#1 First step is to understand deeply how a computer, network works. So without this understanding you cannot understand what is happening behind the scenes. Get a good understanding of computer memory, network protocols, OS essentials,…

#2 Kali linux is the standard the facto for pentesting, so you will have to master Linux commands.

#3 As there is no need to reinvent the wheel, get used to all the tools that Kali linux has already installed. Actually, go one by one, reading the manual, testing its functionality and document it all.

#4 As practice makes you perfect, you need to setup a private lab in order to test all the techniques and tools in a legal and private environment. So get your prefered virtual image environment and set up Win XP, 7, 10 and some linux to attack

#5 Vulnerability Analysis is a very important phase. So get used and try all Gartner awarded software and get your favorite. Nonetheless, none of them can catch 100% of the vulnerabilities, so once again all your knowledge and experience is a very valuable asset.

#6 Metasploit is a GREAT tool. Read a lot and practice more to master that platform and related tools, as msfvenom. And try all the tools, payloads against your private lab environment.

#7 Get your certifications! CEH and OSCP will help you to get used to procedures and methodologies as well as tools or usual techniques. SANS Institute although expensive has also really great courses.

#8 Read a LOT. Read everyday several articles about computer flaws, malware techniques, etc. There are several blogs like Fireeye or Palo Alto that are a great source of information. Also mailing list as bugtraq, OSS or Full Disclosure.

#9 Learn everyday. Also there are a lot of Internet free webinars promoted by big firms (Coalfire, etc).

#10 And most important thing. Pentesting is an art. Your mission is to figure out ways nor the developer neither anybody could imagine before. So use your imagination to think out-of-the-box in unexpected ways. The most important rule is that there are no rules.






Leave a Reply

Your email address will not be published. Required fields are marked *