Prerequisites & Skills

Why This Matters

Penetration testing is like being a digital locksmith, you can’t pick locks if you don’t understand how they work.

Core Knowledge

Security Fundamentals

• CIA Triad: Confidentiality, Integrity, Availability

• Attack Vectors: Social engineering, unpatched systems, misconfigurations, insider threats

Networking Basics

• TCP vs UDP: TCP = reliable, UDP = fast but lossy

• HTTP/HTTPS: Web apps are the main attack surface

• DNS: Human-readable names → IP addresses, attack opportunities: poisoning, takeover

• Ports & Services: Common targets:

  • 80/443 (HTTP/HTTPS), 22 (SSH), 3389 (RDP), 445 (SMB)

  • DB ports: 3306 (MySQL), 5432 (PostgreSQL), 1433 (MSSQL)

Operating Systems

• Windows: Active Directory, PowerShell, services, registry, event logs

• Linux: Filesystem (/etc, /var/log, /tmp), Bash scripting, cron jobs, process permissions

Scripting & Programming

• Python: Automation, network tools, parsing, API interaction

• Bash: Linux automation, text processing, system integration

• PowerShell: Windows automation, remoting, object-oriented commands

Web Technologies

• HTML/JS: DOM manipulation, events, AJAX

• HTTP: Methods (GET/POST/PUT/DELETE), headers, cookies, status codes

Quick Resources: Kali Linux, VirtualBox/VMware, Metasploitable, OWASP Testing Guide, "Web Application Hacker’s Handbook"

Start simple, practice constantly, understand systems, then break them creatively.