1
00:00:00,090 --> 00:00:01,350
All right, so welcome back, everyone.

2
00:00:01,390 --> 00:00:06,270
This address and of course, we have discuss about both the career options.

3
00:00:06,640 --> 00:00:11,250
Well, I will start focusing on how the penetration tester really looks like.

4
00:00:11,250 --> 00:00:15,080
And, you know, how how what are the skills required?

5
00:00:15,420 --> 00:00:18,210
What is most what is plus and all the stuff.

6
00:00:19,110 --> 00:00:19,980
Let's get started.

7
00:00:20,460 --> 00:00:26,880
As I told you already, Penetration Tester is the guy who works in the organization for sure.

8
00:00:26,880 --> 00:00:32,670
You can be you can't get the job directly for sure just by going through the schools.

9
00:00:33,090 --> 00:00:42,330
But you might be able to show your your you know, your vote that you have learned and can opt for junior

10
00:00:42,330 --> 00:00:43,560
penetration testers.

11
00:00:43,570 --> 00:00:47,240
But yes, there is a junior penetration tester job profile as well.

12
00:00:47,940 --> 00:00:55,250
And of course, having some experience as an I.T. or developer, really.

13
00:00:56,100 --> 00:00:59,510
But I'll tell you how exactly what skills are really required.

14
00:00:59,520 --> 00:01:03,240
And as of now, have we completed most of them online?

15
00:01:04,590 --> 00:01:07,500
So you start as a junior penetration tester.

16
00:01:07,500 --> 00:01:09,240
That's what we have discussed as well.

17
00:01:09,480 --> 00:01:12,600
Let's understand how exactly the work life really looks like.

18
00:01:13,380 --> 00:01:19,590
So the work is pretty straightforward in this that you would need to work as a network testing.

19
00:01:20,160 --> 00:01:22,840
You might have to network testing and map.

20
00:01:23,070 --> 00:01:25,320
We have covered my test flight program.

21
00:01:25,400 --> 00:01:27,390
We have covered it and cobalt.

22
00:01:27,390 --> 00:01:27,600
Right.

23
00:01:27,690 --> 00:01:34,530
I mean, this is something which is a pretty specific tools we can possibly cover in any specific course,

24
00:01:34,530 --> 00:01:37,530
which is pretty vast, open, vast.

25
00:01:37,560 --> 00:01:38,970
We have covered that already.

26
00:01:39,270 --> 00:01:41,600
So you might have got the idea right.

27
00:01:41,610 --> 00:01:46,140
This is the way the real world profile would really looks like.

28
00:01:46,740 --> 00:01:55,650
Then we have Manuell Web application testing using Bob Bubp Suite and zap that proxy's.

29
00:01:55,670 --> 00:02:02,580
But remember those we have you have already learned about Bob so Bob Sweet, but being a pen person

30
00:02:02,580 --> 00:02:08,040
does this is this is the cool thing to have.

31
00:02:08,490 --> 00:02:13,470
Either you shouldn't Master Bob suit or zap proxy reverb above.

32
00:02:13,470 --> 00:02:15,030
So it is pretty widely adopted.

33
00:02:15,030 --> 00:02:21,600
So if you even be master of the above suit, you at least know how this entire web application works.

34
00:02:22,020 --> 00:02:28,950
And having Musavian on the for about application, you can you can perform any sort of security testing

35
00:02:28,950 --> 00:02:35,090
including, Oh, Compton and many other unknown and API security testing as well, an audit data.

36
00:02:35,400 --> 00:02:41,340
And then we have the application scanning, scanning using the Nessus, which we have discussed.

37
00:02:41,910 --> 00:02:42,660
I remember.

38
00:02:42,960 --> 00:02:49,040
What is the difference between, you know, the upside and the the Web application scanning LOPSA?

39
00:02:49,080 --> 00:02:52,680
It is considered to be more into manually testing.

40
00:02:52,770 --> 00:02:56,040
OK, I'm with Bob, so you need a lot of attention.

41
00:02:56,160 --> 00:03:02,850
There's a lot of human intuition required where you have to spend a lot of time in identifying the vulnerability.

42
00:03:02,880 --> 00:03:05,460
That's what the job of Benediktsson Tester is all about.

43
00:03:05,460 --> 00:03:05,670
Right.

44
00:03:06,150 --> 00:03:12,020
But replication, scanning, that's where, you know, skills of penetration tests are not really much

45
00:03:12,060 --> 00:03:12,480
needed.

46
00:03:12,870 --> 00:03:16,910
This could even be done by any you know, it can even be automated.

47
00:03:16,980 --> 00:03:20,400
It can be even beaten by any IP person as well.

48
00:03:20,700 --> 00:03:26,580
It's just that you have just click users to select the IP assets, IP addresses, domain name or host

49
00:03:26,580 --> 00:03:27,000
as well.

50
00:03:27,330 --> 00:03:30,030
Yeah, you're going to scan the indictment.

51
00:03:30,300 --> 00:03:35,160
You might have seen the why were you scanning the necessary scanning with the Nexus two?

52
00:03:35,820 --> 00:03:42,120
So Nessus is the one tool IBM app scan is the one Atlantics, HP, Ravensbrück.

53
00:03:42,150 --> 00:03:46,800
This is something which has been used in the industry, so you should be available to students.

54
00:03:47,160 --> 00:03:53,550
I'll be covering those tools in a specific course as well, which you will learn about those two especially.

55
00:03:54,330 --> 00:04:02,070
And then a report on security vulnerabilities will once you get the get all those you're testing and

56
00:04:02,070 --> 00:04:08,220
penetration testing is done, you can then prepare to board and share with all the stakeholders and

57
00:04:08,220 --> 00:04:11,460
tell them, OK, these are the application which are vulnerable.

58
00:04:11,460 --> 00:04:12,920
These are the priority.

59
00:04:12,930 --> 00:04:14,010
These are the priority.

60
00:04:14,010 --> 00:04:16,440
One of these these are just security.

61
00:04:16,600 --> 00:04:19,230
One vulnerability things are seventy two on abilities.

62
00:04:19,230 --> 00:04:24,600
And then accordingly, the console team start fixing up this one in the next.

63
00:04:24,780 --> 00:04:26,270
What are the skills required.

64
00:04:27,030 --> 00:04:29,790
You must have experience on Linux.

65
00:04:29,790 --> 00:04:31,410
We have learned about it for sure.

66
00:04:31,530 --> 00:04:35,310
If you remember in the beginning itself, we learn about the Linux pretty well.

67
00:04:35,310 --> 00:04:40,140
But of course in order to get the job, you have to allow yourself even further.

68
00:04:40,530 --> 00:04:44,250
So you should know much more about Linux commands subscript.

69
00:04:44,430 --> 00:04:51,930
What happen if the script feels you have to really work on, you know, different modules with Linux

70
00:04:51,930 --> 00:04:52,410
as well?

71
00:04:52,420 --> 00:04:55,950
Network modules, filesystem, many, many stuff.

72
00:04:55,950 --> 00:04:56,210
Right.

73
00:04:56,700 --> 00:04:59,310
And there are different.

74
00:05:00,650 --> 00:05:07,220
There are different packages as well, which is really much too much to remember as well, and then

75
00:05:07,220 --> 00:05:12,810
experience with tools like my display program and Map and Bob, it is also very, very important.

76
00:05:13,310 --> 00:05:19,610
And one thing which is very, very important to have is the experience on tools which interpretive tool,

77
00:05:19,610 --> 00:05:21,490
which could be Python or Ruby entries.

78
00:05:22,020 --> 00:05:28,070
That's why I was saying if you have any earlier experience with programming, it's going to be a plus

79
00:05:28,070 --> 00:05:28,460
for you.

80
00:05:28,460 --> 00:05:35,120
If you have logged on any scripting language like programming, integrated programming, language like

81
00:05:35,120 --> 00:05:38,240
Python or Ruby and Rails is going to really help you.

82
00:05:38,660 --> 00:05:45,620
Why that so is because some time by making use of Python script, you can automate a lot of tasks and

83
00:05:45,620 --> 00:05:47,540
the save save time at the same time.

84
00:05:47,540 --> 00:05:55,130
You can you know, you can you can perform activities which are pretty much manual and you can save

85
00:05:55,130 --> 00:06:01,250
a lot of time in some cases that also help you to understand some goals which, you know, in order

86
00:06:01,250 --> 00:06:03,980
to ordered some security, some some courses.

87
00:06:04,160 --> 00:06:04,490
And right.

88
00:06:04,970 --> 00:06:12,650
Then your active participation on CDV challenges is also very important challenges.

89
00:06:12,800 --> 00:06:21,650
CDV is cost of challenges which happen to have, you know, the box or, you know, I can even try Hackney

90
00:06:21,650 --> 00:06:22,090
as well.

91
00:06:22,430 --> 00:06:30,590
So these are the platform where you can you can crawl and fry hacking or try exploiting all the machines

92
00:06:30,590 --> 00:06:31,610
which are available.

93
00:06:31,700 --> 00:06:32,870
These are all virtual machine.

94
00:06:32,870 --> 00:06:38,090
You can start exploiting them similar to what you have doing in the lab.

95
00:06:38,090 --> 00:06:41,210
You can just do it in the cloud and you don't have to manage everything.

96
00:06:41,510 --> 00:06:44,270
And the best part is it's it's you.

97
00:06:44,420 --> 00:06:50,660
It's all done in the browser so you can do all the activity yourself and it's a even better way to learn

98
00:06:50,660 --> 00:06:51,050
faster.

99
00:06:51,050 --> 00:06:55,070
And it's that shows that to the interviewer.

100
00:06:55,070 --> 00:06:59,060
It shows that you are really enthusiastic about hacking machines.

101
00:06:59,390 --> 00:07:00,920
And this gives you a plus.

102
00:07:01,190 --> 00:07:04,400
This gives you a huge plus for your career as well.

103
00:07:05,660 --> 00:07:07,550
Active blog is really important.

104
00:07:07,550 --> 00:07:16,310
And that's something which which is which is if you have some active blog you keep on writing that is

105
00:07:16,310 --> 00:07:18,530
going, this is going to be a plus for you.

106
00:07:18,680 --> 00:07:21,020
I talked about having medium account.

107
00:07:21,020 --> 00:07:24,200
You know, you you must write on the LinkedIn as well.

108
00:07:24,200 --> 00:07:29,870
You might you it's better if you have your own blog site on the WordPress and, you know, sort of you

109
00:07:29,870 --> 00:07:34,450
don't know me and that's going to be really good and that's what it is.

110
00:07:34,460 --> 00:07:40,700
So this is all the three points experience on Python and your active participation on CDV challenges

111
00:07:40,700 --> 00:07:42,160
and your blog as well.

112
00:07:42,530 --> 00:07:46,550
It is considered to be plus OK, it is considered to be plus.

113
00:07:46,550 --> 00:07:55,400
But remember this, if you have the skills from the beginning itself, it is definitely be taking you

114
00:07:55,430 --> 00:07:56,290
out of the crowd.

115
00:07:56,300 --> 00:07:58,800
So definitely give you a whole lot of fun.

116
00:07:59,150 --> 00:08:07,070
There are still some points which is, you know, still have I mean, it's not really much, but it

117
00:08:07,090 --> 00:08:12,860
is good that if you have it, I personally recommend if you have a good repository, this is where if

118
00:08:12,860 --> 00:08:19,070
you if you are into programming, if you are going to bite on scripting, if you have learned python

119
00:08:19,070 --> 00:08:24,710
scripting somewhere and you know, you have made a couple of scripts, Python script and just make sure

120
00:08:24,710 --> 00:08:28,040
you upload those codes on GitHub dotcom.

121
00:08:28,050 --> 00:08:28,420
Right.

122
00:08:28,610 --> 00:08:33,230
So you make your account on GitHub, upload those source code over there.

123
00:08:33,530 --> 00:08:39,500
So and share with keep it public so that whenever somebody asks you, in spite of sharing, you know,

124
00:08:39,500 --> 00:08:44,450
in spite of writing everything on your resume and just share the link of your GitHub account so that

125
00:08:44,450 --> 00:08:45,500
it gives them an idea.

126
00:08:45,500 --> 00:08:51,620
OK, yeah, of course you have to get to you do write something on Python interpreter giving them an

127
00:08:51,620 --> 00:08:51,860
idea.

128
00:08:51,860 --> 00:08:55,790
OK, I know Python, I know Ruby on rails and all this stuff.

129
00:08:55,790 --> 00:08:57,140
I know the scripting language.

130
00:08:57,500 --> 00:09:01,580
Just write the coding coding stuff and write some codes.

131
00:09:01,910 --> 00:09:08,000
Just just make those repository on the get him back on the repository and nothing but the source code

132
00:09:08,000 --> 00:09:10,550
packages Sapelo that make it public.

133
00:09:10,550 --> 00:09:17,150
Whenever you share with anybody you know, share your rewards, they sort of get the idea what exactly

134
00:09:17,150 --> 00:09:18,290
you have done so far.

135
00:09:19,070 --> 00:09:23,120
That's the best way to present your skills.

136
00:09:23,150 --> 00:09:28,670
OK, so what exactly about bing, bing, bing, bing, bing, bing, principled conservative?

137
00:09:28,670 --> 00:09:29,990
And I hire many of them.

138
00:09:30,320 --> 00:09:33,300
I mostly look at it whenever I hire anybody.

139
00:09:33,300 --> 00:09:36,650
Interpenetration, Testor, Benediktsson, Distin profile.

140
00:09:36,650 --> 00:09:45,410
I see if the guy is enthusiastic enough about the hacking or not, if he's hacking every day, if his

141
00:09:45,410 --> 00:09:48,410
hacking occasionally, how do I get to know about it.

142
00:09:48,710 --> 00:09:50,930
I get to know about it based on this.

143
00:09:50,930 --> 00:09:59,390
If he's active on CD of challenges, if he is, you know, if he's the he has any GitHub account and

144
00:09:59,390 --> 00:09:59,870
all those type.

145
00:09:59,970 --> 00:10:05,400
For this, this gives me an idea at the same time, if I see if it's right on the medium as well, the

146
00:10:05,400 --> 00:10:12,300
same thing for me, I remember people ask me, OK, why would you ask for any certification and all

147
00:10:12,300 --> 00:10:12,780
that stuff?

148
00:10:13,320 --> 00:10:18,200
But I personally feel there are certifications are sometimes expensive.

149
00:10:18,210 --> 00:10:22,950
Sometimes people don't really you know, people hesitate to afford that.

150
00:10:22,950 --> 00:10:28,290
But I personally love to see if somebody have done always a CPA certification.

151
00:10:28,290 --> 00:10:30,920
That's something which is I personally love that.

152
00:10:31,320 --> 00:10:36,660
And if you if somebody have done a recipe, that would be relevant as well, it's not really always

153
00:10:36,660 --> 00:10:37,200
a debate.

154
00:10:37,380 --> 00:10:45,510
But if you're going for the senior penetration industry, you must to have you must have the OCP certification

155
00:10:45,510 --> 00:10:49,860
auricular maybe from, you know, jacket or any other Azrael.

156
00:10:50,730 --> 00:10:53,180
Elon's security is to providing the same.

157
00:10:53,190 --> 00:10:57,420
And accordingly, we get the idea, OK, where exactly you stand.

158
00:10:57,420 --> 00:11:02,300
So for senior bent on destroying, you must have for junior penetration tester.

159
00:11:02,330 --> 00:11:05,910
It's it's good race really plans that you have certification.

160
00:11:06,360 --> 00:11:10,560
But if you're not, then you should have this on your own.

161
00:11:10,810 --> 00:11:14,010
But you, you should have good haberkorn with some python scrub.

162
00:11:14,010 --> 00:11:16,920
You should have, you should be active and you give challenges.

163
00:11:17,670 --> 00:11:18,810
I hope you got the idea.

164
00:11:18,810 --> 00:11:20,020
We'll get you in the next session.

165
00:11:20,040 --> 00:11:20,540
Thank you.