So you have a desire to be a Pentester? I have had the good fortune to interview and train many junior people in my entire career. I watched them surpass anything I could ever have achieved. Whilst it has been fulfilling I would like to say I have developed a pretty good opinion of the interviewees. All likely to make the grade and take pentesting to another level.
To my mind it’s all about attitude. If you have it then you will take to pentesting like a duck to water. The attitude I am talking about is made up of many components. IMO most of these attitudes cannot be learnt. If you have them, I suspect you will make a fine pentester.
Never giving up / having tenacity is a important attitude in pentesting. So there you are, you have checked the application and can find no injection points. Those that easily give up, rely on the Burp/Nessus/what have you scanner are only there for the pay check. I always look for those who will take the problem home, recreate it in a similar environment. They study it, download a copy of the code and spend time delving until they find the issue worth reporting on.
In 2003 Microsoft said that users who could install a printer driver in Windows could easily gain access to system privileges if they installed a malicious printer driver.
Back then I regularly found corporate laptops whose users were restricted to minimal privileges. But they could install a printer so that they could use their home printers. Just to say thankfully no one had released a malicious printer driver. So no demonstration of the exploit was possible.
Several years later, I finally got around and created the printer driver that would allow privilege escalation. Microsoft had just released 64 bit Windows which allowed only signed printer drivers. This also make my attack void. Ho hum. So, now I am working on how to bypass driver signing. Don’t hold your breath. Keep reading our posts, as I hope to release a proof of concept 64 bit printer driver that users can install without administrator intervention.
A small part of tenacity attitude is also being meticulous, leaving no stone un-turned. It only takes just one weakness for a hacker to break in. But, a pentester needs to review every part of an application or device. If anything is missed, there may be a gaping breach there for the taking.
I know a pentest company in the US that only uses autistic people as they know they’re highly meticulous.
Being imaginative. Using what you know in unexpected ways. This is more useful in scenario/red team/ CBEST (more on that later) testing rather than a review of all a system’s possible issues. Someone once called this weaponising your mind. I found that description apt especially when faced with something novel.
You really need to be resourceful to show a customer how you exploited their most secure system.
“I know you have hardened up your eyeballs and patched like there was no tomorrow, but actually you do still have a problem, because an attacker could…”All the hard work is so worth it just for that ‘jaw drop moment’.
Desire to know how things work
A tendency to take things apart to see how they work is definitely worth having. If I ever came across a novel mechanical cam driven tool, or see something weird, I am curious to say the least. I want to understand how it achieves its goal and would even try to imagine how the designer created it.
This desire to understand by reversing/hacking is not something you can teach in my humble opinion. I may be wrong, but to my mind people may attempt to reverse something following a Youtube instruction.
But I seriously doubt they would be motivated to do it as a profession day in and day out. People tend to divide into two camps – those that explore and those that build. Pentesting requires you to gain expertise in the systems you test. As you have little control over what you may be asked to test (assuming you work as an ethical hacker).
To sum up, you never really stop learning new technologies and ways to undermine those technologies. When learning gets too much – it is time to find something else to do.