47
R-C-D
6y

Now that I have time to approach my ultimate dream ( being the pro penrester ) , asked a hacker for a road map and he gave me (U'll rarely see such open hackers that share knowledge :) )
Surprisingly I've been familiar with all the topics but being the most pro , requires u to be pro in every single topic .

Guess what ? I'm starting from basic linux commands all over again πŸ˜‚
echo 'hello world :/'

Comments
  • 13
    "Satellite Attacking"
    lmao
  • 1
    @PrivateGER last step :)
  • 3
    Actionscript 🀯 it's alive! AAAALIIIVE!!!
  • 6
    Also, you might want to move SQL to the top of your list. That's very important.
  • 1
    18/37. [Android] - {GrapheneOS} & ΜΆiΜΆOΜΆSΜΆ(useless your are absolute mad lad, my friend) exploit/pentest

    FIXED
  • 3
    I think metasploit basics is way too early and stuff like C/C++ programming should be above (esp. for understanding how payloads etc. work).

    IMO: good pentesters are really good programmers
  • 0
    @PrivateGER U mean sqli or simply sql?
  • 1
    @itsundef what is the matter? Android apps do have tons of vuln
  • 0
    @thoxx you're right moved C above metasploit
  • 1
    @R1100 [ANDROID] - {GrapheneOS}
    -_-
  • 0
    @itsundef i still dont get it πŸ˜‚
  • 1
    @R1100 including ANDROID AND STOCK DERIVATIVES -(minus) singleton GrapheneOS

    😐
  • 1
    I just copied this :)
  • 1
    Oh and, penrester?
  • 0
    @ndr3w221 oh shit !
    Dictation again :)
  • 0
    @Nanos true but it is actualy cheating :)
  • 3
    Speaking as a pro penrester my self I even make little cradles for them out of post-it notes. Not sure what this map has to do with resting pens. πŸ˜‚
  • 4
    99% of security work is "Can I inject database queries along with any HTTP request?", "Can I access REST resources a standard/guest user shouldn't have access to?" and of course "Can I trick a support desk employee to change another user's data?"

    Pretty much all communication between devices happens through APIs these days, and the weakest ones are backend APIs written by sloppy companies (used by mobile apps, web frontends, other backends... doesn't matter). And people, of course, people are super weak.

    There is a smaller area of research when it comes to hardware pentesting, trying to find vulnerabilities in bluetooth chips used by cars, USB/displayport firmware, etc -- but that requires a lot of low level knowledge, starting with mastery of assembly/C and electrical engineering.
  • 2
    Here's my two cents from SMBC 😬
  • 1
    I guess 2 years?
  • 1
    @thoxx if you look at the most famous hackers they don’t really have a technical background (Kevin Mitnick, Adrian Alamo, etc). But then again they are the ones that got caught. C++ would be useful for understanding hardware architecture, but it’s not really required for a professional pen tester. Professional pen testing is less glorious than you think: running vulnerability scans and writing lots and lots and lots of reports.
  • 2
    @toriyuno
    I don't know if you can compare famous hackers with building a successfull/solid pentesting career ;-)

    Maybe it's not absolutely necessary, but it's definitely very helpful. The better pentesters I've met were at least really good programmers (who didn't just rely on tools like sqlmap, zap, burp suite, w3af etc).
  • 2
    Starting with Linux basics is great, especially bash scripting, and understanding overall structure
    Put metasploit in the middle if not the very end
    Learning how things work is 90% of the work in pentesting, info gathering is the most amount of time you'd probably spend on. Once you know what it is and how it works you can manipulate it
    Read these three books :
    web application hacker's handbook,
    hacking the art of exploitation, and
    penetration testing a hands on introduction to hacking(video tutorials on cybrary.it)
    All three of them are of novice to intermediate level, and it'll give you a good base with theory and tools
    If you need any help, feel free to connect with me on Twitter (same username)
    Also don't waste your money on CEH, do OSCP instead
  • 1
    @justasithlord thank u !
    Art of exploitation is AMAZING !
    I'll go for the other two books :)
  • 1
    Dude, that's a LEGACY!!!
Add Comment