As I sat behind my desk, preparing for my first penetration test, a wave of sickness and nerves came over me. This was what I had been training for, but the reality of facing a real company's defenses and a vigilant Security Operations Center (SOC) team was daunting. Unlike the controlled environment of Capture the Flag (CTF) competitions, the consequences of one wrong move felt all too real. The possibility of inadvertently triggering a DDoS attack or compromising an asset outside the designated scope of work, weighed heavily on my mind. Taking a moment to collect myself, I took a breath, closed my eyes, and reached for the only remedy I trusted: a cup of Death Wish coffee. Little did I know its potent effects, which promptly sent me sprinting to the bathroom.
After hastily washing my hands and composing myself, I returned to my desk and with trembling fingers, I initiated my very first penetration test. I must confess that when the penetration test was over, it was everything that I hoped it would be and everything I wasn’t prepared for. During the course of being a newbie pen tester, the stress made me lose weight, grind my teeth at night and broke me down mentally. It was something I was not prepared for. The vast amount of knowledge that was necessary, the reports at the end of the pen test..yes you have to write reports about what you accomplished during the pen test. They also have to be a certain format and make sense to C suite executives who only know how to answer emails and are not tech savvy. Don’t get me wrong, I really enjoyed doing the work, but the beginning was difficult. That is why I am writing to you today. To show you what it takes to be a pen tester before you start your journey. So please sit down, relax and grab some coffee..hopefully not Death Wish.
A great journey that started with my wife’s hand me down laptop
For me, the first time I got into pen testing, I needed a laptop to do some assessments on my own to become familiar with the tools of the trade. I didn’t have much money and my wife didn’t want her old laptop. It wasn’t much at all and only had 4Gb’s of RAM. That was ok for me because the first computer I built was from computer parts I found in a dumpster or Goodwill. The first thing I did was reimage the laptop with a Linux OS I had heard of called Kali Linux. Just because you download it…doesn’t make you a hacker or pen tester, that comes later.