DEV Community

Cover image for How to Learn Penetration Testing: A Beginners Tutorial

How to Learn Penetration Testing: A Beginners Tutorial

Kat Maddox on March 15, 2019

Disclaimer: Hacking is a difficult skill to learn. You will not become a good pentester by just doing a few online courses. You will not become a g...
Collapse
 
alex_tokyo profile image
Alexander

Great article! Many useful tools listed.
That Civ5/real country analogy made me chuckle, so true.
Too often on HackTheBox labs you find something conveniently hidden in plain sight that contains plaintext password, or weak password hash from the top of rockyou.txt wordlist in Kali.
Haven't had this much luck with real world environments so far.

Collapse
 
ctrlshifti profile image
Kat Maddox

Thanks Alexander! :)
Yeah I was a little iffy on whether to add HTB at all but I figured it was probably good for beginners, to at least build up confidence.
I was definitely in for a shock when I went from ctfs to the real world!

Collapse
 
garrett profile image
Garrett / G66

I just turned 31 and have been doing internet marketing (mostly SEO) for the last 10+ years. I’m ready for a career change.

I’m fascinated by this kind of stuff but it feels like I’m too late and too old to start now. Any advice?

Collapse
 
ctrlshifti profile image
Kat Maddox

No way you are NOT too old!! Hacking might seem like an intimidating field to enter, especially because so many of the "pros" have been doing it since they were kids. But there's just as many amazing pentesters who entered the field later in their career.

Plus, security is such a diverse area, with so many people from different backgrounds. Having experience in internet marketing could give you a totally different, very valuable perspective that others don't have.

Collapse
 
garrett profile image
Garrett / G66

I have found my SEO experience has made me particularly good at OSINT.

Thread Thread
 
ctrlshifti profile image
Kat Maddox

Hell yeah!! That's awesome!

Collapse
 
adamcduncan profile image
Adam Duncan

I’m interested in ethical hacking and this was a really great intro piece. Thanks for taking the time to do it!

Collapse
 
ctrlshifti profile image
Kat Maddox

Awesome! Good luck :)

Collapse
 
almostconverge profile image
Peter Ellis

What I would add is that all of this exercise and tool knowledge is also very useful for every single web developer who builds customer-facing applications.

Collapse
 
ctrlshifti profile image
Kat Maddox

Absolutely! I think security is a pretty neglected side of development. Then again, if web devs followed security practices, I probably wouldn't have a job.

Collapse
 
artis3n profile image
Ari Kalfus

OWASP Juice Shop is a great intermediate between "ok I've done Webgoat and some OverTheWire servers" and "let me at the ctfs." It's ctf-style but it's hints give more guardrails. And you get infinite time to play on it. I'm sure you're aware of juice shop but I was surprised it wasn't mentioned here.

Collapse
 
ctrlshifti profile image
Kat Maddox

Good call. Added Juice Shop!

Collapse
 
syamillim profile image
Syamil Lim

Great post! Cyber Security is a major topics in my country because our citizen use more online payment system. Would like to learn more cyber security stuff but im alreadny 46 Y.o and i think too old for this.

Collapse
 
almokhtar profile image
almokhtar bekkour

Thanks, that was useful!

Collapse
 
ctrlshifti profile image
Kat Maddox

So glad to hear that! :)

Collapse
 
abdurrahmaanj profile image
Abdur-Rahmaan Janhangeer
#AMostUseful