Reviewing the Practical Network Penetration Tester (PNPT) Course Pt. 2
Last week I covered the initial sections of the Practical Ethical Hacking — The Complete Course: Before We Begin, and Introduction sections. In that review I noted how Heath touches on the necessary technical (“hard”) skills as well as the non-technical (“soft”) skills that are incredibly useful when working as a penetration tester or ethical hacker. While the introductory section lacks any highly technical information or hands-on practice, the information presented is just as critical and helps to set students up for success by showing them the practical side of becoming an ethical hacker.
Let’s dive into the Practical Ethical Hacking — The Complete Course Notekeeping, Network Refresher, and Setting Up Our Lab sections.
This week saw the start of the foundational material for the course. Highlighting an often overlooked aspect of penetration testing and security assessments, the Notekeeping section draws attention to various tools that testers and researchers can use to effectively take notes and document findings during the course of a test. As someone with prior experience as a penetration tester, I know how important it is to ensure your findings are well documented and may be needed as a reference in the future for either yourself or when discussing them with a client.
A lot of people think that note taking is something reserved for school or formal studying, but this isn’t the case. Note taking can be a place to store exploit payloads, jot down observed behavior when navigating through an application, highlight areas of interests or possible vulnerable entry points, or store screenshots of payload executions.
Each tester will have a different methodology when it comes to documenting and reporting findings. You may choose to identify and report each vulnerability as you find them, or you may choose to document all of them at the end of your day. While no single way is better or worse than the other, having the ability to refer to the thoughts you had and process you took when finding a vulnerability is valuable to have at a later date. Often times relying on a simple screenshot or just your own memory can make it difficult when you are reporting several complex findings, or need to go back to a prior engagement weeks, months, or even years after it occurred.
There are a wide range of tools that offer note taking capabilities. Whether you want to use something simple like Notepad, Notepad++, or OneNote, or something more complex like Geany, KeepNote, and CheryTree, there are plenty of tools with a wide range of features and customization to fit your needs. Additionally, they say “a picture is worth a thousand words” and in the world of information security, this couldn’t be more true. It’s one thing to for a security researcher to write down in your notes that an application is vulnerable and it’s another to show it. Some vulnerabilities may require multiple steps to achieve a full exploit, and by taking screenshots of your steps, they become easier to document and can make replication later on much easier.
Additionally, if you’re like me and have taken a photo of something, just to come back to it days, weeks, or even months later and have no idea why it was relevant or what it meant, adding additional context to your images can be a lifesaver. Effective note taking will ultimately make your reports better, and reduce the amount of work you’ll have to do by service as both a place of reference during your test, but also while compiling or walking through the report later.
Following the Notekeeping section, the course moves to the Networking Refresher material. This material is meant to cover networking fundamentals such as IP and Mac Addresses, the difference between TCP and UDP, the OSI Model, some of the common ports and protocols, and how subnetting works. Coming from a primarily-Web Application testing background, I’ll be the first to admit that my network testing skills and fundamental knowledge could use some work. That’s one reason why I am so excited to take this course and am glad that it includes a refresher on some of the core concepts at the beginning of the course. I really enjoyed the quick overview of the difference between IPv4 and IPv6, how MAC Addresses are used for network identification and switches, and the communication differences on a packet and networking level for TCP and UDP.
Additionally, this refresher section includes a great overview of some of the most common TCP and UDP protocol ports including:
- FTP (21)
- SSH (22)
- Telnet (23)
- DNS (53)
- HTTP (80) & HTTP (443)
- SMB (139 and 445)
This information will be useful in making the scanning process more fluid and helps testers identify processes running on a system much easier.
As the section starts to come to a close, Heath covers the OSI Model. Often when talking with someone with prior networking experience, the OSI Model and terms associated with it come up frequently. Terms such as Layer 1 and Layer 2 get thrown around with the assumption that others understand what they mean. The OSI Model can be broken down as follows:
- Physical — Cables and Things Physically Connected to a Network
- Data — Switching, MAC Addresses
- Network — IP Addreses, Routing
- Transport — TCP/UDP
- Session — Session Management
- Presentation — Media such as WMV, JPG, MOV
- Application — HTTP, SMTP
Another important and fundamental networking topic is Subnetting. Heath does an excellent job covering what subnetting is and how to determine the number of hosts able to connect on a network and its subnet, while providing excellent resources such as a subnet guide and calculation techniques.
Finally, the PEH course covers a critical topic that anyone practicing information security should know, how to set up a home lab within the Setting Up Our Lab section. Different resources are available for those looking to set up a home lab, and one of the most common is through the use of virtual machines (VMs). Since most people are unable to have multiple decicated machines on thier own home network, VMs allow a single system to simultaneously run multiple lab environments. The course does an excellent job explaining how VMs can be used in both a lab/research context as well as day-to-day testing usage. A walkthrough is provide on how to install and set up either VMwave or VirtualBox as well as finding and downloading the operating system (OS) that is going to be used during the course, Kali Linux. Finally the module goes through some of the quality of life updates that should be installed to ensure the course runs smoothly.
By the end of these sections, we have finally set up our lab environment and covered the fundamentals necessary to begin diving into the material specific to ethical hacking and the initial stages of network assessments. The course has done an amazing job so far of ensuring students have a solid understanding of the fundamental information necessary to start learning about the industry-specific tools and techniques used in performing penetration testing while going at a pace that isn’t too overwhelming or results in a loss of interest.
Weekly Wrap-Up
Working through the first of four course to prepare for the PNPT exam and so far I’m incredibly happy with the material that is covered and the way in with the TCM Team and Heath explain what could easily become overwhelming or highly-technical. I look forward to exploring the next set of subjects and to explore the beginning stages of network pentesting.
Again, keep an eye out on Twitter for day-to-day updates and information about my BuyMeACoffee giveaway goal, any upcoming Twitter Spaces or podcasts featuring other infosec community members, recently announced infosec job listings, as well as opportunities for you to get involved in the community.
For those interested, my BuyMeACoffee has reached $15 towards the $400 goal to give away (1) Burp Pro license or (1) PNPT Training Course bundle to a random follower on Twitter. Any support is greatly appreciated!
Any for anyone new to the community or interested in joining, throughout the week members of the InfoSec Twitter community participate in unofficial events such as #CyberMentoringMonday and #FF where you can find and connect with some incredible people.