I’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a list of necessary skills for potential hires.
These are the skills i find necessary and want to promote in my own team. I’m curious if the list is what you would expect a penetration tester to know?
This list doesn’t focus on important things like the security mindset and other high-level skills like communication, organization, and discipline. It also stays away from specific technical (attack) tools and techniques. Its main goal is to establish a minimum understanding and capability baseline for a pentesting team.
- General / Overall
- Project Management – Start, maintain and complete a project
- Toolkit and Exploit Management – Maintain a useful set of tools
- Education – Stay up to date, learn new concepts (books, people, training)
- Teaching – Explain new concepts, publish information
- Research – Own a topic or research area
- Bullshit Management – Ability to work in close quarters
- Auditing
- Law / Regulation Knowledge
- HIPAA,FISMA,GLBA (High level regulations)
- ISO17799,ISO27002 (IT standards)
- PCI, COBIT (Lower-level guidelines)
- CISSP Domains
- Law / Regulation Knowledge
- Writing
- Technical writing ability
- Ability to analyze & correlate information
- Ability to reconstruct a narrative from technical information
- Social / People Skills
- Common Sense – Finding the quickest, easiest solution to a problem at hand
- Social Engineering
- Searching / Information Gathering
- Research Skills
- Google Hacking
- Recon Techniques
- Information Correlation
- Attack Modeling
- Risk and Threat Modeling
- Attack Modeling
- Security Mindset
- System Decomposition
- Web Application Skills
- General Development and Testing
- AJAX
- Design Patterns (MVC) – Ruby
- Javascript Debugging – Venkman, Firebug
- Web Services – Rest, XML-RPC, SOAP, json
- Web Specific Languages – ASP, PHP, JSP, Coldfusion
- Web Frameworks and Platforms – ASP.NET, J2EE
- Database Administration
- SQL / Data Query
- OS-Specific Skills
- System Administration
- OS Theory
- System Architecture
- System Security Models
- Filesystems, Networking, I/O
- Startup / Shutdown
- Analysis (dump, debugging, memory, forensic)
- Management + Maintenance
- Windows
- Active Directory
- Exchange / OWA
- SQL Server
- Linux / BSD
- Apache
- MySQL
- Sendmail / Postfix
- Package Managers
- OS X
- AIX / Solaris / Unix
- Kernel / Posix
- System Programming
- Networking
- Networking Theory
- Protocol Theory
- Routing and Switching
- Cisco & Juniper
- Firewalls
- Embedded Devices
- VOIP / Voice Skills
- PSTN experience
- Routing + Signaling Protocols
- Scripting Skills
- Bash,etc
- Perl, Python, Ruby
- PHP, ASP
- Batch, VBScript, Powershell
- Hardware Hacking
- Embedded Devices
- Electronics Theory
- Secure Design of a System
- Wireless
- WEP / WPA / WPA2
- Packet Injection
- Hardware / Driver knowledge
- Basic Encryption
- Symmetric ciphers
- Asymmetric ciphers
- 802.11
- Antenna Theory
- Mobile Networking
- CDMA, GSM, Mesh Theory
- Development
- Coding
- Regular Expressions
- Development
- Design Patterns
- Development Methodology
- Version Control
- Database Design
- Language
- C / C++, Java
- C# / dotNet Framework
- Vulnerability Development
- Reverse Engineering
- Buffer / Heap Overflows (explain + code + find)
- Creative Thinking
- Analytic Thinking
- Coding / Debugging
- Fuzzing
- Testing Theory
- File Fuzzing
- Protocol Fuzzing
- SPIKE, Peach, etc
- Attack Analysis / Forensics
- IDS / IPS experience
- Snort / Commercial IDS
- Honeypots
- Forensics experience
- Packet capture and analysis
- packet dumps, bpf, flows, wireshark
- IDS / IPS experience
