This is something I always wanted to write, but never really find the time to do so and organized them. Well, since nobody is really going to published this as a book, why not just blog it onto the net pieces by pieces. I can make up the chapters along the way too. That certainly save me time from organizing it. Ok, I am lazy. This I admit.
First, lets take a look at the title of this article. Pentester. Well, I am sure it's a familiar term to many. A Pentester is basically a short of a Penetration Tester. Usually he is a security professional who conduct testing of the security of a subject (be it a application, network or even a physical location) by means of attacking it. Some people may want to use the word "hacking". I absolutely agree. However, there are many among the security professional who prefers not to be associated with the word hacking as it usually has a bad annotation.
I am sure some of you had already notice I used the word "he". Its not that I am male chauvinistic about this. I do admit there are a few pretty good security professional who are female. I knew a few from mother Russia. However, to make things simple, I would use the word "he" throughout. Just remember it can mean either sexes.
Next, the term "Art of War". The first reaction will be relating this to Sun Tzu's "Art of War". Well, I admit, I may be using something similar to run through these topics, but by no means do I want to translate it into a guide for Pentesters or explaining the whole book of Art of War. I remember there was somebody who would disagree with my term "Art". Pentesting is a science he would argued. I disagree. If Pentesting is a science, then simply it means that given the same application, for example, two different individual would have done the pentesting similarly (and maybe even word for word) and produced a similar report. If this is pentesting, no wonder my friend laugh at the joke about getting monkeys to do our pentesting in the future. I argued from the point that its an art because no two pentester will do it the same way. One might decided to deploy an sniffing attack on the application while another simply may want to unassemble some of the binaries. There are many ways and often the results varies. And I believe this is what makes one pentester better than another. I know this will hurt people who runs automatic tools such as nessus or appscan and then pull the beautiful report off their color laser printer and pass it to their boss. Sorry, strictly, I do not classify these people as pentester.
The term "War" probably raise some eyebrow. A serious Pentester treats his every project like a battle. In my opinion anyway. Each penetration test will have to be treated seriously like a war. All the strategy, the tactics to deploy as well as the resources gathering. All these plays a part in whether the project is successful or not. Of course, by means of sucessful, it means the Pentester found serious vulnerability and gotten in. Of course, the condition of winning will depends on each different engagement.
So, the following articles will concentrate on the strategy, tactics and the art of winning the war of pentesting.