0x0e.org | pentesting perspective

braindump on pentesting, QA, metasploit, constant learning

Pentesting Skillset

with 8 comments

I’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a list of necessary skills for potential hires.

These are the skills i find necessary and want to promote in my own team. I’m curious if the list is what you would expect a penetration tester to know?

This list doesn’t focus on important things like the security mindset and other high-level skills like communication, organization, and discipline. It also stays away from specific technical (attack) tools and techniques.  Its main goal is to establish a minimum understanding and capability baseline for a pentesting team.

  • General / Overall
    • Project Management – Start, maintain and complete a project
    • Toolkit and Exploit Management – Maintain a useful set of tools
    • Education – Stay up to date, learn new concepts (books, people, training)
    • Teaching – Explain new concepts, publish information
    • Research – Own a topic or research area
    • Bullshit Management – Ability to work in close quarters
  • Auditing
    • Law / Regulation Knowledge
      • HIPAA,FISMA,GLBA (High level regulations)
      • ISO17799,ISO27002 (IT standards)
      • PCI, COBIT (Lower-level guidelines)
    • CISSP Domains
  • Writing
    • Technical writing ability
    • Ability to analyze & correlate information
    • Ability to reconstruct a narrative from technical information
  • Social / People Skills
    • Common Sense – Finding the quickest, easiest solution to a problem at hand
    • Social Engineering
  • Searching / Information Gathering
    • Research Skills
    • Google Hacking
    • Recon Techniques
    • Information Correlation
  • Attack Modeling
    • Risk and Threat Modeling
    • Attack Modeling
    • Security Mindset
    • System Decomposition
  • Web Application Skills
    • General Development and Testing
    • AJAX
    • Design Patterns (MVC) – Ruby
    • Javascript Debugging – Venkman, Firebug
    • Web Services – Rest, XML-RPC, SOAP, json
    • Web Specific Languages – ASP, PHP, JSP, Coldfusion
    • Web Frameworks and Platforms – ASP.NET, J2EE
    • Database Administration
    • SQL / Data Query
  • OS-Specific Skills
    • System Administration
    • OS Theory
      • System Architecture
      • System Security Models
      • Filesystems, Networking, I/O
      • Startup / Shutdown
      • Analysis (dump, debugging, memory, forensic)
      • Management + Maintenance
    • Windows
      • Active Directory
      • Exchange / OWA
      • SQL Server
    • Linux / BSD
      • Apache
      • MySQL
      • Sendmail / Postfix
    • Package Managers
    • OS X
    • AIX / Solaris / Unix
    • Kernel / Posix
    • System Programming
  • Networking
    • Networking Theory
    • Protocol Theory
    • Routing and Switching
      • Cisco & Juniper
    • Firewalls
    • Embedded Devices
  • VOIP / Voice Skills
    • PSTN experience
    • Routing + Signaling Protocols
  • Scripting Skills
    • Bash,etc
    • Perl, Python, Ruby
    • PHP, ASP
    • Batch, VBScript, Powershell
  • Hardware Hacking
    • Embedded Devices
    • Electronics Theory
    • Secure Design of a System
  • Wireless
    • WEP / WPA / WPA2
    • Packet Injection
    • Hardware / Driver knowledge
    • Basic Encryption
      • Symmetric ciphers
      • Asymmetric ciphers
    • 802.11
    • Antenna Theory
    • Mobile Networking
      • CDMA, GSM, Mesh Theory
  • Development
    • Coding
    • Regular Expressions
    • Development
      • Design Patterns
      • Development Methodology
    • Version Control
    • Database Design
    • Language
      • C / C++, Java
      • C# / dotNet Framework
  • Vulnerability Development
    • Reverse Engineering
    • Buffer / Heap Overflows (explain + code + find)
    • Creative Thinking
    • Analytic Thinking
    • Coding / Debugging
    • Fuzzing
      • Testing Theory
      • File Fuzzing
      • Protocol Fuzzing
      • SPIKE, Peach, etc
  • Attack Analysis / Forensics
    • IDS / IPS experience
      • Snort / Commercial IDS
      • Honeypots
    • Forensics experience
    • Packet capture and analysis
      • packet dumps, bpf, flows, wireshark

Written by jcran

July 5, 2008 at 9:04 PM

Posted in Uncategorized

8 Responses

Subscribe to comments with RSS.

  1. Great list! I would add that it is very difficult for a single pentester to be an expert in a all of these areas (at least I have yet to meet one!). Hence, one of the things that bothers me is when I see a pentest company send one person out to do a two week penetration test! How could one person be an expert in all of these areas? This is why you should have a diverse pentesting team with experts in most of the ‘major’ areas (Web app, OS-Specific, Networking, scripting/dev) you listed. Other skill sets like vuln development can easily be learned by someone with skills in scripting/development. In general, the more diverse and well rounded your team is the better. 🙂


    July 23, 2008 at 12:53 PM

  2. […] points to 0×0e’s post that puts forward a list of skills that a good pentesting team should have. It is a good list and […]

  3. Tom,

    definitely, this was aimed as more of a wish-list for a team.

    it would be interesting to put together a maturity model for a pentesting team. — what skills are absolutely (day-one) necessary for a generic pentest. i guess it depends on the network / idea of a “generic” pentest.

    surely though, there should be some way to boil down to skills which are more essential:
    – networking
    – unix / linux
    – security mindset
    – scripting (debatable, but imo necessary…)

    and those that are secondary (again, depending on a lot of factors):
    – scripting++
    – networking++
    – unix-foo
    – web-app skillz


    again, all of this is debatable, and depends on the environment which needs testing.

    the goal is to make a list of where anyone interested should focus. the short answer seems to be any of these areas, though some are easier than others…


    September 3, 2008 at 4:45 AM

  4. Thanks

    I’m going to print this out.

    And learn as much as the things from the list as I can.

    For pen-testing and white hat hacker, this’ll be a good goal to set myself.


    September 12, 2008 at 6:01 AM

  5. […] saw this post on Hexesec the other day that made me think about all the skill’s that when you put them together could […]

  6. What skills should one learn for a future job in penetration testing?…

    Technically speaking, the experience that was of the most benefit for me was working as a network technician and later as an administrator for a large windows network. I would suggest getting your hands dirty in technologies that major corporations use…


    April 4, 2012 at 3:48 AM

  7. […] another one i wrote a few (zomg, 6) years back, specific to penetration […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: