Both becoming and being a penetration tester is hard. The learning curve for this business is through the roof. Years ago you had three (3) primary hurdles that you had to get over if you wanted to become a good penetration tester.
- Fundamentals – you have to have a solid background in networking, operating systems, and programming. It is extremely difficult to hack into things you don’t understand and even more difficult to explain to the customer how to fix the underlying cause of the vulnerability you just exploited. So you have to understand the technology if you want to be in this business.
- Tools – years ago it was really difficult to get most security tools installed. Platform and library dependency issues were the norm. Installing hacking tools just flat out difficult even if you were fairly experienced. Attack distributions like Phlak, Knoppix, Whax, Auditor, and eventually BackTrack solved this problem. Nearly all of the hacking tools are now ready for use as soon as you boot up.
- Target Infrastructure – The final problem that has yet to be addressed until now is infrastructure. A target rich environment that safely/legally facilitates learning, practicing, and researching new vulnerabilities as well.
Strategic Security’s Pentester Lab Network is designed to address the lack of a target infrastructure problem by providing something goes well beyond a few vulnerable workstations, something that goes well beyond some simple intentionally vulnerable applications, something that goes well beyond a fun CTF, and something that goes beyond a penetration testing class lab network.
This network will provide you with the most important ingredient you will need in order to be successful. That key ingredient is experience. There is no podcast, webinar, workshop, class, book, or video that is going to give you real tangible experience. There is no intentionally vulnerable application, wargame server, or Capture The Flag (CTF) that adequately emulates a real production network or a live production application with lots of users. Most of the time these are just exercises designed to help you get an idea of what you will face on a penetration test or to better understand the concepts that make up a particular vulnerability or exploitation tactic. There is absolutely nothing wrong with any of these things – they serve a very valuable purpose – they just fall short of adequately preparing you to work in a professional penetration testing role.
Starting on the 1st of January 2014 Strategic Security will begin offering pentester lab access. You will receive VPN access to the lab network of over 200 hosts running all kinds of things like:
- Sharepoint, System Center, Lync
- WordPress, Drupal, Joomla
- Unix hosts
You’ll also be given access to the videos and courseware for both the Network Pentester Night School and the Web App Pentester Night School. This material will give you the tips and tricks you need to start working your way through the lab network. After you’ve gone through this material or if you already feel ready for it you can have the videos and courseware for the Advanced Offensive Cyber Operations course.
Each month there will be changes to the network architecture so you’ll not only have to discover the network hosts again, but you’ll also have to deal with different IPSs/WAFs and other defensive technologies as well.
Now what do you want to spend your time attacking each month?
Sign up today!
Joe McCray is a US Air Force Veteran and has been in the IT Security field for over 12 years. He has worked extensively with the medical community, the financial industry, retail, the federal sector, the Department of Defense, 3-letter agencies, and several foreign governments. His technical background is very broad with nearly 20 industry certifications and experience covering networks, web applications, binary applications, mobile applications and his expertise is in bypassing IT Security Systems.
Joe has been involved in hundreds of penetration testing engagements and has some major hacking accomplishments, techniques, tips, and tricks that he share in his students and clients. His extensive experience and deep knowledge, mixed with his comedic style has lead Joe to be one of the most highly sought after experts in the industry. Joe makes speaking appearances and gives seminars at major events in the security community such as Black Hat, DefCon, BruCon, Hacker Halted and more. Joe is the recipient of the 2009 EC-Council Instructor Circle of Excellence Award and the 2010 EC-Council Instructor of the Year Award. Joe is also the founder and CEO of Strategic Security, an IT Security consulting firm that provides both training and in-depth technical IT Security assessments.