What makes a penetration tester highly successful? Most obviously, the technical skills to hack into a network, application, or location comes to mind first, and without those capabilities and the ability to continuously learn, an aspiring pen tester has a tough road ahead of them.
Yet, to maximize their career success, penetration testers have other requirements that are not as focused on the technical perspective. They must not only continually evolve their technical talent, but also master the end-to-end process of managing a customer engagement. Someone can be the best hacker out there—but if they can’t explain their findings to the client, teach them how to remediate their vulnerabilities, and competently manage the process from end-to-end, they may be capping their potential as a professional penetration tester.
At Black Hat 2017, Coalfire was pleased to train two diverse groups of info-sec professionals, from first timers to blue team members to recently assigned pen testers on the current skills and tools of penetration testing, as well as on the assessment management process. We taught 44 students across four days of training in highly interactive, team-oriented sessions, providing student teams with hands-on lab environments to learn new skills. This year, Coalfire’s training had an enhanced focus on the Windows Enterprise platform and social engineering techniques along with the traditional emphasis on Linux. Below is a recap of what we covered during the training; check back here in the coming weeks for a series of blogs that will dive deeper into the skills learned during the sessions.
Introduction to penetration testing focused technologies
Coalfire senior consultants Marcello Salvati, Michael Allen, Dan McInerney and I began the training with the fundamentals: an in-depth review of the commonly encountered operating systems in the enterprise environment. We led the students through security features in each of these operating systems, and provided and introductory-level review of exploit and post-exploit frameworks.
Introduction to assessment management
Getting down to the business side of things, I instructed participants on the process of managing an engagement from end-to-end, including the potential concerns to consider prior to starting an engagement, priority focuses during the engagement, methods for efficiently pulling all the data together and producing a final report, as well as the proper handling of client data. Students told us that they appreciated learning how to better manage the process itself in addition to the technical aspects of the training we provided.
Descriptions of the pen test methodology
Marcello, Dan and Michael led teams through a hands-on pen test methodology training, where students learned discovery-to-exploitation to post-exploitation, tips and techniques for proper discovery, descriptions and hands-on application of exploit frameworks, as well as descriptions and hands-on application of post-exploit frameworks.
This year’s training featured an enhanced focus on social engineering techniques. I provided students with an introduction to the types of engagements performed for Coalfire clients and Open Source Intelligence gathering (OSINT), including novel techniques to profile targets, as well as definition and examples of impersonation attacks, vishing and phishing attacks. I also covered methods to build rapport quickly and focused on effective phishing program management. Teams engaged in a hands-on lab for practicing various phishing attacks.
Numerous lab exercises to experiment with learned techniques
Possibly most appreciated of all were the lab environments—Coalfire provided diverse, dedicated lab environments for teams of students to test out newly acquired skills. We broke students into four-person teams and provided isolated environments for each team, which included vulnerable hosts for each technique being taught, allowing them to progress at their own rate, culminating in a ‘capture the flag’ event to compete, display their skills, and win prizes.
Training: An important part of continuous learning
As any security professional knows, you never stop learning, and everyone has their own unique ways of learning that work best for them. You will always learn on the job, on your own, and from your peers (as well as adversaries). Formalized training plays an important role, providing some of the structure, detail, and process elements you may miss elsewhere. At Coalfire, we worked to create a training that would offer a complete curriculum to offer value to the entry-level infosec professional (with some required system experience)—spanning technical skills, labs, pen testing process management, report writing—the entire value chain of what we do and deliver to customers. The feedback has been very positive. If you weren’t able to attend the training, we hope to see you at Black Hat 2018!