Hacking as a profession: How to become a penetration tester
by Tina Siering
What exactly does a penetration tester do?
The penetration tester works in IT security. Here he has a very specific area of responsibility. He is responsible for checking networks and systems for vulnerabilities. In this function, the penetration tester thinks and acts like a real hacker. He uses his skills to find as many vulnerabilities of a system as possible in a defined time and thus improve the security of networks. That is why penetration testers belong to the group of so-called white hat hackers.
In his everyday life, the pentester plans security tests in networks and organizes them. So he actively tries to penetrate networks and systems and a human pentester is more flexible than an automated testing program. He discusses all measures in advance with the owner of the systems, because a pentester is never active without the order and knowledge of the network owner. After the test, he documents the results and presents the network owner with suitable recommendations for solutions.
Penetration testers usually work for IT security service providers. These companies offer the pentest as a service to customers. A pentest involves checking how a corporate network responds to cyberattacks. These are therefore simulations that often take place under realistic conditions. This is precisely what appeals to many applicants.
What background do penetration testers have?
It is important to have an understanding of networks and the task itself. There is no defined training path or training to become a penetration tester. Most penetration testers have a background in IT. For example, training as an IT specialist specializing in system integration or application development serves as good preparation. In the meantime, there is even a suitable course of study with the Bachelor in IT Security. In addition, the OSCP certification is an industry-recognized and standardized training course that can be used to build up and prove basic pentesting skills.
However, many pentesters are career changers who taught themselves networking skills or came into contact with these tasks through other professional activities. The skills of some young hackers who have acquired their qualifications independently are impressive and sometimes surpass those of trained IT security specialists. Studying computer science at a university of applied sciences also prepares applicants well for a career in this sector of IT security. It is important for the training to be technically oriented and to focus on networks and applications. A general degree in IT or business informatics at a university is less suitable due to the mathematical-theoretical focus.
Which skills do penetration testers need?
Anyone who wants to work as a pentester needs a very specific mindset and special skills. This goes beyond the aforementioned basics of network technology and software. Frustration tolerance and stamina are also important. "TRY HARDER" is a rather well-known motto, also from the OSCP environment. The tasks of a pentester are exciting and hardly comparable to anything else in the IT field. One important area is the knowledge of network technology. Networks and communication form the basis for cyber attacks. Very practical knowledge is also required here. This refers, for example, to the functions and structure of protocols.
Equally important are skills in dealing with software. Here, the penetration tester focuses on very specific types of programs. On the one hand, he or she must be confident in handling shell and console commands and be able to flexibly familiarize himself or herself with a variety of different tools - this is how information is obtained or network configurations are checked. On the other hand, extensive knowledge with the different operating systems is necessary.
Another area is knowledge of the widely used server programs and services that run on these systems (for example, e-mail servers, databases such as SQL, or even web servers, to name just a few). The tasks of pentesters also include checking that software is up to date, as well as the security of passwords and access rights. It is therefore important to have as broad a spectrum of knowledge as possible in dealing with servers.
In addition, penetration testers use a set of various special programs for their daily work. Among other things, this software is capable of identifying security vulnerabilities in services and applications. Specialized software is also used when looking for opportunities to execute remote code or SQL injections, which are used exclusively in IT security.
Another point involves Open Source Intelligence (OSINT), a term from the world of intelligence services. With the goal of intelligence gathering, information is collected from freely available sources. Pentesters search these sources for publicly available information on internal resources as well as relevant information outside the organization (e.g., publicly available metadata). Accordingly, a knowledge of OSINT information helps identify vulnerabilities and prevent cyberattacks.
In addition, pentesters should also have personal skills and attributes, such as the ability to think in a structured and logical manner. The pentester does not work through a strict protocol. Rather, he must react to the situation at hand and act accordingly. The quality of a pentest essentially depends on the tester's skills. A pentester should identify as many (serious) vulnerabilities that endanger the environment as possible in the given time budget. This also includes prioritizing, thinking oneself into attackers, recognizing correlations and evaluating them.
What attack techniques and tools do penetration testers use?
In their work, pentesters draw on a variety of different techniques and tools. Each penetration test is different and requires a customized approach, although there are some standardized frameworks to achieve reproducibility and comparability between pentests. This is precisely what makes this profession so exciting and varied.
Some of the tools and techniques fall into areas that are actually prohibited by law. However, their use is still legal, as there is prior consultation with the customer and the customer is informed about the pentests. These include, above all, attacks on networks and data.
The most important tools include programs for penetration tests and vulnerability analyses. There is special software for this, such as Bloodhound or Metasploit. These programs are used to validate security vulnerabilities (e.g. by exploitation) or to visualize the structures of Active Directory networks. The Nmap port scanner can be used to scan and evaluate hosts in a computer network.
However, pentesters do not only use technical systems. In some tests, components from the field of social engineering are also used. In addition to sending e-mails or making targeted phone calls, this also involves checking physical security. Here, the pentester may try to enter a company's premises in person to check whether server rooms are sufficiently secured or whether it is possible to gain access to the network via an unprotected Ethernet connection.
How to become a penetration tester?
In addition to a suitable background in technical IT - and, in the best case, experience in IT security - enjoying technical challenges and a fascination with offensive IT security are important prerequisites for a career as a pentester. The appropriate mindset is also important, as it's primarily about solving technical challenges that no one has come up with before and creatively getting a system to do something it's not actually designed to do. Platforms such as Hack-the-box, VulnHub or TryHackMe allow real and practical hacking challenges to be carried out. Therefore, it is not surprising that many pentesters started as self-taught hackers in the field before becoming professionally active in the field, e.g., through lecture series at hacker conferences and/or through community work.
Another way to start a career as a pentester is to acquire the appropriate certificates (such as Offensive Security Certified Professional (OSCP) or Offensive Security Web Expert (OSWE)). However, the permanent and also self-taught will for further education remains indispensable if you want to become a successful pentester.
The article "I think like a hacker - Why I chose the profession of a pentester!" provides exciting insights into the everyday life of a pentester at secion.
Conclusion about the profession of a penetration tester
Becoming a pentester is by no means a classic career choice, but it is a challenging and varied job with great responsibility in the field of cybersecurity consulting. The path to such a position is not easy, as there is no defined training or study path. Also, the job is not suitable for everyone. A pentester needs extensive knowledge in dealing with a wide variety of server environments and, at the same time, a good imagination in order to independently identify possible points of attack. However, anyone who is interested in IT security in general and continues their education with suitable training courses has a good chance of making it into the industry. The important things are: the right mindset, frustration tolerance, a certain playfulness and the permanent will to continue training!
Need help upgrading your IT security for 2022? Contact us!
Related articles
QR codes have been around for almost 30 years. Today, we scan the square codes with our smartphone as a matter of course to release bank orders, create a digital vaccination certificate or retrieve coupons. However, since QR codes are also used by cybercriminals for fraudulent purposes, you should not trust the little squares without limits. You should be especially careful if you receive a QR code via email: A sophisticated phishing attack could be hiding behind it. We show you how to recognize quishing attacks and protect yourself from them.
Read more … Caution, Quishing: Criminals use QR codes for phishing attacks
In early October, the ransomware group Black Basta attacked an IT service provider of the Deutsche Presse-Agentur (dpa), stealing the data records of 1,500 dpa employees as well as pension recipients of the dpa support fund. Two weeks later, the cybercriminals published the first sensitive data of the victims on the darknet. This incident is just one of many attacks associated with the notorious Black Basta ransomware - and there will be many more to come. That's because, as new research shows, the cybercriminals act very similarly to other aggressive hacker groups.
Read more … Black Basta: New findings on the notorious ransomware
The cybersecurity industry is more dynamic and rapidly changing than any other sector. Today's insights may already be outdated tomorrow. Because at the same pace as IT security develops new measures to protect IT infrastructure, networks, and endpoints, cyber criminals bring new tools to the market, refine attack methods, or use unknown techniques to successfully carry out cyber attacks. Anyone who wants to stay as well informed as possible in the multi-layered environment is dependent on regular updates. This applies equally to technically interested users and IT staff. One popular source of information in Germany is the podcast. More than 40% of all Germans regularly listen to podcasts - one fifth of them daily. We asked our IT security consultants for recommendations on ethical hacking and present our top 5 most popular cybersecurity podcasts here.