The way pentesting meant to be taught...

by Anton Chuvakin

Related link: http://www.immunitysec.com/education-unethicalhacking.shtml



That caught my attention since I suspect lots of people are tired of various hacking classes, teaching you how to use nmap, then go search PacketStorm for an exploit and then "penetrate" (and then pretend they now "think like a blackhat" :-)). But what if no exploit is posted - does that mean the target is secure? Of course not! Here is this course from a bunch of really smart people at Immunity Inc.


It says "We do not teach you how to run Nessus, Nmap, or that you should have a policy against SNMP on your network. We do teach you how to write exploits..." The outline covers exploit writing and the real penetrating methodology of an expert attacker, not that of a "script kiddy"...