numberwhun/Penetration Tester Links

## Penetration Tester Links
http://www.cyberdegrees.org/jobs/penetration-tester/
https://danielmiessler.com/study/vulnerability-assessment-penetration-test/  (good article)
http://security.stackexchange.com/questions/33064/how-would-one-go-about-becoming-a-security-researcher
http://security.stackexchange.com/questions/48139/what-are-good-resources-to-do-hands-on-practice-on-network-penetration-testing?rq=1  (good info and links)
https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
https://www.owasp.org/index.php/Threat_Risk_Modeling
https://danielmiessler.com/podcast/
https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project
http://www.pentesticles.com/2014/05/what-you-need-to-know-to-become.html
http://www.hackarmoury.com/
https://www.phillips321.co.uk/
https://www.cyberis.co.uk/blog.html
http://www.pentesticles.com/
https://www.joesecurity.org/


Terminology to google:
Deep Malware Analysis

------------------------------------------
From:  http://resources.infosecinstitute.com/hacking-lab/

After downloading the virtualization software of your choice, the next thing that you should do is download vulnerable distributions for you to hack and penetrate. Here are some of the vulnerable distributions you can try pawning:

Metasploitable – a vulnerable VMware virtual machine based on Ubuntu that is released by the Metasploit team in order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to penetrate.

Hackxor – a web application hacking game built by albino. Players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14.
BackTrack Linux 5r2-PenTesting Edition Lab – is a customization of BackTrack 5 r2 which has a modified version of NETinVM which has a predefined User-mode Linux (UML) based penetration testing targets. When started, this builds an entire network of machines within the VMware virtual machine. It comes with a pre-configured firewall, Exploit KB / exploit.co.il Vulnerable Web App, DMZ network with two hosts (targets), and an “internal” network with one host (target).

Kioptrix – Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image.

NETinVM – a Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez.

UltimateLAMP – a vulnerable VM image based on Ubuntu that has a LAMP server which focuses on web vulnerabilities. It runs on older and vulnerable versions of Joomla, Bugzilla, Drupal, phpMyadmin, WordPress, Mutillidae, Moodle, and other known content management systems.

LAMPSecurity – a series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities.

----------------------------------
Another Vulnerable Web Application:

http://breakthesecurity.cysecurity.org/2013/12/bts-pentesting-lab-vulnerable-web.html

----------------------------------


Uptake looking for 'Software Engineer - Security" (http://uptake.com/jobs/?gh_jid=231634) with the following requirements.
Interesting to see what people are looking for:


Software Engineer - Security
at Uptake (View all jobs)
600 W Chicago Ave, Chicago, IL 60654

What we do:

Uptake harnesses the power of underutilized data to empower businesses to make informed decisions. We partner with industry leaders to build a predictive analytics software platform that grows smarter in one industry because of what we learn in another. The result is a powerful platform that identifies problems before they happen, ultimately saving money, time and lives.

What you’ll do:

As a Software Engineer on the Security Team, you’ll help build and expand the complex security needs for an ever-evolving platform. You’ll work with cutting-edge technologies in the fields of distributed systems, data ingestion and mapping, and machine learning, among others. Uptake engineers are creative, self-driven and are always looking to innovate and improve, and we are committed to providing them with the necessary resources to take their skills to the next level.

Responsibilities:

As a Software Engineer on the Security team, your responsibilities may include, but are not limited to, the following:

    Build secure-by-design frameworks and middleware libraries to promote reuse of secure code
    Build a highly scalable framework for identity and access management, transforming and enhancing data at web scale
    Work cross-functionally with both the security team and the product team to produce world class secure software
    Develop a web services based platform that can grow with the business
    Create interactive visualization tools and dashboards

Qualifications:

    Bachelor's degree in computer science or related field
    1 to 6 years of experience programming in a modern object oriented programming language
    Solid object-oriented programming and design skills
    Outstanding programming and problem-solving skills
    Strong passion for technology and building great systems
    Excellent communication skills and ability to work using Agile methodologies
    Ability to work quickly and collaboratively in a fast-paced, entrepreneurial environment
    Understanding of SQL and noSQL database technologies
    Understanding of structure and usage of RESTful web services
    Experience using Spring’s open source tools

Preferred skills:

These are skills that we value but are not required for this role:

    Master’s degree or Ph.D. in related field
    Experience with the OWASP framework
    Experience with Java
    Knowledge of how to implement security controls in the development process
    Experience as an open source contributor
    Experience with Akka, stream processing technologies and concurrency frameworks
    Experience with noSQL solutions, including Cassandra, HDFS and/or Elasticsearch
    Experience with data modeling
    Experience with Chef, Puppet, Ansible, Salt or equivalent
    Experience with Docker, Mesos and Marathon
    Experience with distributed messaging services, preferably Kafka
    Experience with distributed data processors, preferably Spark
    Experience with Angular, React, Redux, Immutable.js, Rx.js, Node.js or equivalent
    Experience with Reactive and/or Functional programming
    Knowledge of Thrift, Avro or protocol buffers
	http://www.cyberdegrees.org/jobs/penetration-tester/
	https://danielmiessler.com/study/vulnerability-assessment-penetration-test/ (good article)
	http://security.stackexchange.com/questions/33064/how-would-one-go-about-becoming-a-security-researcher
	http://security.stackexchange.com/questions/48139/what-are-good-resources-to-do-hands-on-practice-on-network-penetration-testing?rq=1 (good info and links)
	https://www.owasp.org/index.php/Category:OWASP_Application_Security_Verification_Standard_Project
	https://www.owasp.org/index.php/Threat_Risk_Modeling
	https://danielmiessler.com/podcast/
	https://www.owasp.org/index.php/OWASP_Mutillidae_2_Project
	http://www.pentesticles.com/2014/05/what-you-need-to-know-to-become.html
	http://www.hackarmoury.com/
	https://www.phillips321.co.uk/
	https://www.cyberis.co.uk/blog.html
	http://www.pentesticles.com/
	https://www.joesecurity.org/



	Terminology to google:
	Deep Malware Analysis

	------------------------------------------
	From: http://resources.infosecinstitute.com/hacking-lab/

	After downloading the virtualization software of your choice, the next thing that you should do is download vulnerable distributions for you to hack and penetrate. Here are some of the vulnerable distributions you can try pawning:

	Metasploitable – a vulnerable VMware virtual machine based on Ubuntu that is released by the Metasploit team in order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to penetrate.

	Hackxor – a web application hacking game built by albino. Players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14.
	BackTrack Linux 5r2-PenTesting Edition Lab – is a customization of BackTrack 5 r2 which has a modified version of NETinVM which has a predefined User-mode Linux (UML) based penetration testing targets. When started, this builds an entire network of machines within the VMware virtual machine. It comes with a pre-configured firewall, Exploit KB / exploit.co.il Vulnerable Web App, DMZ network with two hosts (targets), and an “internal” network with one host (target).

	Kioptrix – Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image.

	NETinVM – a Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez.

	UltimateLAMP – a vulnerable VM image based on Ubuntu that has a LAMP server which focuses on web vulnerabilities. It runs on older and vulnerable versions of Joomla, Bugzilla, Drupal, phpMyadmin, WordPress, Mutillidae, Moodle, and other known content management systems.

	LAMPSecurity – a series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities.

	----------------------------------
	Another Vulnerable Web Application:

	http://breakthesecurity.cysecurity.org/2013/12/bts-pentesting-lab-vulnerable-web.html

	----------------------------------


	Uptake looking for 'Software Engineer - Security" (http://uptake.com/jobs/?gh_jid=231634) with the following requirements.
	Interesting to see what people are looking for:


	Software Engineer - Security
	at Uptake (View all jobs)
	600 W Chicago Ave, Chicago, IL 60654

	What we do:

	Uptake harnesses the power of underutilized data to empower businesses to make informed decisions. We partner with industry leaders to build a predictive analytics software platform that grows smarter in one industry because of what we learn in another. The result is a powerful platform that identifies problems before they happen, ultimately saving money, time and lives.

	What you’ll do:

	As a Software Engineer on the Security Team, you’ll help build and expand the complex security needs for an ever-evolving platform. You’ll work with cutting-edge technologies in the fields of distributed systems, data ingestion and mapping, and machine learning, among others. Uptake engineers are creative, self-driven and are always looking to innovate and improve, and we are committed to providing them with the necessary resources to take their skills to the next level.

	Responsibilities:

	As a Software Engineer on the Security team, your responsibilities may include, but are not limited to, the following:

	Build secure-by-design frameworks and middleware libraries to promote reuse of secure code
	Build a highly scalable framework for identity and access management, transforming and enhancing data at web scale
	Work cross-functionally with both the security team and the product team to produce world class secure software
	Develop a web services based platform that can grow with the business
	Create interactive visualization tools and dashboards

	Qualifications:

	Bachelor's degree in computer science or related field
	1 to 6 years of experience programming in a modern object oriented programming language
	Solid object-oriented programming and design skills
	Outstanding programming and problem-solving skills
	Strong passion for technology and building great systems
	Excellent communication skills and ability to work using Agile methodologies
	Ability to work quickly and collaboratively in a fast-paced, entrepreneurial environment
	Understanding of SQL and noSQL database technologies
	Understanding of structure and usage of RESTful web services
	Experience using Spring’s open source tools

	Preferred skills:

	These are skills that we value but are not required for this role:

	Master’s degree or Ph.D. in related field
	Experience with the OWASP framework
	Experience with Java
	Knowledge of how to implement security controls in the development process
	Experience as an open source contributor
	Experience with Akka, stream processing technologies and concurrency frameworks
	Experience with noSQL solutions, including Cassandra, HDFS and/or Elasticsearch
	Experience with data modeling
	Experience with Chef, Puppet, Ansible, Salt or equivalent
	Experience with Docker, Mesos and Marathon
	Experience with distributed messaging services, preferably Kafka
	Experience with distributed data processors, preferably Spark
	Experience with Angular, React, Redux, Immutable.js, Rx.js, Node.js or equivalent
	Experience with Reactive and/or Functional programming
	Knowledge of Thrift, Avro or protocol buffers