Pentesting Skillset

with 8 comments

I’ve been fumbling together a list of skills necessary to succeed as a pentester. This was prompted by mapping out my own short-term education and by gathering a list of necessary skills for potential hires.

These are the skills i find necessary and want to promote in my own team. I’m curious if the list is what you would expect a penetration tester to know?

This list doesn’t focus on important things like the security mindset and other high-level skills like communication, organization, and discipline. It also stays away from specific technical (attack) tools and techniques.  Its main goal is to establish a minimum understanding and capability baseline for a pentesting team.

• General / Overall
  • Project Management – Start, maintain and complete a project
  • Toolkit and Exploit Management – Maintain a useful set of tools
  • Education – Stay up to date, learn new concepts (books, people, training)
  • Teaching – Explain new concepts, publish information
  • Research – Own a topic or research area
  • Bullshit Management – Ability to work in close quarters
• Auditing
  • Law / Regulation Knowledge
    • HIPAA,FISMA,GLBA (High level regulations)
    • ISO17799,ISO27002 (IT standards)
    • PCI, COBIT (Lower-level guidelines)
  • CISSP Domains
• Writing
  • Technical writing ability
  • Ability to analyze & correlate information
  • Ability to reconstruct a narrative from technical information
• Social / People Skills
  • Common Sense – Finding the quickest, easiest solution to a problem at hand
  • Social Engineering
• Searching / Information Gathering
  • Research Skills
  • Google Hacking
  • Recon Techniques
  • Information Correlation
• Attack Modeling
  • Risk and Threat Modeling
  • Attack Modeling
  • Security Mindset
  • System Decomposition
• Web Application Skills
  • General Development and Testing
  • AJAX
  • Design Patterns (MVC) – Ruby
  • Javascript Debugging – Venkman, Firebug
  • Web Services – Rest, XML-RPC, SOAP, json
  • Web Specific Languages – ASP, PHP, JSP, Coldfusion
  • Web Frameworks and Platforms – ASP.NET, J2EE
  • Database Administration
  • SQL / Data Query
• OS-Specific Skills
  • System Administration
  • OS Theory
    • System Architecture
    • System Security Models
    • Filesystems, Networking, I/O
    • Startup / Shutdown
    • Analysis (dump, debugging, memory, forensic)
    • Management + Maintenance
  • Windows
    • Active Directory
    • Exchange / OWA
    • SQL Server
  • Linux / BSD
    • Apache
    • MySQL
    • Sendmail / Postfix
  • Package Managers
  • OS X
  • AIX / Solaris / Unix
  • Kernel / Posix
  • System Programming
• Networking
  • Networking Theory
  • Protocol Theory
  • Routing and Switching
    • Cisco & Juniper
  • Firewalls
  • Embedded Devices
• VOIP / Voice Skills
  • PSTN experience
  • Routing + Signaling Protocols
• Scripting Skills
  • Bash,etc
  • Perl, Python, Ruby
  • PHP, ASP
  • Batch, VBScript, Powershell
• Hardware Hacking
  • Embedded Devices
  • Electronics Theory
  • Secure Design of a System
• Wireless
  • WEP / WPA / WPA2
  • Packet Injection
  • Hardware / Driver knowledge
  • Basic Encryption
    • Symmetric ciphers
    • Asymmetric ciphers
  • 802.11
  • Antenna Theory
  • Mobile Networking
    • CDMA, GSM, Mesh Theory
• Development
  • Coding
  • Regular Expressions
  • Development
    • Design Patterns
    • Development Methodology
  • Version Control
  • Database Design
  • Language
    • C / C++, Java
    • C# / dotNet Framework
• Vulnerability Development
  • Reverse Engineering
  • Buffer / Heap Overflows (explain + code + find)
  • Creative Thinking
  • Analytic Thinking
  • Coding / Debugging
  • Fuzzing
    • Testing Theory
    • File Fuzzing
    • Protocol Fuzzing
    • SPIKE, Peach, etc
• Attack Analysis / Forensics
  • IDS / IPS experience
    • Snort / Commercial IDS
    • Honeypots
  • Forensics experience
  • Packet capture and analysis
    • packet dumps, bpf, flows, wireshark

Written by jcran

July 5, 2008 at 9:04 PM

Posted in Uncategorized