Hello all!
It's been some time since I have updated this blog, so I thought I would get everyone up to speed with my current status in my IT journey. Having now obtained 3 certifications (A+,Net+, and Sec+) and amassed 5 years of IT Support experience, I decided that the best move from here certification-wise toward my ultimate goal of breaking into the InfoSec realm would be pursuing the CompTIA Pentest +. While the Sec+ covered the basic foundation of essentially all aspects of infosec, the Pentest+ focuses on, obviously, pentesting specifically (ethical, red-team-type offensive hacking). Everything from planning an engagement in the administrative sense to doing passive and active reconnaissance/research of a target prior to the pentest, laying out the scope, length, etc of what the pentesting will include) to running port/vulnerability scanners like NMAP and Nessus to using many dozens of specific tools of the trade in an offensive hacker's arsenal. A large amount of the apps that are covered are included in a pentesting-specific distro of linux known as Kali. This distro includes many different tools and breaks them all up by category (wireless, packet sniffing/packet capture, social engineering, honeypots, etc).
A plethora of tools are covered in the Pentest+. They include:
Scanners
- Nikto
- OpenVAS
- SQLmap
- Nessus
Credential testing tools
- Hashcat
- Medusa
- Hydra
- Cewl
- John the Ripper
- Cain and Abel
- Mimikatz
- Patator
- Dirbuster
- W3AF
-
Debuggers
- OLLYDBG
- Immunity debugger
- GDB
- WinDBG
- IDA
-
Software assurance
- Findbugs/findsecbugs
- Peach
- AFL
- SonarQube
- YASCA
OSINT
- Whois
- Nslookup
- Foca
- Theharvester
- Shodan
- Maltego
- Recon-NG
- Censys
-
Wireless
- Aircrack-NG
- Kismet
- WiFite
-
Web proxies
- OWASP ZAP
- Burp Suite
-
Social engineering tools
- SET
- BeEF
-
Remote access tools
- SSH
- NCAT
- NETCAT
- Proxychains
-
Networking tools
- Wireshark
- Hping
-
Mobile tools
- Drozer
- APKX
- APK studio
-
Miscellaneous tools - Searchsploit
- Powersploit
- Responder
- Impacket
- Empire
- Metasploit framework
*taken from the Comptia Pentest Objectives list
This, among many other topics make up the Pentest+. It is becoming a competitive market for cybersecurity/infosec certifications and some hold more weight than others, but cost, current experience, and time commitment all factor in when deciding which one is right for you. I chose Pentest+ because I felt it was a great compilation of all the tools and concepts one would need to build an initial foundation in offensive security. It tells you what you need to be aware of and implores you to lab it up with each of the tools. While it may not be the most advanced certification out there or run you through a real-word hacking scenario simulation as part of the exam like some others do (It's all multiple choice and drag and drop-type simulations), it felt like a good grounding in the concepts, a perfect fit for me as someone on a little bit of a budget (competing certs can run twice as much, if not more..that could amount to $1,000-$1,500 for a pass or fail test, whereas the Pentest+ is a modest $370). As of the writing of this post, Pentest+ is now in its second iteration, but I am currently studying objectives based around the first iteration as they mostly all carry over and resources for the 2nd iteration are still being created (ITPROTV is set to unveil their training for Pentest+ PT0-002 in December of this year, 2021, I believe). For a great comparison video on which entry-level infosec/pentesting cert might be right for you, you, check out this video by Daniel Lowrie https://www.youtube.com/watch?v=NjSZJ-IUhXI
But where does one go to "lab it up" exactly or to study for this exam in general?
I have previously relied on Udemy in part for my certifications, but have since moved on. Udemy is great for the price, but as VM lab-interactivity is needed more and more for exam objectives, I have found myself looking for a more interactive course. A quick shoutout should always go to Professor Messer as far as free video courses go. On the free-ish side of things so far as InfoSec resources, many out there recommend www.tryhackme.com and www.hackthebox.com.
My opinion is that tryhackme.com courses range from pretty decent to total garbage and I say that because there are some unforgivable bugs in some of their VM labs (passwords in the instructions that do not work, for instance). I paid temporarily for their premium service (which is required for most of their advanced courses), dropping it immediately upon realizing there was no actual support even for their paying members. If they ever learn how to run a business and support their end users, I might contemplate returning as a subscriber. Overall though, they have an impressive library of tutorials/VMs and different learning paths depending on what aspects of security you want to pursue. Hackthebox is known to be more advanced and when I looked into it, I found it intimidating and confusing for my relative n00b level of infosec knowledge. I moved on from it to find other alternatives and have not looked back. I finally settled on ITPRO.TV . You can pay $30 a month for video courses and practice tests or $50 a month to also have access to their VM labs which come with very detailed step by step instructions with screenshots at every single one of those steps. This is great for anyone starting out that may be new to some of the nuances that other online courses tend to gloss over. Also, consider reaching out to their support email to ask if there are any promotional specials and they just might give you a decent discount your first month. The VMs run simultaneously alongside each other so you can jump back in forth between them with ease. They have the VMs baked into the ITPROTV-partnered "practicelabs" site which is accessible via the Virtual Labs icon on ITPROTV's site interface (as opposed to using Virtual box/Fusion) and they run surprisingly fast considering I am on a machine with just 8gb of ram and a moderate 150mbps download speed internet connection. Their VMs, because they are browser-based/SAAS, work with both MacOS and Windows. In the Practice labs/Virtual Lab interface, you'll find a roster of several different virtual machines running different operating systems. One VM is a Windows server/domain controller, the other is a kali linux VM, the other a Windows 10 client machine. You will find yourself using these all in conjunction with each other throughout the labs.
I am roughly 30% through the objectives so far and have learned a lot. Daniel Lowrie teaches the Pentest+ course and is engaging and thorough in his teaching style. While there are alternative resources out there that you can get for free, you really do get what you pay for and when you sign up for ITPROTV, you can see where your money is going. They market themselves as "edutainers" which is refreshing in a world full of dull, dry, sleep-inducing tutorial videos. If I had to compare his teaching style to another, it would be Mike Meyers who I am also a big fan of. Time will tell if it is all paying off, but I am feeling more confident in my infosec knowledge every day and am happy to return day in and day out to keep learning with them. As a bonus, signing up with itprotv gives you not only access to the specific course you joined for, but ALL of their courses (and there are a TON!). A far better deal than CBT Nuggets, which is probably it's most similar competitor. As yet another added bonus, ITPROTV has a mobile app and even a Roku app for viewing their video courses. They also have email and chat support and they are very helpful, as I can attest to. Here's a link comparing the two sites (CBTNuggets and ITOROTV :
https://www.itpro.tv/compare/cbt-nuggets-vs-itprotv/
Stay tuned for an upcoming blog post on... NMAP!
