Need Assistance with Ethical Hacking/ Pentester Road map

IReadUrSoul

Hey All
Looking to become A CEH or Pentester but have no experience in either , i love computers and the intrigue of the whole hacking thing , but it is not my day-job.

i believe computers are the future so i think its time for a career change.from what ive gathered a good career map would be as follows:

Comptia Network +
Comptia Security +
Linux +

and then either the CEH or Mile2 C)PEH

the first 3 would be home study??

Kur4mA

You're pretty much of the same thinking as I am. This is an area I want to learn more about and hopefully work my way towards. I would agree with the Network+, Security+ and Linux+. It's what I am working on at the moment myself.

After this it gets tricky. Honestly, I've done some of the CEH course work and I'll never go near it or anything else by the EC-Council again. My goal is to do the OSCP and if you are really interested in Pentesting courses forget the CEH and look at the Offensive Security courses. Here:

http://www.offensive-security.com/information-security-certifications/

There's some great information in this thread on the Security forum around Pentesting and where to start too:

http://www.boards.ie/vbulletin/showthread.php?t=2056574298

For a broader look at Information Security, Digital Forensics and Pentesting/Ethical Hacking check these other threads/posts below. My Opinion on EC-Council has changed a lot since those posts but there's still some good information there from other posters.
http://www.boards.ie/vbulletin/showthread.php?p=72371146

And here is my breakdown on the main courses out there after doing a lot of research on this:
http://www.boards.ie/vbulletin/showpost.php?p=73335019&postcount=14

harney

You should probably get some Windows training under your belt if you are not expereiced in that area. It is difficult to exploit something if you don't know how it ticks normally.

A CCNA would not hurt either.

SANS do some very good practical courses (but not cheap) - the SANS 560 is the pen testing one. I have heard very few people say good things about the CEH courses, although it does come up in recruitment sites so I guess they can't hurt for getting you past HR / recruiters. https://www.sans.org/security-training/network-penetration-testing-ethical-hacking-937-mid

Download something linke Backtrack 5 http://www.backtrack-linux.org/

Then have a go at Damn Vulnerbale Linux Metasploitable http://www.offensive-security.com/metasploit-unleashed/Metasploitable

When you are feeling comfortable, and if you would like to work in the UK some day have a look at CREST - http://www.crest-approved.org/registered_tester.html The exam is a 4.5 hour exam comprising a theoretical and practical exam.

Mike87

IReadUrSoul: Where you are now is the same position I was in a few years back. I was thinking if I get plenty of networking in and plenty of linux then I'll be able to get a job in security. WHich I guess it did in a way. But I felt very shortchanged at the end.

If I could go back a few years to give my younger self some advice it would be this:

1) Programming. In the security world you better know how to code. And I dont mean having a rudimentary knowledge of it. You will get by without being able to code.... but I mean that very literally. You really do need to know how to code and how to code well. So if I was you I would get coding right now.

2) Dont get so caught up in trying to learn every nook and cranny of linux/unix/windows/every-cisco-router-switch-and-firewall-under-the-sun and spend a bit more time learning about crypto and steganogrphy. THat will pay off big time.

Employers can find someone at the drop of a hat that are experts at cisco, juniper, linux, programming etc.... its not so easy to find someone with the same equivilent knowledge in crypto and generally (well where I work anyway) when you do finally find a crypto expert he tells you what his wages are going to be, and how often he should get a bonus.

On the other hand, if you do go down the route of getting into the networking and linux you will always be able to get a job with an ISP or whatever which does have its bonus's... its up to you.