Monday, 6 June 2016

Penetration Testing with Kali - Lab review

About the course Penetration Testing with Kali. This environment was, to me, during the 90 day training period as a puzzle more or less, you get to learn a lot of new tools, techniques and tricks. If you think you know a lot about a target you will be usually wrong - it takes a lot of time and dedication to learn all weak spots. 

The Forum:
The forum is a good place to exchange experience, but don't expect much help or as whole solution to your problems  - they will be censored as spoilers, which I actually understand - however it is a good place to exchange techniques. Also this will be the place to learn about some "mythic" targets - however this does not mean that if you own them you will be the master of the whole lab, but it will bring personal satisfaction.

The Support:
Usually you will get some hint if you are stuck, but don't expect much. It is a struggle to push yourself to the limits and also get the results in time. The support usually just tells you if you are on the right track. Think how much time you have, if no results - change the target or vulnerability - at least this was my way of work, a bit chaotic. What you will get sometimes will be "Try harder" or in my case that clues are not given, but earned. 

The Lab:
The lab in fact after seeing so many examples of vulnerable machines and also services (other labs) is more than great. This is maybe the best reason to prefer this course, all machines are carefully configured with a unique set of vulnerabilities. What if I am stuck? Well think out of the box, you are not limited in the lab to use Nessus or Metasploit Community, maybe this will give you the BIG hint you were waiting for - however don't use them on the exam, read the rules.

The Tools:
Also a very valuable skill you will develop during this course is to develop your own tools for penetration testing, metasploit resource scripts to automate the process and even if you are skillful enough to make your own exploits. 

Here also some of my own tools: https://github.com/iuristanchev/pentesting_tools/

What to Regret:
Things you never tried on the lab. Think of the lab and the targets inside of it as a environment to test your skills, tools and your limits.

Conclusion:
As a whole I think this course gets you to try to develop your skills and strengths on your own, you will have to push yourself further than you think. Frustration in some cases is inevitable, but realizing how far you got and sometimes realizing that even vulnerability scanners can't get as far as you did will push you to evolve. Also very important thing to do is read and realize how much time would you waste if you have read everything you had on a target? I bet it is less.