Wylie, Crawley 2020: The Pentester Bluepring
Table of Contents
Some time ago I bought a humble book bundle on Cybersecurity1 and it had SOOOO MANY BOOKS. Seriously, when I learned that this bundle was available I could not contain myself. Since then I have started reading some of these books, always driven by the idea “Read more books to read more”2 and constantly trying to improve my skills.
I had omitted this book and focused on more practical ones, till I saw the following Shannon Morse thumbnail. That’s when I started reading it and… this is the first book I completed3.
Summary
Alright alright alright. The book is excellent.
With that said, it is important to note down that it is not a book that will teach you a lot of things ( i think that most people reading it will already be familiar with the terminology used ). The title is really the best description for how it should be thought of - a blueprint. The authors did such a good job slecting training material, tips, getting interviews from people in the information security community, that through the book’s content a clear path to a information security career is outlined and presented in an easy-to-read fashion.
What is left, is up to yourself. Action.
Book’s Contents:
- What is a Pentester
- Prerequisite Skills
- Education of a Hacker
- Education Resources
- Building a Pentesting Lab
- Certifications and Degrees
- Developing a Plan
- Gaining Experience
- Getting Employed as a Pentester
Tips:
- Every skill, no matter how technical, can at times be very useful in information security
- Focus on getting the basics down before moving on to more complex terms. Generic certification programms such as CompTIA’s A+, Security+, Network+ are helpful for learning these stuff.
- Read and practice a lot. Building your own lab (and breaking it) and doing
CTF’s are really good ways to get where you want to go
- You should keep notes on the problems you encounter and on your progress as well, so that you can always refer back to them.
Resources to check:
I thought about this for a very long time, before uploading this article and I decided that the best I can do for this article to connect with the book would be to simply have some resources here that anyone can follow4:
[ ]
https://attack.mitre.org[ ]
CompTIA certifications ( as listed in tips )[ ]
VulnHub[ ]
https://danielmiessler.com/[ ]
https://jhalon.github.io/becoming-a-pentester[ ]
https://www.mandiant.com/resources/commando-vm-customization-containers-kal[ ]
http://www.porcupine.org/satan/admin-guide-to-cracking.html The first proper whitepaper on ethical hacking[ ]
https://quizlet.com/395420241/ceh-v10-flash-cards/
Note
If you have ever though of yourselves as information hoarders, functioning at the highest level ( without overloading - that took more than just some time for me and is still a work in progress ), I really suggest that you buy this book.
Footnotes:
I will most probably one day devote an article to that. I once read an article that was very beautifully presenting this opinion but I did not have the system I now have in place, so it got lost among other articles.
One could argue that since I left the last chapter out I did not complete it. However, I just was not interested in that chapter, since it is of no value for me right now. That will inevitably change in the future, and when it does, I will make sure to read it.
Obviously, they can not be compared with the book itself, they can be found inside it but are just a tiny part of it.