Penetration Testing with Kali Linux OffSec
|
|
Geteiltes
Leid ist halbes Leid ”, roughly translated means “A problem that is shared is half of a problem.” In 191 (Thompson, Schellenberg, Letnic, 2011), https://www.utm.utoronto.ca/~w3psygs/ThompsonEtAl2012.pdf 192 (Washington University of St. Louis, 2020), https://ctl.wustl.edu/resources/benefits-of-group-work/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 88 our case, sharing the struggle of a particular course, Module, Learning Unit, or even an exercise with another student can help that struggle feel half as big as it was alone. OffSec learners may want to reach out to local information security groups or coworkers to create their own study cohort. The OffSec Discord server also provides a way to collaborate and learn together with other students across the globe. 193 Discord participants also have access to course alumni, OffSec Student Mentors, and staff. 4.7.6 Study Your Own Studies Let’s wrap up this Module by examining our responsibility not just for learning, but the assessment of that strategy. Since many of the details of how a “classroom” is constructed is up to you (the student), you are also responsible for assessing and improving on that strategy. While this might sound like a lot, let’s review an easy and effective approach: at the end of a study session, take just 10 seconds to think about how well it went. It’s a very small thing, but it can make a huge difference. To understand how, we’ll look at the two most obvious and extreme outcomes of a study session. If the study session was particularly difficult, this moment of self-reflection might lead you to think about some of the content that made it difficult. Generally speaking, we want to ask why it was difficult. The easy answer here might be “that SQL Injection is just tough!” but the difficulty of the material is at least somewhat out of our hands (though this might indicate a need to spend the next study session reviewing some more foundational materials). We’re specifically interested in the things that we, as learners, have some control over. Here is a list of potential questions to ask about the study session: 1. What time did I start the study session? 2. How long was the study session? 3. Did I get interrupted (if so, how did that happen)? 4. What did I do just before I started studying? 5. What did I eat or drink before I started studying? 6. What was my study location like? Was it quiet or busy? 7. What did I do during the study session specifically? This is not a complete list of possible questions. The answer to each of these things might lead us to locate a more specific point of frustration. For example, if we discover that a heavy meal immediately before a study session led to us feeling unproductive and sluggish, then we can adjust either when we study or how much we eat beforehand. Let’s consider the opposite scenario. Let’s say that we finish a study session and we feel great about how it went. Again, it might be easy to say, “That went really well because I’m fascinated by SQL Injection,” but we should think beyond the content itself. 193 (OffSec, 2023), https://offs.ec/discord Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 89 In this case, the answers to these questions may reveal keys to future successful study sessions. Let’s say we studied for one hour in the morning after a light breakfast at the dining room table with a cup of coffee, using our own version of the Feynman Technique. If that led to a successful session, it’s worth making a note of this and then planning the next study session to recreate as much of the scenario as possible. Finally, as a closing note, we want to acknowledge that we can’t possibly cover every effective strategy or give a full picture of all of the things involved in learning a new set of skills. We hope that the items presented in this Module are useful and helpful in some way. If you are a learner just starting out with OffSec’s training, we want to wish you the best of luck on your journey. Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 90 5 Report Writing for Penetration Testers We will cover the following Learning Units in this Learning Module: • Understanding Note-Taking • Writing Effective Technical Penetration Testing Reports This Module is designed to help Penetration Testers understand how to deliver effective reports to their clients. 5.1 Understanding Note-Taking In this Learning Unit we will cover the following Learning Objectives: • Review the deliverables for penetration testing engagements • Understand the importance of note portability • Identify the general structure of pentesting documentation • Choose the right note-taking tool • Understand the importance of taking screenshots • Use tools to take screenshots 5.1.1 Penetration Testing Deliverables A penetration test or red team exercise 194 is difficult to script in advance. This is because the tester cannot consistently anticipate exactly what kind of machines or networks the client will want to be tested. Yüklə Dostları ilə paylaş:
|