What are /r/Pentesting's favorite Products & Services?

From 3.5 billion Reddit comments

CommandoVM is a Windows-centric pentesting toolset that can be installed on Windows 10 (or 7 but 10 is better): https://www.fireeye.com/blog/threat-research/2019/03/commando-vm-windows-offensive-distribution.html

Alternatively (or in addition to that), you can install PowerShell on Kali: https://www.kali.org/tutorials/installing-powershell-on-kali-linux/

If you intend to pentest Windows environments, knowing batch and VBs is not sufficient. Learn PowerShell.

This video is a good place to start. You don’t need to know everything about networking. You do need to have a basic understanding of the OSI model. Everything has layers of abstraction, and there are potentially vulnerabilities with every layer. You can decide what’s interesting to you and where to dig in deeper.

Get your hands on a copy of the The Web Application Hacker's Handbook, Chapter 21. Step by step breakdown so you don't forget anything.

For books, this one is older, super basic and you can get the tools required if you email the author:

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

But if you don't understand how the internet works on a fundamental level....not sure if pen testing should be where you start.

I think you should virtualize Kali Linux on top of whatever OS you want to run as the host.

This is because you can set up all the tools you want, and then take a snapshot of the vm. Anytime you want to reset the vm or anything, just roll it back. This also gives you a uniform platform you can use for any practice you want. For example, files for one ctf/client/war game/etc. wont get mixed with another.

In terms of tools, https://tools.kali.org has a list of all kali tools.

If you choose not to go with kali but want to install the tools on another distro, you can use the meta packages https://www.kali.org/news/kali-linux-metapackages/

Other tools I recommend: crackmapexec, responder, powershell empire.

The hacker playbook 3 is also a solid book for practice/exposure to other tools and methods.

I'm not sure if it's what you're looking for but I've posted a link to a wargaming/challenge site along with a decent introductory video concerning Backtrack (which has been superseded by Kali but the concepts remain the same).

Do you have anything that you could post along the same lines as what you're hoping to see here?

As an aside, we're now using the stylesheet from /r/naut... I'm not really much of an art/graphics guy; how does it look? I think I might need to change out some of the shades of blue (like the "Submit a new text post" button on the right side).

I'm not sure how to do it in python, but check out Burp Suite

https://portswigger.net/burp

https://support.portswigger.net/customer/portal/articles/1964073-using-burp-to-hack-cookies-and-manipulate-sessions

Yeah, NordVPN is based in Panama, no data retention requirements, and Panama is not part of the 5 eyes or 14 eyes alliance. Express VPN is based in the British Virgin Islands, which, while it has great privacy laws is still a British territory and as such is subject to subpoena of records. Same reason I stopped using cyberghost, based in Romania but owned by an English company and therefore subject to subpoena. In short, both your IP and traffic are protected on NordVPN.

5Ghz 433Mbps, 2.4Ghz, 150Mbps. Will choose 433Mbps for sure. But if you are fine with speed. Both of them will work. I am now using a USB adapter for work.

On another note, I decided to look into this a bit more

I think you're talking about the top key on this one with 4 https://images.app.goo.gl/pcHksbwnSCLZe62H9

if so, heres a link to amazon https://www.amazon.com/Willbond-Multi-Functional-Utilities-Electric-Cupboard/dp/B072LPLKP6

really hope this helps

Maybe think about installing Kali directly onto the laptop. Kali installed directly doesn't use near as much battery as Windows with virtulization. You should really look into this! If pentesting is something your interested in, it's not a bad idea to have a laptop dedicated for that.

You will need to download the kali iso and make a bootable USB drive. You will also need a USB drive that is empty and at least 8gb.

Here are some links to help you out:

https://www.kali.org/docs/installation/hard-disk-install/

https://rufus.ie/

Georgia has a class on cybrary.it that came out around 2019 if I recall correctly. It's up to date from the book as it's newer than her first edition, but it's not the newest material in the industry for sure.

It was free when I enrolled at the time, not sure it it still is.

Cybrary lists the course as "advanced" but the layout is very similar to Georgia's book.

You can just ignore all the Qubes-specific stuff, but this will work, just skip to the section labeled “Kali Linux TemplateVM from a Debian template” toward the bottom:

https://www.qubes-os.org/doc/pentesting/kali/

This assumes a Debian 10/buster base. You basically just replace your /etc/apt/sources.list with Kali repos, dust-upgrade then install the Kali-Linux-full metapackage. There might be a less robust package since you won’t need all the GUI stuff, but I’m not sure what it is. You can do an apt search kali-linuxto see what’s available.

URLORDJAMES' CERTIFIED GUIDE TO PEN TESTING: 1: get a VM put kali linux on there and fuck around, link to iso: https://www.kali.org/downloads/ 2: learn metasploit 3: learn programing (not in any particular order)

Can't speak on the aspects of the insider pro but will say that the courses on cybrary that helped the most wast the Advanced Penetration testing course by Georgia Weidman and the Python for security professionals course. I know the one by Georgia Weidman is still free but I don't know about the Python one anymore. Was able to enroll in both for free but they might have changed it. Also if you are referring to this (https://www.cybrary.it/catalog/career-path/penetration-tester/) course all it says is it prepares you for the CEH which is a trash cert. Virtual hacking labs is a really good runner up to the OSCP and the 3 month pass is about the same for insider pro

The "global permanent deployment of IPv6" was at least a year before masscan's first release.

It's legitimate to criticize the shorthand 'scan the Internet' by pointing out an IPv4 tool doesn't touch IPv6, but the shorthand is given with the common understanding most of the 'net traffic and routing is still v4.

Nothing has changed since the tool's release though that make your "once upon a time" and "with the advent" statements correct.

Right now a lot of jobs are looking for Web App experience.

Books

I'd recommend the Webapp Hackers Handbook to start.

Hands-On (Sandbox) Experience

The labs from Portswigger’s Web Security Academy have several exercises for each vulnerability category (XSS, SQLi, Authentication bugs, etc). WSA also has the benefit of tracking your progress throughout the labs, giving you a ‘scoreboard’ of progress to share in interviews.

Tools

Once you have the book and labs, you'll need to get relevant tools. While it's a common route to download Kali Linux and try dozens of tools, I'd recommend starting by downloading Burpsuite (Community) and getting very familiar with that. Burp is the 'swiss army knife' of webapp pentesting and will be the one tool you'll use every day. You’ll need to know more than just Burp but being able to claim competency with Burp will definitely help.

Real-World Experience

You could spend weeks or months just going through these tools (and it would take you a long way!) but real-world experience is often where budding pentesters struggle in getting their foot in the door.

When you start getting comfortable with the above, sign up for bug bounties (HackerOne, Bug Crowd, Intigrity, etc) and try finding vulnerabilities in real-world applications. Start off with smaller/newer bounties which don't offer financial rewards (VDP, Vulnerability Disclosure Programs) -- there will be many fewer eyes on those bounties, and give you a better chance at early wins.

As you start building your bug collection, add your HackerOne or Bug Crowd profile to your resume and mention the bugs you’ve found in the relevant section.

Even a few of these real vulnerabilities will be a gold star as you break into the industry.

A pretty technical book, but it reads like a story:

https://www.amazon.com/Advanced-Penetration-Testing-Hacking-Networks/dp/1119367689

I've read it so fast because of it that I'm going to have to do a second read...:)

hey, i casually found i book that might be for you, the description seems to cover some aspect of what you have asked Rtfm: Red Team Field Manual https://www.amazon.it/dp/1494295504/ref=cm_sw_r_cp_api_i_qirNFbAARH4W6?_encoding=UTF8&psc=1

Wowza that’s quite a bit, I definitely have to recommend this https://www.amazon.com/dp/B0843HCPJX/ref=cm_sw_r_cp_api_i_T4MzFbP9NENMM, it’s perfect for anything you need to do, plus it’s only 1.1k so you have 400 left to upgrade the ram since it only comes with 8gb

Depends on where you are already or what you are most interested in. If you are really interested in reading packet captures the Practical Packet Analysis book is good, but if you want to learn more about SIEMs, etc maybe The Practice of Network Security Monitoring , and there are a lot of books/subjects that aren't geared specifically towards InfoSec that are just as valuable if not more.... things like linux command line, networking, active directory, etc... those are just a few books I have that are more towards blue team stuff, but I'm sure there are plenty of others. Best thing to do is start with what is most interesting to you and build off it.

OP, get this book. It’s a great starting point. Hands on approach to setting up a home lab and using common pen test tools.
Penetration Testing: A Hands-On Introduction to Hacking https://www.amazon.com/dp/1593275641/ref=cm_sw_r_cp_api_i_3MvcBbZFM0P1R