Penetration Testing Career?

OK so I'm a high school senior about to enter college, previously I was never into computers until I decided that I wanted to build a computer for college. Since then i've become really interested in computers and have been trying to learn  everything I can about them (code, hardware, everything). I've decided that Computer Science could be an interesting major for college and that I'd be specifically interested in pentration testing (gradschool?). I built my pc as a gaming computer and i'm gunna bring that to college as well as a laptop that i'm saving for right now which my plan is to dual boot windows 7 and backtrack 5 since I hear that backtrack isn't that stable as a main operating system. i've been looking for books on penetration testing so i'm reading metasploit: the penetration tester's guide but it's kind of advanced for me so I was wondering if you guys could suggest any other books to give me more information on a penetration tester's daily job/education needed/what they actually do. I don't wanna be percieved as some skiddy looking to become the ultimate hacker or whatever but i'm actually interested in this as a career field so whatever books/info you guys could give me would be greatly appreciated. If you have a suggestion about dual booting windows 7 and backtrack (i.e. not dual booting, a different OS I should use, etc...) that would be awesome. additionally if anyone is currently employed in this field and is willing to talk to me that would be even better. I don't know if this is necessarily what I wanna pursue but currently it is the most interesting thing i've found besides a possible carreer in psycological therapy. Literally any info you guys could give me would be amazing like coding languages to learn, (currently learning HTML and CSS) books to read, programs to use/learn. I appreciate you reading this overly long post.

What I think you should do 

1. Don't use BackTrack 5, use Windows. Trust me, it is not stable and not worth putting on your computer.

2. Learn web devlopment languages, because everything is moving to the web, for example, Chromium-OS is a web-based operating system. You already know HTML & CSS, so I suggest Javascript, PHP, Python, Java,(optional) C++, C#, Ruby, and you don't need to know all of these

3. Find some friends that know code and do a "Hack-a-thon", they are awesome, and a great way to be spotted as a great coder by huge coporations. Learn how to make Chrome extensions. It helps for Hack-a-thons. Trust me on that one.

 4. For pentesting and finding exploits download metasploit, I recommend downloading the free download and see if you like it, if you do, I prefer you purchase it if you want a career in pentesting. Choose the right plan for what you think you need: . 

That's all the information I can give you off my experience. Good luck.

Thanks for the info man. Two questions, what is a hack-a-thon, and can you recommend any good books on the subject?

Here is a talk from Defcon a few years ago about pent testing

I found the video enjoyable and it should give you a good idea of what a pent tester does.

also videos make things so much easier to understand than books (although I prefer reading), the video you linked was explainging a concept that was similar to one of the concepts in my book but it was alot easier to understand in video form

I understand that Backtrack is unstable but I hear that trying to do anything pentesting related in windows is practically impossible, should I just choose a different linux distro? Kali? Ubuntu? Mint? or just keep it on a bootable flashdrive for a use whenever I need it but keep windows as the main OS kind of thing?

ok, first off backtrack is outdated, they switched over to kali linux (still made by offensive secutity) but its debian based rather than ubuntu based. it takes some time to get used to (directories are different) but since you have not used backtrack before, there should be less confusion.

second, bt5 / kali is not "less stable" however its a pen testing os. its not ment for desktop use, hence why you should dual boot in windows. now... windows does not let programs get hardware access the same way linux does, so tons of hacking "tools" will not work the same, as its a lot harder to get your wifi card into promiscuous mode, so stuff like packet injection is VERY hard in windows. moreso, all the online help / tutorials are written for linux.

3rd. you need to know programming languages. the most important being python. its not THAT powerful alone, but if oyu need to throw something togeather quickly, its the best language to use. also, you can call c from python, which is amazing. the next language would probubly be ruby, as that is what metasploit moduals are written in. both of these are scripting languages. the best programming language to learn would be C, (not c++) as it will get you thinking very low level. c++ is nicer to actually code in, however the reason im saying to learn c is so you get the right mind set... as c++ wont give it to you.

the true money in pen testing is finding buffer overflows / reversiong code. for this, you need to know ASM, as well as how to use ollydbg and ida (these however are windows programs). i said learn c, as it will make asm a bit easier to learn.


i can upload some presentations i have done for you, as well as get you in touch with a friend that does pen testing for a living, as well as selling 0 days and the such.

Wow that would be awesome man thanks. You can pm me/ email me idk if i have it on my profile but its [email protected]. also i was gunna be running these off a laptop, unless its better to use my desktop which i normall use for gaming.

just use backbox, its more stable and it does exactly what it says it does and its small

a lot of people are saying to use ther OS's... i have to disagree. kali / backtrack is the standard... its all the same tools just installed with different desktop environments / base systems. there are pentesting os's built off ubuntu, bebian, xubuntu, arch, gentoo and so on, but ultimately if you have a question and your googling how to do something the answer will be for backtrack / kali.


also, running it on a laptop is fine. the only time it wont be is if you are brute forcing, which to be honest is a last resort. anyway, if i was to introduce you, it mould most likely be on irc. hop on freenode ( if you dont have an irc client (you might want to look into a different field if you dont, lol) join #hackucf im motsu35 on there, and just privmsg me.

lol not gunna lie just downloaded my first irc client (hydrairc) made it to freenode, made it to hackucf, no one there. i'm like really knew to practically everything so you'll have to bear with me while I attempt to break free of my tech illiteracy. anyway you don't have to introduce me to your friend, you've already exposed me to new software, given me tons of info, and been generally quite helpful and I appreciate it. If you were to upload/send me those presentations I would be forever grateful but beyond that anything else is just you going above and beyond to the next level. 

been a member of teksyndicate / rtw for arround 4 years ago. i stuck with the site because of people being helpful to other members, so i sort of have a 'pay it forward' aditude. if i help people, hopefully they will stick arround and share their knowledge and make the community better. so dont worry about it.

i was driving back to my university, so i wasnt on. however stop in, say your a high school student and looking at doing pen testing shit as a career. its usually more active during the week.

kk i'll check it out

i'm sorry but this title was really missleading.

how so? I guess the focus was more around starting out on the path towards such a career rather than info about the career itself or whether or not I should do that or something else.  

i know some may disagree with me on this but getting any OS like backtrack or blackbox is really a fast track to be average at  best when it comes to anything involving security.

and here is why, you get 0 knowledge about how things really work and that is a big problem.


the best thing i can offer you to do is learn the basics, like networking to the point you know what happens at every point  to the message you just sent to a friend over AIM or whatever.

some more things that are very important are SQL,python,perl and many more, you will find a lot to learn as you go along, another thing is find a networking job or like low tier sysadmin you will find the experience to be very important to understanding how systems and networks work.