+ Reply to Thread
Results 1 to 12 of 12
  1. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Posts
    895

    Certifications
    A+, Network+,Security+, EMCISA v2, MCP, MTAx2 , CCENT, CCNA R&S,C|EH,C|HFI,Linux+,LPIC-1,E|CSS,E|CES,GPEN,OSWP,Server+,LPT,GCIH,E|CIH
    #1

    Default Road to becoming a Penetration tester (Red team)

    So almost 3 years have gone by since I graduated from college and boy did I learn a lot about myself and where I want to take my IT career. I first started off wanting to become a network engineer and getting my CCIE. After working, my gears shifted to becoming a penetration tester/Red team. When I first started this journey, I didn't know anything about penetration testing. Heck, it took me 3 hours to learn how to use Metasploit at a basic level with ms08-067 (I know scary stuff). My journey first started with obtaining the CEH certification after paying 2k for a bootcamp. This got me started in learning more about penetration testing. From here, I started practicing with Vulnhub and reading magazines from Hakin9 and signed up for the OSCP back in September 2016. I did fail the OSCP recently. However, I had enough for 50 points out of the necessary 70. During this time since graduating, I spent everyday after work and my weekends studying and challenging myself to get new certifications and gain more knowledge. Since graduating college (coming on 3 years in June) I obtained multiple certifications with some of my prized certifications being GPEN,GCIH and the LPT. My new job has even gotten me to the point where I have compromised systems with shell access. Hard to believe that 3 years ago I didn't know how to use Metasploit or what a reverse/bind shell were and now have 3 well known industry certifications demonstrating my knowledge in this field. Even wrote my own MSF auxiliary module. Since all this studying, I quit my old position in SOC and obtained a new job as a Security Analyst/Specialist with my next goal becoming on the Red team. To anyone who thinks it is impossible to reach your goals/dreams, YOU CAN DO IT!!! I still have a journey ahead of me to get on Red team and obtain the official title of Penetration Tester but all in due time. It has gotten to the point where I am training the others on my team how to do penetration testing. Hard work and dedication will always win and shine! When you take a shortcut, you are only cheating yourself and your potential!! This place has been a great inspiration for me to keep studying and reach my dreams! Live long and prosper!! Enjoy the upcoming holidays and set your goals for next year and finish this year strong. Now back to studying for ECSA before years end!
    2017:E|CSA E|CSP,eLearnSecurity Courses 2018: C|ND,ICND2,CCSK,CISSP,CCNA-Security,CSA+,GWAPT 2019: CWNA 2020: LPIC-2
    Reply With Quote Quote  

  2. SS -->
  3. Senior Member
    Join Date
    Jul 2015
    Location
    Island on the other side of Pacific pond
    Posts
    957

    Certifications
    C****, C***, C**
    #2
    Very inspiring. I am sure you will pass ECSA and nail OSCP the next time round.
    Reply With Quote Quote  

  4. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Posts
    895

    Certifications
    A+, Network+,Security+, EMCISA v2, MCP, MTAx2 , CCENT, CCNA R&S,C|EH,C|HFI,Linux+,LPIC-1,E|CSS,E|CES,GPEN,OSWP,Server+,LPT,GCIH,E|CIH
    #3
    Thanks Mike7 for the kind words! Yeah finished the ECSA practical and started reading for ECSA written. It's crazy how far I have come within 3 years. OSCP I think will be next year or the year after. The only limit is what someone sets for themselves!
    2017:E|CSA E|CSP,eLearnSecurity Courses 2018: C|ND,ICND2,CCSK,CISSP,CCNA-Security,CSA+,GWAPT 2019: CWNA 2020: LPIC-2
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Oct 2010
    Posts
    861

    Certifications
    CISSP, CEH
    #4
    Good post! You will pass the ECSA, it is much easier than the OSCP. It is all about learning and how to use that knowledge and turn it into something practical. I do pen testing at my job and here is my advice; people have to realize it is not only about the theory, tools, and being narrow. It is about being able to think out of the box and putting yourself out there. Granted I started off in a cyber systems engineering role before pen testing but everyone has a different way to coming into this field. Enjoy and have fun!!!
    Last edited by higherho; 11-05-2017 at 04:27 AM.
    Reply With Quote Quote  

  6. Surf Guitar Guy tedjames's Avatar
    Join Date
    Jan 2014
    Location
    Surf City, TX
    Posts
    479

    Certifications
    SSCP, Security+ +4
    #5
    Excellent work! Gives us all hope.
    Reply With Quote Quote  

  7. Senior Member kMastaFlash's Avatar
    Join Date
    Aug 2012
    Posts
    895

    Certifications
    A+, Network+,Security+, EMCISA v2, MCP, MTAx2 , CCENT, CCNA R&S,C|EH,C|HFI,Linux+,LPIC-1,E|CSS,E|CES,GPEN,OSWP,Server+,LPT,GCIH,E|CIH
    #6
    Thanks everyone! Yeah I do pen testing on my job. It's just not the Red team real world threat simulation side where we have actual engagements. But my title technically per HR is security analyst. Some say that Red team and pen testing are 2 different things and some say they are the same. I'm just hoping to get the title of Penetration tester / red team member.
    2017:E|CSA E|CSP,eLearnSecurity Courses 2018: C|ND,ICND2,CCSK,CISSP,CCNA-Security,CSA+,GWAPT 2019: CWNA 2020: LPIC-2
    Reply With Quote Quote  

  8. Member NuclearBeavis's Avatar
    Join Date
    Oct 2017
    Posts
    71
    #7
    What got you interested in the ECSA? You already have LPT, which according to EC Council, is a more advanced cert.
    Reply With Quote Quote  

  9. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    184

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #8
    A Red Team is really a DoD only thing. While many companies have what they call red teams, they are not actually real red teams unless they are certified and accredited by the NSA. As someone who is a former red team member, I give you this advice. STAY FAR AWAY FROM DOD PENTESTING ALTOGETHER. Stick to the private sector and you will be much happier in that job field.
    Reply With Quote Quote  

  10. Junior Member
    Join Date
    Jul 2017
    Posts
    22
    #9
    Yep, same here...I checked the ec council website and the sequence is: ceh->ecsa->lpt
    So, how come you want to do ecsa when you already have lpt?
    Are we missing or misinterpreting your statements?
    Reply With Quote Quote  

  11. Member NuclearBeavis's Avatar
    Join Date
    Oct 2017
    Posts
    71
    #10
    Quote Originally Posted by katawia View Post
    So, how come you want to do ecsa when you already have lpt?
    All I can figure is he wants so many letters after his name that his signature will look like a Cisco license key.
    Reply With Quote Quote  

  12. Senior Member MrAgent's Avatar
    Join Date
    Oct 2010
    Location
    Northern Virginia
    Posts
    1,284

    Certifications
    Sec+, MCP, MCSA 2003, MCTS, MCITP:VA, VCP5, MCSA 2012, MCSE Private Cloud, MCSE Server Infrastructure, C|EHv7, RHCSA, OSCP, GCIH, OSWP
    #11
    As someone who is currently on a DoD red team, I will say that red teaming and penetration testing are definitely not the same thing.
    2016 Goals: GCIH, OSWP - DONE!
    My OSCP review http://www.jasonbernier.com/oscp-review/
    Reply With Quote Quote  

  13. Senior Member McxRisley's Avatar
    Join Date
    May 2016
    Posts
    184

    Certifications
    Bachelors of Science in IT, MTA, SEC+, CSA+, CASP, C|EH, OSCP
    #12
    Quote Originally Posted by MrAgent View Post
    As someone who is currently on a DoD red team, I will say that red teaming and penetration testing are definitely not the same thing.
    A very valid and important point, just realized I referenced it as pentesting because most do but they are definitely different.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks