https://systemoverlord.com/tags/pentesting.htmlRecent content in Pentesting on System OverlordHugoen-usdavid@systemoverlord.com (David Tomaschik)david@systemoverlord.com (David Tomaschik)Tue, 29 Dec 2015 05:32:33 +0000https://systemoverlord.com/2015/12/29/offensive-security-certified-professional/Tue, 29 Dec 2015 05:32:33 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2015/12/29/offensive-security-certified-professional/<p>It&rsquo;s been a little bit since I last updated, and it&rsquo;s been a busy time. I did want to take a quick moment to update and note that I accomplished something I&rsquo;m pretty proud of. As of Christmas Eve, I&rsquo;m now an Offensive Security Certified Professional.</p> <p><img src="https://systemoverlord.com/img/blog/oscp.png" alt="OSCP Logo"></p> <p>Even though I&rsquo;ve been working in security for more than two years, the lab and exam were still a challenge. Given that I mostly deal with web security at work, it was a great change to have a lab environment of more than 50 machines to attack. Perhaps most significantly, it gave me an opportunity to fight back a little bit of the impostor syndrome I&rsquo;m perpetually afflicted with.</p>https://systemoverlord.com/2014/05/23/weekly-reading-list-for-52314/Fri, 23 May 2014 07:00:00 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/23/weekly-reading-list-for-52314/<p>###Radare2 Book Maijin on GitHub is in the process of putting together an <a href="https://radare.gitbooks.io/radare2book/">online book for Radare2</a>. I&rsquo;ve been looking for a good resource for using Radare2, and this is a great start.</p> <p>###Reverse Engineering for Beginners Dennis Yurichev has a <a href="http://yurichev.com/RE-book.html">free eBook on Reverse Engineering</a>. I haven&rsquo;t gotten through it yet, but it looks interesting, and you can&rsquo;t beat the price.</p> <p>###Hacker Playbook Finally, I finished up <a href="http://www.amazon.com/gp/product/1494932636/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=390957&amp;creativeASIN=1494932636&amp;linkCode=as2&amp;tag=systemovecom-20">The Hacker Playbook: Practical Guide To Penetration Testing</a> this week. You can find <a href="https://systemoverlord.com/2014/05/21/book-review-the-hacker-playbook/">my full review here</a>.</p>https://systemoverlord.com/2014/05/02/book-review-red-team-field-manual/Fri, 02 May 2014 15:24:27 +0000david@systemoverlord.com (David Tomaschik)https://systemoverlord.com/2014/05/02/book-review-red-team-field-manual/<p>I recently picked up a copy of the <a href="http://www.amazon.com/gp/product/1494295504/ref=as_li_tl?ie=UTF8&amp;camp=1789&amp;creative=390957&amp;creativeASIN=1494295504&amp;linkCode=as2&amp;tag=systemovecom-20&amp;linkId=VUHBPTAFLWN7MNBT">Red Team Field Manual</a> on Amazon after hearing good things from a few people in the industry. It&rsquo;s information dense, basically a concatenation of cheat sheets for everything you&rsquo;d want to do during a pentest. I&rsquo;m mostly a Linux/Unix guy, and given my role on an internal red team for a mostly Linux company, I don&rsquo;t do a lot of Windows. However, I recently had an engagement where we were targeting Windows, and I wish I&rsquo;d had the RTFM handy then: there are a number of great pointers for Windows that I could&rsquo;ve leveraged to make my engagement go more smoothly. Additionally, the book provides coverage for other platforms, like Cisco IOS, and for various scripting situations in Powershell, Python, or even <a href="http://www.secdev.org/projects/scapy/">Scapy</a>.</p>