EDITOR'S PICK
  • CYBER BULLYING AND CHILD SAFETY
  • A GUIDE TO DARK WEB
  • GUIDE TO NETWORK SECURITY
  • CONTACT US
CONTACT US
Security Land
  • HOME
  • NEWS
    News

    Combatting Cyber Crime: FBI Columbia Leads Multi-Agency Training Course to Enhance Investigation Techniques

    Security Land Security Land January 26, 2023
    News

    Gen Z’s Lack of Cybersecurity Knowledge Puts Small Businesses at Risk

    Security Land January 25, 2023
    News

    Experts Predict Consequential Year for Cybersecurity in 2023

    Security Land January 19, 2023
  • DATA BREACHES
    Data Breaches

    India’s Education Ministry Data Breach Exposes Millions of Student and Teacher Records on Unsecured Server

    A security lapse in India's Education Ministry's Digital Infrastructure for Knowledge Sharing…

    Security Land Security Land January 26, 2023
    Data Breaches
    Riot Games Suffers Social Engineering Attack
    DevOps
    Data Breaches
    CircleCI Reveals Malware Attack as the Cause of Recent Security Breach, Advises Developers to Rotate Secrets and API Tokens
    Data Breach - Security Land
    Data BreachesEditors Pick
    What You Should Know About Data Breaches
    indian bank data breach
    Data Breaches
    Indian Bank Exposed Millions of Records Online
  • EDUCATION
    Education

    Protecting Your Business: The Importance of Web Application Security

    Sponsored by IntelSenseIntelSense
    Editors PickEducation

    Incident Response Guide for Small Businesses

    Sponsored by IntelSenseIntelSense
    Education

    Protecting Patient Data: The Importance of Cybersecurity in Healthcare

    Sponsored by IntelSenseIntelSense
  • MORE
    • Customize Interests
    • Contact Us
  • BOOKMARKS
Reading: How To Become A Penetration Tester (Part 1)
Share
Security Land
Aa
  • HOME
  • NEWS
  • DATA BREACHES
  • EDUCATION
  • MORE
  • BOOKMARKS
Search
  • HOME
  • NEWS
  • DATA BREACHES
  • EDUCATION
  • MORE
    • Customize Interests
    • Contact Us
  • BOOKMARKS
Have an existing account? Sign In
Follow US
© Copyright 2023 | Security Land from IntelSense.
Security Land > Education > How To Become A Penetration Tester (Part 1)
Education

How To Become A Penetration Tester (Part 1)

Security Land
Last updated: 2019/06/25 at 11:57 AM
Security Land
Share
5 Min Read
penetration tester
Penetration tester (Photo by Kevin Horvat)
SHARE

Educational tutorial How To Become A Penetration Tester, published in 3 parts, will aim to help the next generation of cyber security experts.

You will find all the essential knowledge and tools one must learn to become efficient and skilled at penetration testing, and at the bottom.

Contents
Educational tutorial How To Become A Penetration Tester, published in 3 parts, will aim to help the next generation of cyber security experts.1. TCP/IP (Networking) HTML in pentestingKali Linux in Virtual MachineTor, Proxychains, Whonix or a VPN?

1. TCP/IP (Networking)

Computers themselves speak to each other across a network through the use of packets. In essence the base unit of communications in the world of computer networks is the packet. Packets themselves are most commonly built using the TCP/IP stack, which is part of the computer’s operating system.

Each operating system has some unique values coded into its implementation of the TCP/IP stack. This is how OS fingerprinting works, by studying these unique values such as MSS and MTU among others. It has been said before that to recognize the abnormal you must first understand what is normal.

This is why we need to understand what a normal TCP/IP packet looks like and how TCP/IP itself sets up communications between computers.

HTML in pentesting

HTML is really important, first because every page you see on the web are displayed to some extent using HTML. It is the minimum to know the most basic language which carries the most content on internet.

Also HTML injection is an attack that is similar to Cross-site Scripting (XSS). While in the XSS vulnerability the attacker can inject and execute Javascript code, the HTML injection attack only allows the injection of certain HTML tags. When an application does not properly handle user supplied data, an attacker can supply valid HTML code, typically via a parameter value, and inject their own content into the page.

This attack is typically used in conjunction with some form of social engineering, as the attack is exploiting a code-based vulnerability and a user’s trust.  

Read Also: Paros – A java based proxy with amazing features

Kali Linux in Virtual Machine

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools which are geared towards various information security tasks, such as penetration testing, security research, computer forensics and reverse engineering.

  • More than 600 penetration testing tools included.
  • Free and always will be.
  • Open source
  • Developed in a secure environment
  • Multi-language support

You don’t have to use a VM but it allows you to run KALI and your default OS simultaneously, its facilitates some anonymity features and doesn’t force use to boot from a USB or install in on the Hard drive of your computer.  

Why learn Debian commands is pretty easy question and you don’t need spoilers for that one, in my opinion it is important to know your way around the system you use and learn the basic terminal commands that are packed within.

Tor, Proxychains, Whonix or a VPN?

During the penetration testing or vulnerability assessment or hacking, staying anonymous is one of the important factor.

If you are trying to be a black hat, this is not tutorial for you, but to done a good pentest, you also don’t want to get caught. Without some of anonymity, the internet connection will reveal your identity.

ProxyChains is proxifier for linux system. It allows TCP and DNS tunneling through proxies. It supports HTTP, SOCKS4 and SOCKS5 proxy servers. It uses multiple proxies at a time, so it is called Proxy Chaining.

Whonix is also a very good way to stay anonymous and makes use of the Tor network with its own gateway.

MAC Spoofing allows you to change your MAC adress which is your computer’s ID. Your MAC address points to your PC’s brand and can lead to you when deep searching.

VPN goes as best anonymity you can get today, especially if you go with paid ones with good reviews and no-log policy.


For the Part 2 of How To Become A Penetration Tester, we will talk about wireless, hacking tools, mitm attacks, different exploits and attacking methods and techniques.

You Might Also Like

Protecting Your Business: The Importance of Web Application Security

Incident Response Guide for Small Businesses

Protecting Patient Data: The Importance of Cybersecurity in Healthcare

An In-Depth Guide to Network Security

5 Steps to Protect Yourself Against Ransomware

TAGGED: hacking, how to, HTML, kali linux, mac spoofing, networking, penetration tester, penetration testing, penetration tools, proxychains, secland tutorials, security tutorials, tcp ip, tor, virtual machine, VPN, whonix
Share this Article
Facebook Twitter Whatsapp Whatsapp LinkedIn Reddit Email Print
By Security Land
Follow:
Hello. I am Bot created by SL Team.
2 Comments 2 Comments
  • Manish kumar says:
    July 10, 2019 at 10:44 PM

    Hello sir muje hacking sikni ha

    Log in to Reply
  • Manish kumar says:
    July 10, 2019 at 10:45 PM

    I love hacking sir please teach me

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Watch Now

- Advertisement -
Ad imageAd image

Trending Stories

man holding tablet computer
Malware

New DNS Botnet Hijacked Over 100,000 Routers

October 3, 2018

IPAnything can convert analogue sensors to an IP system

August 9, 2018

Twitter finds security bug, they advise users to change passwords

June 1, 2018
black samsung hard disk drive
Vulnerabilities

Western Digital’s NAS Devices Are Easy To Hack

September 20, 2018
0-DayVulnerabilities

0-Day Vulnerability – How it Works?

May 2, 2021

Microsoft Zero-Day RCE Bug

June 2, 2018

Always Stay Up to Date

Subscribe to our newsletter to get our newest articles instantly!

I have read and agree to the terms & conditions

Follow US on Social Media

Linkedin Twitter Facebook Instagram Youtube

© Copyright 2023 | Security Land from IntelSense.

Security Land

More from Security Land

  • About Us
  • Privacy Policy
  • Advertise
  • Contact Us
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
SAVE & ACCEPT
physical security
Join Us!

Subscribe to our newsletter and never miss our latest news, podcasts etc.

I have read and agree to the terms & conditions
Zero spam, Unsubscribe at any time.

Removed from reading list

Undo
Welcome Back!

Sign in to your account

Lost your password?