Submitted by Heisenberg on Sept. 10, 2018, 4:01 p.m.

Tut***How to be a professional Pen Test Lesson 2

How to Become a Hacker?

1. Learn Defensive Security

Probably one of the most asked questions on HF is how to become a hacker. Well to start off if you mastered those core topics you are well on your way. Now we can apply security to each of those core topics. I find it best to learn Blue Team (Defensive Security) before jumping into Red Team (Offensive Security). Because while studying defensive security first you will also learn about offensive security. And any pentester should know what kind of defenses may be in place to prevent a reverse shell, code execution, logging, standard AV behavior and more. Also going down this route can lead to a security analyst position which is a great lead into penetration testing. Of course you can skip this step if you want, learn the advance subjects listed later, and you probably can still get into penetration testing. This is only my recommendation.

How to Prepare:

* Study: Security+ and CISSP (don't have to get cert but at least study).
* Understand common defense techniques such as how Anti-Virus works, how Web Application Firewalls work, how Firewalls/IDS/IPS work and where they are installed in networks.
* Create your own lab setup, play with setting up Splunk and other free security tools.
* Study compliance such as HIPPA, PCI DSS, and FedRAMP. Study standards such as ISO 9000 and NIST.

At this point you should be able to design, at least on paper, a fully secured network and understand each type of security device you put in place for the layered security. You also should be able to write a Security Policy and understand different security controls based on the compliance or security standard any company may want to utilize.

If you are not a Security Analyst or on an I.T Security team at this point, start applying. You now have the knowledge to get at least a level 1 security position.

2. Can I Start Coding Yet?

Yes, now it is time to learn how to write programs. One thing to keep in mind is that you don't need to be a programmer to be a penetration tester. In fact, unless you already are a programmer, studying to become one would be a waist of time. What you should know though is the basics of computer science and how to write at least basic scripts/programs for security testing. We want to know how to test applications, find insecure code and exploit it, but we don't need to be dev ops to do that. Of course the more you know about programming the better you will be at testing it, but that is only one of many areas a pentester needs to know. If programming is your thing then you should start that much earlier in the training, add it to your core knowledge set, go to school for it, and make that your job. You can later move to penetration testing if you want but there are better jobs in my opinion, such as Malware Analyst (reverse engineer) or Security Researcher (finding and creating zero days exploits). Both of which rely heavily on being an expert at programming and are also awesome jobs.

For penetration testers though we want to keep it simple. Python is a great language to learn and master. You can learn about computer science with Python, write custom security tools etc. Python runs natively on Linux and Mac and soon Microsoft will be adding it natively on Windows. I recommend learning Python 2.x first but also know how to write in Python 3.x. There are a ton a great free resources for learning Python but the one I found most useful for starting out is "Learning Python the Hard Way". After that you can move to books like "Black Hat Python" and "Violent Python".

While I recommend sticking with one language until you truly mastered it, there are other languages that will be valuable to learn, at least to the point where you can read source code and understand it.

* C and ASM for exploit development.
* PHP for server side.
* HTML for web development.
* JavaScript for client Side.

By no means is this a complete list of languages to be familiar with but it is a great start. Once you understand programming basics it really comes down to learning different syntaxes. Of course there are many differences between Python and C (not to mention ASM) but you should be able to jump into C and be able to apply some previous knowledge to it. Once you know the basics, one of the best ways to learn coding is to review source code found on github and other places.

3. Learn Offensive Security

At this point you should be level 2 or 3 in whatever security job you chose. You know all the security lingo, you can program, you can develop security policies and perform risk analysts etc. You are comfortable and an above average user on any operating system. You should also have at least two to four certifications. So lets get into the nitty gritty of popping shells. Once you start really digging into security testing you will understand why you had to learn so much other information first. Imagine attempting a reverse shell from a friends computer to your local host, and nothing happens. You don't understand, the software worked in your personal lab so whats wrong? Well that is where networking knowledge comes in. Maybe the program does not have the correct permissions, maybe an AV is blocking it, there are many possibilities and if you lacked the above knowledge you would be stuck, probably writing a post on HF asking for help. But because you followed this tutorial and you studied hard for the last few years, you can easily troubleshoot the problem. Now it is time to learn about the art of hacking.

How to Prepare (in no particular order):

** Highly recommend reading "Web Application Hackers Handbook". Know it inside and out.
* Pick up a book on the basics of hacking. The material will be very out dated but it will provide you solid knoweldge.
* Use YouTube and other sources to learn about: getting shells such as php shells, reverse shells, bind shells, etc.
* Learn about enumerating a host, port scanning, manual and automated methods of searching for security vulnerabilities.
* Learn how to exploit well known vulnerabilities, such as MS08-067 and MS17-010.
* Learn basics of privilege escalation methods, both manual and automated.
* Learn how to enumerate hosts in a network, capturing packets in wireshark, doing broadcast scans with nmap, using netbios and smb to enumerate hosts etc.
* Learn how to research for vulnerabilities.
* Be able to modify scripts to fit your needs. And be able to troubleshoot older exploits to work with more modern libraries.

Truly there is a lot that I didn't cover. This section is more about organic learning then a strict regiment. You will bounce from topic to topic. As you learn more about one subject you will find something you don't understand and you will study that as well. For a more controlled learning environment I would suggest some online courses. They are expensive but they will provide a more comprehensive and structured form of learning. The PWK is good for those who are already advanced with the core hacking subjects. While elearnsecurity is very good for those who need a bit more hand holding to learn the same (and more) skills that the PWK teaches. Your goal now is to get the OSCP but you can get something like PPTP first to help prepare you for PWK.

4. Practice Practice Practice.

Now its time to put all that information to practicle application. Time to practice your skill set. There are a couple of methods to practice legally.

1. Build your own lab.
2. Use an online lab.

In this day and age there is no reason not to use online labs except if you want to be familiar with how to set up a virtual lab. There are many free labs online including "" and "" as well as others. Then there are paid for labs which are very beneficial such as "". You can also look into to find pre-made insecure vm images to practice on. The point is, you should be actively practicing security testing in lab environments, this is the best way to learn.

Steps 3 and 4 will take you at least one year, especially if you are actively working full time. Once you have a couple of advance certs like the OSCP, it is time to move on.


  • dirtyholes Sept. 11, 2018

    I had read YOUR first tut.. you know what you're talking about. Looking forward to seeing the rest of this tut