Penetration Testing with Kali Linux OffSec

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
54 
federal government. Whereas previously, a cloud service may have been required to obtain 
different authorizations for different federal agencies, FedRAMP allows a cloud service to obtain a 
single authorization for all government agencies. Its goal is to accelerate the government’s 
adoption of cloud services while also ensuring that these services are secure. The controls are 
based off of NIST SP 800-53 Revision 4 and enhanced by a number of additional controls that 
pertain specifically to cloud computing. More details pertaining to cloud technology are explored 
in OffSec’s CLD-100. 
3.6
Career Opportunities in Cybersecurity 
This Learning Unit covers the following Learning Objective: 
•
Identify career opportunities in cybersecurity 
There are increasingly many job roles available within the larger field of Cybersecurity. The field 
expands extremely fast, and organizations use disparate titles to describe similar roles, making it 
impossible to list every potential career. 
With this in mind, let’s explore various cybersecurity job roles. We’ll describe their day-to-day 
functions and provide some guidance regarding the kind of person that might be interested in 
pursuing different roles. We’ll also mention areas in the OffSec Training Library where learners 
can pursue more Modules related to each role. 
3.6.1
Cybersecurity Career Opportunities: Attack 
Network Penetration Tester
: A Network Penetration Tester
110
is responsible for discovering and 
exploiting vulnerabilities that exist in a targeted network. This career may be a good choice for 
someone who has a strong understanding of networking and systems and enjoys finding ways of 
subverting their security measures. This role also benefits from clear technical writing abilities. To 
learn such skills, we suggest reviewing OffSec’s PEN courses at the 100, 200, and 300 levels. 
Web Application Testers
: A Web Application Tester
111
is responsible for testing web applications 
for security weaknesses. A good candidate for this role likely has a strong knowledge of web 
application vulnerabilities, enjoys testing them, and enjoys subverting the security measures that 
they employ. The skills required to become a Web Application Tester are covered in the WEB 
track at the 100, 200, and 300 levels. These Modules teach the basics of how web applications 
work as well black-box and white-box approaches to web application testing. 
Cloud Penetration Tester
: A Cloud Penetration Tester
112
is responsible for performing penetration 
testing on cloud infrastructure. This might be a good career path for someone who has 
knowledge and experience in cloud infrastructure and penetration testing. As with other 
penetration testing positions, you may enjoy this role if you have fun probing infrastructure for 
weaknesses and figuring out ways to exploit them. CLD-100 teaches learners how to test, attack, 
and exploit cloud technologies. 
110
(Cloudflare, 2022), https://www.cloudflare.com/learning/security/glossary/what-is-penetration-testing/ 
111
(Rapid7, 2022), https://www.rapid7.com/fundamentals/web-application-security-testing/ 
112
(CompTIA, 2021), https://www.comptia.org/blog/your-next-move-cloud-penetration-tester 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
55 
Exploit Developer
: An Exploit Developer
113
is responsible for discovering and developing exploits 
for software vulnerabilities. Someone looking to become an Exploit Developer might enjoy reverse 
engineering applications to determine how they work, reading low-level code, and bypassing 
security mitigations. The EXP-301 course offers more information about Windows binary 
exploitation, while EXP-312 explores macOS logical exploitation. 
Vulnerability Researcher
:A Vulnerability Researcher is responsible for researching new software 
vulnerabilities and exploitation techniques, determining their impact, developing Proofs of 
Concept (PoCs), and communicating their findings to different stakeholders. A person may wish 
to be a Vulnerability Researcher if they enjoy reverse engineering and researching new and 
emerging vulnerabilities and techniques. You can follow EXP-301 and EXP-312 to learn how to 
reverse engineer and develop exploits for Windows and macOS software, respectively. 
3.6.2
Cybersecurity Career Opportunities: Defend 
SOC Analyst
: A SOC Analyst
114
is responsible for monitoring, triaging and, when necessary, 
escalating security alerts that arise from within monitored networks. Someone may be a good fit 
for this position if they enjoy investigating and gathering information surrounding suspicious 
activity. To prepare, we recommend following the SOC track at the 100 and 200 levels in the 
OffSec library. SOC Modules will explore the techniques attackers use to infiltrate networks and 
those that analysts use to discover this activity. 
Malware Analyst
: A Malware Analyst
115
is responsible for analyzing suspected or confirmed 
malware samples in order to determine how they work and, ultimately, what their purpose is. 
Someone might enjoy this role if they have a basic understanding of networking and like 
analyzing suspicious samples and reverse engineering. 
The OffSec library contains a number of resources that can help learners learn these skills. For 
example, EXP-301 teaches reverse engineering and some basics of the Windows API. PEN 
courses at the 200 and 300 levels describe how attackers craft malicious documents and 
payloads as well as the techniques that they use to evade antivirus and other detection 
mechanisms. Finally, the 100-level library contains Modules that can help to learn the basics of 
networking. 
Digital Forensics Analyst
: A Digital Forensics Analyst
116
is responsible for investigating 
Cybersecurity incidents by gathering and analyzing evidence of intrusions and recovering data. 
Someone who enjoys this role likely has a strong understanding of how systems and networks 
operate and is interested in investigating how intrusions occur, then assembling evidence into a 
complete story. To begin learning these skills, we recommend reviewing the SOC track at the 100 
and 200 levels. SOC-200 shows some of the specific ways attackers operate and how to search 
for evidence of their attacks. 
Incident Responder
: An Incident Responder
117
is responsible for reacting to cybersecurity events. 
This includes identifying the cause and scope of an incident and recommending measures to 
113
(OffSec, 2022), https://www.offsec.com/exp301-osed/ 
114
(Palo Alto Networks, 2022), https://www.paloaltonetworks.com/cyberpedia/what-is-a-soc 
115
(CrowdStrike, 2022), https://www.crowdstrike.com/cybersecurity-101/malware/malware-analysis/ 
116
(EC-Council, 2022), https://www.eccouncil.org/cybersecurity-exchange/computer-forensics/what-is-digital-forensic-analyst/ 
117
(TechTarget, 2019), https://www.techtarget.com/searchsecurity/feature/How-to-become-an-incident-responder-Requirements-
and-more 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
56 
contain, eliminate, and recover from it. Someone may be a good fit for this role if they have a 
strong technical background and enjoy working in a fast-paced environment and performing root 
cause analysis. This role also benefits from strong cross-functional communication skills. 
Starting with the SOC track at the 100 and 200 level will help learners prepare for this career. SOC-
200 in particular shows some of the ways attackers operate and how to search for evidence of 
their attacks. 
Threat Hunter
: A Threat Hunter
118
is responsible for proactively searching networks and systems 
for Indicators of Compromise (IOCs) using the most up-to-date threat intelligence. This role could 
be a good choice for someone who enjoys following the most recent cybersecurity feeds and 
searching for malicious activity that may have evaded existing defenses. There are a number of 
resources in the OffSec library that can help to prepare for this position. For example, the SOC 
track at the 100 and 200 levels teaches about common techniques used by attackers and how to 
search for and identify them. The PEN-300 course is helpful to learn about the ways that 
attackers bypass existing defenses. 
3.6.3
Cybersecurity Career Opportunities: Build 
Cloud Engineer
: A Cloud Engineer
119
is responsible for building and maintaining the cloud 
infrastructure. This role encompasses a number of more specialized positions, including Cloud 
Architect, and, with the usual exception of that position, typically involves the implementation of 
the cloud architecture as outlined by the company’s cloud-computing strategy. This career may 
be a good fit for someone who enjoys programming and building infrastructure, and has 
experience with cloud service providers and other cloud-related technologies. 
Cloud Architect
: A Cloud Architect
120
is responsible for designing and overseeing the 
implementation of a cloud-computing strategy aligned with the business’s goals and needs. 
Individuals with a deep, cutting-edge understanding of cloud computing who enjoy developing 
high-level business strategy and excel at communicating technical concepts across business 
areas may enjoy this role. 
OffSec’s CLD-100 offers more information about important cloud concepts and technologies. It 
teaches learners how to build clouds safely and secure these technologies. 
Developer
: A Software Developer
121
is responsible for writing computer programs which, 
depending on the precise role, may range from core operating system components to desktop, 
mobile and web applications. Someone who enjoys designing elegant and efficient programmatic 
solutions to problems may enjoy this role. Depending on the type of software development, the 
OffSec Library contains a considerable number of resources to help learners understand attack 
vectors and create secure software. A general understanding of software vulnerabilities is 
available in the PEN-200 course, while information about web development can be found in 
OffSec’s WEB courses at the 200 and 300 level. Those who may be programming in memory-
unsafe languages such as C may be interested in the EXP-301 and EXP-312 courses. 
118
(Wikipedia, 2022), https://en.wikipedia.org/wiki/Cyber_threat_hunting 
119
(TechTarget, 2021), https://www.techtarget.com/searchcloudcomputing/definition/cloud-engineer 
120
(TechTarget, 2022), https://www.techtarget.com/searchcloudcomputing/definition/cloud-architect1 
121
(Wikipedia, 2021), https://en.wikipedia.org/wiki/Programmer 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
57 
DevSecOps
: DevSecOps
122
(an abbreviation for Development, Security and Operations) is an 
approach to software development that integrates security into all stages of the software 
development lifecycle, rather than postponing it to the end. A DevSecOps Engineer
123
is 
responsible for automating security testing and other security-related processes. This role might 
be a good fit for someone who has an understanding of Continuous Integration / Continuous 
Development (CI/CD) pipeline and tools, an interest in security testing automation, and the ability 
to work in a fast-paced environment. 
The OffSec Library contains a considerable number of resources that can help learners with 
software development, including understanding the different attack vectors to automate testing 
for and the types of automation testing tools available. This information can be found in the WEB 
and PEN courses at the 200 and 300 level. CLD-100 also provides details about Docker and 
Kubernetes: two essential tools for DevSecOps. 
Site Reliability Engineer
: A Site Reliability Engineer
124
is responsible for ensuring and improving the 
availability and performance of software systems. A person may wish to be a Site Reliability 
Engineer if they have software development experience and are interested in using automation to 
monitor for, alert, and respond to reliability-related issues. learners can learn about containers and 
Kubernetes, some of the key technologies used to support SRE, by following CLD-100 in the 
OffSec library. 
System Hardener (System Administrator)
: A System Hardener
125
is responsible for configuring 
systems to reduce their security risk. This involves changing insecure default configurations, 
removing unused programs, ensuring firewalls are appropriately restrictive, etc. A person may 
seek out this career if they have experience with system administration, are familiar with attack 
techniques, and enjoy making systems and the data they store more secure. Many of the skills 
required for this position are covered in the PEN track at the 100, 200 and 300 levels. PEN-100, for 
instance, explores some of the basics of networking and system administration. PEN-200 
describes some of the common techniques that attackers use. PEN-300 teaches more advanced 
techniques that attackers use to bypass defenses. 
3.7
What’s Next? 
We hope this Module has provided a high-level understanding of the cybersecurity landscape. No 
matter where you want to go in this expanding field, most learners will benefit from starting with 
the Fundamentals. The Effective Learning Strategies Module is designed to orient each learner to 
OffSec’s teaching pedagogy. 
To begin diving into more hands-on technical Modules, we recommend beginning with the Linux 
Basics, Windows Basics, Networking, and various Scripting Modules, in that order. These 
fundamental areas represent the most important prerequisites for an aspiring cybersecurity 
professional. Should you already have experience in these areas, you are welcome to move on to 
any Module that captures your interest. We wish you the best of success in your learning journey! 
122
(VMWare, 2022), https://www.vmware.com/Modules/glossary/content/devsecops.html 
123
(TechTarget, 2019), https://www.techtarget.com/searchsecurity/tip/What-it-takes-to-be-a-DevSecOps-engineer 
124
(Red Hat, 2020), https://www.redhat.com/en/Modules/devops/what-is-sre 
125
(Wikipedia, 2022), https://en.wikipedia.org/wiki/Hardening_(computing) 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
58 
4
Effective Learning Strategies 
This Module is intended to provide students a better understanding of learning strategies as well 
as a preview of the OffSec instruction style and what to expect. After completing this Module, 
students should be able to effectively plan how to best approach the coursework ahead. 
Let’s briefly review why this is an important topic The information covered will not only help 
students prepare to succeed in the training ahead, but will also be useful to cyber security 
professionals in the long term. Since both technology and the security landscape are constantly 
evolving and changing (we’ll explore this more later), professionals must continually learn and 
grow. Finding success and satisfaction in this field is often tied to our ability to become efficient 
and comfortable learners. 
We will cover the following Learning Units in this Module: 
•
Learning Theory 
•
Unique Challenges to Learning Technical Skills 
•
The OffSec Training Methodology 
•
A Case Study Regarding Executable Permission 
•
Common Methods and Strategies 
•
Advice and Suggestions on Exams 
•
Practical Steps 
Each learner moves at their own pace, but this Module should take approximately 1 hour and 45 
minutes to complete. 
4.1
Learning Theory 
Let’s begin with a very basic discussion of Learning Theory. We’ll make some general 
observations about this field of study and examine the current state of our (constantly-evolving) 
understanding of how students learn. 
In general, this Learning Unit and the next will illuminate some of the problems and difficulties 
that individuals face when learning new subjects. 
This Learning Unit covers the following Learning Objectives: 
1.
Understand the general state of our understanding about education and education theory 
2.
Understand the basics of memory mechanisms and dual encoding 
3.
Recognize some of the problems faced by learners, including “The Curve of Forgetting” and 
cognitive load 
While each student will learn at their own pace, this Learning Unit should take about 15 minutes 
to complete. 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
59 
4.1.1
What We Know and What We Don’t 
Although we humans have always taught, we have only recently (within the past 100 years) begun 
researching learning theory.
126
Some of this research focuses on the structure and purpose of schools themselves. For example, 
a great deal of research ponders the ideal classroom size,
127
whether or not activities in gym 
class can help a student in science class,
128
and so on. Although these studies may not initially 
seem relevant to our focus on cyber security, a few key aspects of this research are worth 
mentioning. 
First, learning is not entirely dependent on the student. The teacher, the material, the education 
format, and a variety of other factors affect success more than a student’s raw capability. In fact, 
a student’s past performance is a poor predictor of future success,
129
and external events and 
circumstances can drastically affect a student’s performance.
130
Second, as new educational studies are constantly released, it’s clear there’s still much to be 
discovered about the mechanics of our memory. This includes research suggesting that the 
notion of learning modes (or learning styles) is more of a myth than previously thought.
131,132
With this in mind, OffSec designs our courses around current, established academic research 
regarding learning theory, and (partially because we aim to be perpetual learners) we’re constantly 
seeking to improve our methods. 
As instructors, our ultimate goal is to create a highly-effective learning environment that equips 
students to excel in the ever-changing field of information security, regardless of past experience 
or performance in the field. 
However, before we can discuss more practical strategies, let’s explore some of the current 
research in the field of learning theory to understand how it’s best applied. 
4.1.2
Memory Mechanisms and Dual Coding 
It can be a bit overwhelming to think of education as a whole, so let’s try to understand it in more 
simple terms first. One of the ways we can demonstrate that we’ve “learned” something is if we 
are able to create and retrieve a memory. 
For example, we might learn a specific command to rename a file in Linux, mv oldfilename.txt 
newfilename.txt
. Later, we might find ourselves at a computer, needing to rename a file. We hope 
that in that situation, away from our text book and any instructional material, we’ll remember this 
126
(encyclopedia.com, 2022), https://www.encyclopedia.com/psychology/encyclopedias-almanacs-transcripts-and-maps/learning-
theory-history 
127
(Kieschnick, 2018), https://www.hmhco.com/blog/class-size-matters 
128
(Chen, 2022), https://www.publicschoolreview.com/blog/the-pros-and-cons-of-mandatory-gym-class-in-public-schools 
129
(Carnevale, Fasules, Quinn, and Campbell, 2019), https://1gyhoq479ufd3yna29x7ubjn-wpengine.netdna-ssl.com/wp-
content/uploads/FR-Born_to_win-schooled_to_lose.pdf 
130
(wbur, 2018), https://www.wbur.org/hereandnow/2018/08/27/public-private-school-family-income-study 
131
(Nancekivell, 2019), https://www.apa.org/news/press/releases/2019/05/learning-styles-myth 
132
(May, 2018), https://www.scientificamerican.com/article/the-problem-with-learning-styles/ 

Penetration Testing with Kali Linux
PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 
60 

Yüklə

Dostları ilə paylaş: