How to become a pentester from scratch, and in general, what does penetration testing include? What tools should you master and in what sequence?

Penetration testing – what you need to know

Penetration testing (pentesting) is used for early detection of problems and vulnerabilities in IT systems. For this, both manual testing methods and automated tools are used.

The pentester simulates the actions of an intruder, while exploiting possible security holes. If the protection is weak, the specialist gets access to the required data and reports on the vulnerability found so that it can be eliminated by the developers.

Pentester skills and tools

To understand how to become a pentester from scratch, we suggest that you familiarize yourself with the training scheme from scratch. The roadmap included the following points:

  • The basics
  • Cyber ​​infrastructure for penetration testing
  • Cross-platform privilege escalation
  • Attacks on network infrastructure
  • Reverse engineering and malware analysis
  • Preparation for CEH and OSCP exams

Let’s analyze them in more detail.

The basics

In fact, this is an introduction to the profession, from which you should learn about hacking web applications, attacks on operating systems and networks, as well as external IT infrastructure.

What experience will help here? Knowing assembler is a good background for malware research. If you are looking towards web security, then you definitely need to start by studying web technologies:

  • The main technologies used by browsers: HTML, JavaScript, HTTP, web sockets, CSS, SOP, CORS, cookies, storage and how they work.
  • The main technologies for developing the server side: PHP, frameworks, content management systems. Then you can move on to more strict and demanding languages ​​and technologies, such as Java, Python, Node.JS, C #, Golang, etc.

Knowledge of Linux at the level of a pentester is not limited to installing the “hacker” Kali distribution. Service, user, permissions, network management, and package managers are the foundation for understanding how UNIX-like operating systems work from the inside out.

The same goes for Windows Server. Knowledge of the mechanisms for managing a network of devices and network equipment will help you. This applies to working with Active Directory, network protocols DNS, DHCP and ARP, as well as their settings.

A separate block should be allocated to corporate networks Cisco, their architecture. A good penetration tester can quickly figure out how to configure Cisco equipment, routing, VLAN and Trunk ports, monitor traffic, and manage the corporate network.

Cyber ​​infrastructure for penetration testing

As a pentester, you have to scan networks and analyze network traffic. This will help Wireshark – a popular tool for capturing and analyzing network traffic, which is often used both in training and in real-life tasks. You will also have to monitor and process open sources using the principle of open-source intelligence (OSINT), work with cracking passwords, attacks on Wi-Fi and MITM. It is at this stage that you will become familiar with brute force or brute force, as well as related programs like John The Ripper .

Cross-platform privilege escalation

Despite this innocuous name, privilege escalation refers to the exploitation of a vulnerability in a program or operating system, as a result of which an attacker gains access to information, which is usually protected from a certain category of users. This action allows a cybercriminal to gain the right to perform unauthorized actions.

Privilege changes are divided into three main types:

  • vertical rise – imitation of the user by levels higher;
  • horizontal increase – imitation of a user of the same level;
  • downgrade – imitation of the user by levels below.

To become a pentester, you need to understand how it works from an attacker’s point of view. To this end, you will have to learn how to change your privileges in various operating systems, stick to them, use exploits, buffer overflows and replace DLL files with malicious libraries.

Attacks on network infrastructure

Such attacks are divided into active and passive – the type directly depends on the malware. To provide protection against attacks on the network infrastructure, the following are used:

  • VPN;
  • proxy servers;
  • firewalls;
  • network monitoring systems.

But this concerns methods of protecting end users. As a penetration testing specialist, you will test attacks via SMB Relay and Responder, use PowerShell as a tool for attacks and network security analysis, check domain configuration, and capture and analyze network traffic.

Reverse engineering and malware analysis

But true cybersecurity experts go even further. They study and analyze the logic of executable files, examine the results of malware, reverse-engineer compiled executable files and debug them. This is where assembly language, C, and the OllyDbg, x64dbg, and GDB debuggers come in handy.

Preparation for CEH and OSCP exams

Passing the CEH and OSCP exams is optional, but it will allow you to consolidate the material passed, obtain the appropriate certificates and put a fat point in training in the rank of a beginner, becoming a specialist. You should understand the technical details of the format of both exams and build an effective preparation plan.

Additional tools


  • OWASP ZAP – an open source cross-platform tool for automatically searching for vulnerabilities in web applications during development and testing;
  • Burp Suite – a set of interconnected components for a comprehensive security audit;
  • Metasploit is an open source platform for creating exploits for various operating systems.


  • THC-Hydra – multifunctional brute-force passwords;
  • RainbowCrack is a popular hash cracker;
  • John the Ripper is a cross-platform tool with three types of iteration: full, hybrid and dictionary.

Network scanners:

  • Nmap;
  • ZMap;
  • Masscan.

Traffic analyzers:

  • Wireshark;
  • tcpdump;
  • mitmproxy.

A selection of resources to explore


Hacking: The Art of Exploitation, 2nd Edition

The author does not teach how to use known exploits, but explains their work and inner essence. At the beginning, the reader gets acquainted with the basics of programming in C, assembly and shell language, learns to explore processor registers. Having mastered the material, you can start hacking – overwrite memory using a buffer overflow, access a remote server while hiding your presence, and intercept TCP connections. By learning these techniques, you can break encrypted wireless network traffic, successfully bypassing security and intrusion detection systems. The book provides a thorough understanding of programming, machine architecture, network connections, and hacking techniques.

Web Hacking Basics

Using publicly disclosed vulnerabilities, the Web Hacking Basics book explains common web vulnerabilities and shows you how to start looking for vulnerabilities and get paid for it. Using over 30 examples, this book covers topics such as:

  • HTML injection;
  • cross-site scripting (XSS);
  • cross-site request forgery (CSRF);
  • open redirects;
  • remote code execution (RCE);

application logic and much more.

The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy

In this book, you will learn how to properly use and interpret the results of modern hacking tools such as Backtrack Linux, Google, Whois, Nmap, Nessus, Metasploit, Netcat, Netbus, etc. Throughout the book, one example is used – a specific target for penetration testing. This allows you to clearly see the relationship of tools and steps. Each chapter contains practical examples to teach you how to interpret the results and use them. Written by an author with practical experience as a pentester.


  • Open Web Application Security Project (OWASP)
  • Hacked Off
  • The AnglerPhish Podcast
  • The InfoSec & OSINT Show
  • Getting into infosec
  • 7 Minute Security


All of the steps listed in the roadmap are included in the cybersecurity course from HackerU . Take an 11-month training path and join the ranks of white hats by conducting penetration tests, analyzing security, and finding security holes in information systems and applications.

Doubt? Then try the program on the three-day intensive “Pentesting: Level 0” , where you will get acquainted with the typical tasks of the Red Team, in practice you will understand typical vulnerabilities, hack the application using an exploit, and much more.


Do you want to become a pentester from scratch? Now you know how to do it: arm yourself with our roadmap, master useful technologies, necessary programming languages, study various types of hacker attacks and useful tools, read books on hacking and penetration testing, listen to thematic podcasts, become a certified specialist and feel free to send resumes to the companies you are interested in.