What would a pen testing/cyber sec programming job be like? I'm 13 and may want to be involved in this in the future. However, I feel that a penetration tester will soon run out of vulns to test (until someone finds a new one). What would you say about a pen testing/cyber sec programming career?
Forum Thread: What Would a Cybersecurity Career Be Like?
- Hot
- Active
-
Forum Thread: How to Track Who Is Sms Bombing Me . 4 Replies
1 mo ago -
Forum Thread: Removing Pay-as-You-Go Meter on Loan Phones. 1 Replies
2 mo ago -
Forum Thread: Hydra Syntax Issue Stops After 16 Attempts 3 Replies
2 mo ago -
Forum Thread: moab5.Sh Error While Running Metasploit 17 Replies
3 mo ago -
Forum Thread: Execute Reverse PHP Shell with Metasploit 1 Replies
4 mo ago -
Forum Thread: Install Metasploit Framework in Termux No Root Needed M-Wiz Tool 1 Replies
5 mo ago -
Forum Thread: Hack and Track People's Device Constantly Using TRAPE 35 Replies
5 mo ago -
Forum Thread: When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen. 8 Replies
6 mo ago -
Forum Thread: HACK ANDROID with KALI USING PORT FORWARDING(portmap.io) 12 Replies
6 mo ago -
Forum Thread: Hack Instagram Account Using BruteForce 208 Replies
7 mo ago -
Forum Thread: Metasploit reverse_tcp Handler Problem 47 Replies
9 mo ago -
Forum Thread: How to Train to Be an IT Security Professional (Ethical Hacker) 22 Replies
9 mo ago -
Metasploit Error: Handler Failed to Bind 41 Replies
9 mo ago -
Forum Thread: How to Hack Android Phone Using Same Wifi 21 Replies
9 mo ago -
How to: HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide] 177 Replies
9 mo ago -
How to: Crack Instagram Passwords Using Instainsane 36 Replies
9 mo ago -
Forum Thread: How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More 5 Replies
10 mo ago -
Forum Thread: How Many Hackers Have Played Watch_Dogs Game Before? 13 Replies
10 mo ago -
Forum Thread: How to Hack an Android Device with Only a Ip Adress 55 Replies
11 mo ago -
How to: Sign the APK File with Embedded Payload (The Ultimate Guide) 10 Replies
11 mo ago
-
How To: Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
-
How To: Find Vulnerable Webcams Across the Globe Using Shodan
-
Steganography: How to Hide Secret Data Inside an Image or Audio File in Seconds
-
Hack Like a Pro: Metasploit for the Aspiring Hacker, Part 5 (Msfvenom)
-
How To: Make Your Own Bad USB
-
How To: Find Identifying Information from a Phone Number Using OSINT Tools
-
How to Hack Wi-Fi: Cracking WPA2-PSK Passwords Using Aircrack-Ng
-
How To: Scan for Vulnerabilities on Any Website Using Nikto
-
How To: Spy on Traffic from a Smartphone with Wireshark
-
Hack Like a Pro: How to Find Directories in Websites Using DirBuster
-
How to Hack Wi-Fi: Cracking WEP Passwords with Aircrack-Ng
-
How To: Intercept Images from a Security Camera Using Wireshark
-
How To: Dox Anyone
-
How To: Crack SSH Private Key Passwords with John the Ripper
-
How To: Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
-
How To: Hack 5 GHz Wi-Fi Networks with an Alfa Wi-Fi Adapter
-
How To: Phish for Social Media & Other Account Passwords with BlackEye
-
How to Hack Wi-Fi: Getting Started with Terms & Technologies
-
How To: Catch USB Rubber Duckies on Your Computer with USBRip
-
How To: Perform Advanced Man-in-the-Middle Attacks with Xerosploit
16 Responses
There are piles of cyber security career options. Running out of vulns isn't going to happen. If you look at the way software development is done, or even at the way operating systems are built, you'll notice security is an after thought. Even in established products there's piles of vulns lurking beneath the surface. Tcpdump, a long standing Linux network tool just had something like 8 cves published recently. That's not even scratching the surface.
A career in pentesting is basically learning to run nessus/various OS's, spending a lot of time reading, and a lot of time just hunting low hanging fruit. The big cool hacker stuff that makes news is usually done by researchers. Such as Tavis on project zero, then those vulns and issues filter into the list of exploits available to pen testers. Pen testers can of course write their own exploit code, but it's a different skillset to take a program apart and fuzz/debug it.
Programming is almost always good, Java, and C++ will get you pretty far. Pen testers often code in Python because it's a fairly easy language and very portable, there are also a lot of libs available.
If you have interest, now is the time to start. There's a lot of knowledge you will need to gather up on how everything works, lots to understand before you can get to breaking it.
Hope I answered your question. Good luck out there!
Thanks! Just the answer I needed! Right now I am learning Python and JavaScript, and I currently know a bit of HTML. I've took some courses on ethical hacking, and now I'm trying to learn Python's socket module so I can make some network/port scanners...
Do you have any recommendations on where I could "gather up on how everything works" (besides Null Byte)?
You mentioned finding 0days, is this common as a pentester? I know security researchers like Samy Kamkar do it, and I saw a DefCon talk where they fuzzed an HP NNM server, but do they do this a lot?
I'm guessing that they do it occasionally, or at least whenever new software comes out.
Yo tacocat good to see you still posting!
Thanks, good to see you're still here! I've been on the /r/hacking and /r/HowToHack subreddits a lot lately, but it's nice to see there's still a lot of activity on this place!
Usually finding zero days is done by researchers or bounty hunters. You might run across one working on something, but pen tests are limited in time. You aren't going to sit and try to disassemble services and find 0 days since you've been contracted to attack a web site, or network. The time spent hunting for a cool 0 day would be wasted time when your target is running unpatched win xp. Researchers are usually contracted to work on an application within a scope and locate issues.
For example Tavis with Project Zero is paid by Google to find attack vectors in anti-virus. As a pen tester this is great for me, because when something is discovered the PoC makes its way down the pipe and I can use it in a pen test. But trying to find a zero day in a pen test could be extremely time consuming, it's also not what you were hired to do. If you find a zero day in a common service you've hit some really sloppy coding.
As far as gathering up how everything works, start studying for your Network+ that'll give you some fundamentals in networking. You're going to need to be skilled in Linux, so get a Linux running. I recommend books from https://www.nostarch.com/. Stack exchange is really good. Join IRC channels that deal with networking and Linux, and coding. Read RFC's. Practice managing your time efficiently. Get a news reader, and set up a twitter. Follow people like thegrugq, swiftonsecurity, tavis, Krebs etc. Search out places with knowledgeable people and read read read. Try to get in with a decent group of professionals.
In the beginning when you're getting information from other people in places like IRC or on Twitter it maybe difficult to sort out things that are factual and things that are fiction. Security is a big talking point right now, and there's a lot of snake oil.
I'm running Kali Linux right now as I view this...
Which Stack Exchange sites do you use? I use Overflow, Tor, Unix, and Ubuntu mainly.
Do you watch a lot of DefCon talks? Most of them are pretty interesting.
Not too many. I watch some of them, but they seem pretty long usually.
Yeah they're usually about an hour, but I find most of them pretty interesting. They kinda teach you a little about a niche field, in case you may need it in the future.
Okay. I've started to watch some, but n0w I'll try finishing some of them.
Sorry, that last thing I said came off as kinda condescending. I just meant that I find them interesting, and I watch them in case the knowledge will be useful.
I know, thanks.
Share Your Thoughts