmr0&keywords=ethical+hacking+playbook+v2
84. Hash Crack v2 (This is the only book you need for password cracking):
85. https://www.amazon.com/Hash-Crack-Password-Cracking-
86. Manual/dp/1975924584/ref=sr_1_1?ie=UTF8&qid=1550673630&sr=8-
87. 1&keywords=hash+crack+v2
88. RTFM (Red Team Field Manual):
89. https://www.amazon.com/Rtfm-Red-Team-Field-
90. Manual/dp/1494295504/ref=sr_1_1?ie=UTF8&qid=1550673684&sr=8-
91. 1&keywords=red+team+field+manual
92. There are many other great books on the topic. Try some out!
93. LEARN BY DOING:
94. The best way to learn to hack (or penetration test) is by trying to do it. Now, this doesn’t mean
95. try to hack your school network and erase your tardies... Don’t do that. Thankfully today, there
96. are tons of places where you can legally practice and learn, to hack. Below are my favorite
97. environments for doing so:
98. HackTheBox.eu – This site is great (though a bit advanced.) You will need to hack your way in to
99. register (if you get stuck, I’m sure there are guides online.) After that, you can download a vpn
100. package and have access to over 20 servers built by the community for the purpose of hacking
101. challenges and learning. The forums are great for getting hints and tips, and the people there
102. are generally very helpful by direct message.
103. Vulnhub.com – Like Hackthebox, but offline. People build Virtual Machines for hacking into and
104. learning, and post them here for everyone to have for free. Download a few, spin them up in
105. virtualization software, and try them out. The great thing about vulnhub, is that people post
106. walkthroughs and how-to for these machines. A quick google search for “vulnhub Raven
107. walkthrough” will produce great walkthroughs for that machine name. Great tool.
108. OSCP Lab – The OSCP certification I mentioned before is setup like the hackthebox.eu lab. If you
109. do everything else, then when you are ready and you tackle the OSCP for the first time, you willspend months hacking over 40 servers in their state of the art private network. Doing Vulnhub
110. and hackthebox.eu will prepare you for this final test.
111. Virtual Machines – Spin up your own! You can install Virtualbox from Oracle for free!
112. (https://www.virtualbox.org/wiki/Downloads)
113. You can also get free Windows 7, 10, 2012 R2, 2016 Server virtual machines for free from
114. Microsoft:
115. https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
116. Build some Virtual Machines and start testing against them! See what you can break!
117. Of course, you will also need your attacker (hacking) machine... There are two main hacking
118. Operating Systems, which you can also get for free, but I prefer Kali Linux:
119. https://www.kali.org/downloads/
120. You can also try out Parrot, though it is not my preference, it may be a better one to start with,
121. since it has a bit more flair in the GUI:
122. https://www.parrotsec.org/download.php
123. Try them out and pick the one you like!
124. So I feel like that’s a great start for the technical side of things... In terms of getting into the
125. industry, there are a couple good steps to take as well. As I said, getting OSCP will solidify your
126. path for a pentesting career.
127. However for brainlets or those who struggle right away, there are other steps you can take to
128. start earning good money, and to get your foot in the door, in the industry, right away.
129. (This is another section for those who the quest will take longer. If you are going straight to
130. OSCP, you can skip the other certs!)
131. Once you get the CompTIA Security+ certification, you can get a job on the defensive side of the
132. house. If you want to start working in the industry, this is the fastest way to get there. Armed
133. with Sec+ , I would start looking for junior analyst positions in your area. In my experience,
134. these jobs are mostly centered around schools (maybe check with your college!) or large cities.
135. If you get CASP, you can get a very well paid Defensive job, while you work on OSCP and
136. transition to offense. With CASP, I would look for mid-level cyber security analyst jobs (check
137. Linkedin!) If you choose to go this route, and acquire certs while earning, then hit me back up
138. once you have CASP and I can get you a job. I know way too many people looking for analysts.
139. Anyway, you can make 80k-100k. Again, this is OPTIONAL! If you struggle at first, then do this.
140. If you have the aptitude to do OSCP right away, I ADVISE THAT INSTEAD.
141. Write your resume in a way that leverages your Programming knowledge if you have it. If you
142. write any scripts or tools with taking the courses I mentioned, or during OSCP, put them all onyour own public Github, and list that on your resume. Employers think having a repo and
143. sharing with the community is great in new hires.
144. Go to conferences, if you have the money and time. Defcon, Derbycon, THOTCon, Grrcon, etc...
145. There’s a ton of conferences out there. If you have the money to get out to a few Cyber
146. Conferences, do it. They are fun and you will learn a lot in a short time span. You will also meet
147. people in the industry, who are always looking for new talent. If you are currently working in IT,
148. you can probably get your employer to pay for you to go to conferences.
149. Participate in CTF (Capture the Flag) challenges. These can be in person or online.
150. Well that should get you started. And honestly, I guarantee, if you do all these things, you will
151. be a penetration tester starting out at no less than 120k. My FIRST penetration testing job was
152. remote for $150k.
153. ANYONE WHO RECEIVED THIS DOCUMENT AND GETS OSCP, I WILL PERSONALLY HELP YOU
154. LAND YOUR FIRST PENETRATION TESTING JOB. YOU KNOW WHERE TO FIND ME ANONS.
155. Now, since this path is not easy, and can actually be very difficult, and at times tiresome, here
156. are some more fun resources to keep you going when things get tough:
157. Mr. Robot – Great TV show. Check it out.
158. Ghost in the Wires – Book by Kevin Mitnick. Great hacking book, true story.
159. War Games – 1980s movie about hacking. Cheesy, still cool. The old hacking tech is awesome.
160. Hacker Wars – Documentary about Anonymous
161. https://www.youtube.com/watch?v=ku9edEKvGuY