New Pentester

I got a job as a penetration tester, which I think is really exciting. It is a job that I get excited about. One that causes frustration and a feeling of accomplishment. I’ll officially start on April 11th. My plan is to track my progress here, and document things that I learn, in general.

I contacted some other friends who are pentesters and asked for their advice, ideas on things they wish they knew when they got started. I was given two great pieces of advice on things to read or study up on. One was to read the publications on GitHub from Cure53. Today I read their whitepaper on X-Frame-Options and various ways to still bypass the clickjacking protection it provides. I’m looking forward to reading the others, once I finish the other recommendation…The Tangled Web!

It’s a great book that I bought when it was new but embarrassingly, didn’t read it. Now that it was recommended and I looked back at it again, I’m tearing through it. Great stuff.

Other things that I’ve also been reading is Penetration Testing by Georgia Weidman. And of course Web Application Hacker’s Handbook, aka the web app sec bible.

I also recently learned better how to set up virtual machines and install both an .iso and .vmwarevm image into them. And of course reading the Penetration Testing Execution Standard.

Just as when I started my last job a few years ago, it was certainly scary to get started and jump into something new, but it’ll be exciting too. Let’s do this.