Last active
June 24, 2021 19:35
-
-
Save numberwhun/cd8dfb524bcf920ff478d094f20ee8ea to your computer and use it in GitHub Desktop.
Penetration Tester Links
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
http://www.cyberdegrees.org/jobs/penetration-tester/ | |
https://danielmiessler.com/study/vulnerability-assessment-penetration-test/ (good article) | |
http://security.stackexchange.com/questions/33064/how-would-one-go-about-becoming-a-security-researcher | |
http://security.stackexchange.com/questions/48139/what-are-good-resources-to-do-hands-on-practice-on-network-penetration-testing?rq=1 (good info and links) | |
https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project | |
https://www.owasp.org/index.php/Threat_Risk_Modeling | |
https://danielmiessler.com/podcast/ | |
https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project | |
http://www.pentesticles.com/2014/05/what-you-need-to-know-to-become.html | |
http://www.hackarmoury.com/ | |
https://www.phillips321.co.uk/ | |
https://www.cyberis.co.uk/blog.html | |
http://www.pentesticles.com/ | |
https://www.joesecurity.org/ | |
Terminology to google: | |
Deep Malware Analysis | |
------------------------------------------ | |
From: http://resources.infosecinstitute.com/hacking-lab/ | |
After downloading the virtualization software of your choice, the next thing that you should do is download vulnerable distributions for you to hack and penetrate. Here are some of the vulnerable distributions you can try pawning: | |
Metasploitable – a vulnerable VMware virtual machine based on Ubuntu that is released by the Metasploit team in order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to penetrate. | |
Hackxor – a web application hacking game built by albino. Players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14. | |
BackTrack Linux 5r2-PenTesting Edition Lab – is a customization of BackTrack 5 r2 which has a modified version of NETinVM which has a predefined User-mode Linux (UML) based penetration testing targets. When started, this builds an entire network of machines within the VMware virtual machine. It comes with a pre-configured firewall, Exploit KB / exploit.co.il Vulnerable Web App, DMZ network with two hosts (targets), and an “internal” network with one host (target). | |
Kioptrix – Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image. | |
NETinVM – a Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez. | |
UltimateLAMP – a vulnerable VM image based on Ubuntu that has a LAMP server which focuses on web vulnerabilities. It runs on older and vulnerable versions of Joomla, Bugzilla, Drupal, phpMyadmin, WordPress, Mutillidae, Moodle, and other known content management systems. | |
LAMPSecurity – a series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities. | |
---------------------------------- | |
Another Vulnerable Web Application: | |
http://breakthesecurity.cysecurity.org/2013/12/bts-pentesting-lab-vulnerable-web.html | |
---------------------------------- | |
Uptake looking for 'Software Engineer - Security" (http://uptake.com/jobs/?gh_jid=231634) with the following requirements. | |
Interesting to see what people are looking for: | |
Software Engineer - Security | |
at Uptake (View all jobs) | |
600 W Chicago Ave, Chicago, IL 60654 | |
What we do: | |
Uptake harnesses the power of underutilized data to empower businesses to make informed decisions. We partner with industry leaders to build a predictive analytics software platform that grows smarter in one industry because of what we learn in another. The result is a powerful platform that identifies problems before they happen, ultimately saving money, time and lives. | |
What you’ll do: | |
As a Software Engineer on the Security Team, you’ll help build and expand the complex security needs for an ever-evolving platform. You’ll work with cutting-edge technologies in the fields of distributed systems, data ingestion and mapping, and machine learning, among others. Uptake engineers are creative, self-driven and are always looking to innovate and improve, and we are committed to providing them with the necessary resources to take their skills to the next level. | |
Responsibilities: | |
As a Software Engineer on the Security team, your responsibilities may include, but are not limited to, the following: | |
Build secure-by-design frameworks and middleware libraries to promote reuse of secure code | |
Build a highly scalable framework for identity and access management, transforming and enhancing data at web scale | |
Work cross-functionally with both the security team and the product team to produce world class secure software | |
Develop a web services based platform that can grow with the business | |
Create interactive visualization tools and dashboards | |
Qualifications: | |
Bachelor's degree in computer science or related field | |
1 to 6 years of experience programming in a modern object oriented programming language | |
Solid object-oriented programming and design skills | |
Outstanding programming and problem-solving skills | |
Strong passion for technology and building great systems | |
Excellent communication skills and ability to work using Agile methodologies | |
Ability to work quickly and collaboratively in a fast-paced, entrepreneurial environment | |
Understanding of SQL and noSQL database technologies | |
Understanding of structure and usage of RESTful web services | |
Experience using Spring’s open source tools | |
Preferred skills: | |
These are skills that we value but are not required for this role: | |
Master’s degree or Ph.D. in related field | |
Experience with the OWASP framework | |
Experience with Java | |
Knowledge of how to implement security controls in the development process | |
Experience as an open source contributor | |
Experience with Akka, stream processing technologies and concurrency frameworks | |
Experience with noSQL solutions, including Cassandra, HDFS and/or Elasticsearch | |
Experience with data modeling | |
Experience with Chef, Puppet, Ansible, Salt or equivalent | |
Experience with Docker, Mesos and Marathon | |
Experience with distributed messaging services, preferably Kafka | |
Experience with distributed data processors, preferably Spark | |
Experience with Angular, React, Redux, Immutable.js, Rx.js, Node.js or equivalent | |
Experience with Reactive and/or Functional programming | |
Knowledge of Thrift, Avro or protocol buffers |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment