How to become a pentester from scratch, and in general, what does penetration testing include? What tools should you master and in what sequence? 

Pentesting – what you need to know

Penetration testing (pentesting) is used for early detection of problems and vulnerabilities in IT systems. For this, both manual testing methods and automated tools are used.

The pentester simulates the actions of an attacker, while exploiting possible security holes. If the protection is weak, the specialist gets access to the required data and reports on the vulnerability found so that it can be eliminated by the developers.

Pentester skills and tools

To understand how to become a pentester from scratch, we suggest that you familiarize yourself with the training scheme from scratch. The roadmap included the following points:

  • The basics
  • Cyber ​​infrastructure for penetration testing
  • Escalation of cross-platform privileges
  • Attacks on network infrastructure
  • Reverse engineering and malware analysis
  • Preparation for CEH and OSCP exams

Let’s analyze them in more detail.

The basics

In fact, this is an introduction to the profession, from which you should learn about hacking web applications, attacks on operating systems and networks, as well as external IT infrastructure.

What experience will help here? Knowing assembler is a good background for malware research. If you are looking towards web security, then you definitely need to start by studying web technologies:

  • The main technologies used by browsers: HTML, JavaScript, HTTP, web sockets, CSS, SOP, CORS, cookies, storage and how they work.
  • The main technologies for developing the server side: PHP, frameworks, content management systems. Then you can move on to more rigorous and demanding languages ​​and technologies, such as Java, Python, Node.JS, C #, Golang, etc.

Knowledge of Linux at the level of a pentester is not limited to installing the “hacker” Kali distribution. Service, user, permissions, network management, and package managers are the foundations for understanding how UNIX-like operating systems work from the inside out.

The same goes for Windows Server. Knowledge of the mechanisms for managing a network of devices and network equipment will help you. This applies to working with Active Directory, network protocols DNS, DHCP and ARP, as well as their settings.

A separate block should be allocated to corporate networks Cisco, their architecture. A good penetration tester can quickly figure out how to configure Cisco equipment, routing, VLAN and Trunk ports, monitor traffic, and manage the corporate network.

Cyber ​​infrastructure for penetration testing

As a pentester, you have to scan networks and analyze network traffic. This will help Wireshark – a popular tool for capturing and analyzing network traffic, which is often used both in training and in real-life tasks. You also have to monitor and process open sources using the principle of open-source intelligence (OSINT), work with cracking passwords, attacks on Wi-Fi and MITM. It is at this stage that you will become familiar with brute force or brute force, as well as related programs like John The Ripper .

Escalation of cross-platform privileges

Despite this innocuous name, privilege escalation refers to the exploitation of a vulnerability in a program or operating system, as a result of which an attacker gains access to information, which is usually protected from a certain category of users. This action allows a cybercriminal to gain the right to perform unauthorized actions.

Privilege changes are divided into three main types:

  • vertical rise – imitation of the user by levels higher;
  • horizontal increase – imitation of a user of the same level;
  • downgrade – imitation of the user by levels below.

To become a pentester, you need to understand how it works from an attacker’s point of view. To this end, you will have to learn how to change your privileges in various operating systems, stick to them, use exploits, buffer overflows and replace DLL files with malicious libraries.

Attacks on network infrastructure

Such attacks are divided into active and passive – the type directly depends on the malware. To provide protection against attacks on the network infrastructure, the following are used:

  • VPN;
  • proxy servers;
  • firewalls;
  • network monitoring systems.

But this concerns methods of protecting end users. As a penetration testing specialist, you will test attacks via SMB Relay and Responder, use PowerShell as a tool for attacks and network security analysis, check domain configuration, and capture and analyze network traffic.

Reverse engineering and malware analysis

But true cybersecurity experts go even further. They study and analyze the logic of executable files, investigate the results of malware operation, reverse-engineer compiled executable files and debug them. This is where assembly language, C, and the OllyDbg, x64dbg and GDB debuggers come in handy.

Preparation for CEH and OSCP exams

Passing the CEH and OSCP exams is optional, but it will allow you to consolidate the passed material, receive the appropriate certificates and put a fat point in training in the rank of a beginner, becoming a specialist. You should understand the technical details of the format for both exams and build an effective preparation plan.

Additional tools


  • OWASP ZAP – an open source cross-platform tool for automatically searching for vulnerabilities in web applications during development and testing;
  • Burp Suite – a set of interconnected components for a comprehensive security audit;
  • Metasploit is an open source platform for creating exploits for various operating systems.

Brute forcers:

  • THC-Hydra – multifunctional brute-force passwords;
  • RainbowCrack is a popular hash cracker;
  • John the Ripper is a cross-platform tool with three types of iteration: full, hybrid, and dictionary.

Network scanners:

  • Nmap;
  • ZMap;
  • Masscan.

Traffic analyzers:

  • Wireshark;
  • tcpdump;
  • mitmproxy.