Home / Blog / General / Learning the best ethical hacking techniques: Pen tester tales

March 28, 2019

With a full service 24/7 Security Operations Centre (SOC), we’re fortunate to attract some of the UK’s brightest Cyber Security talent.

So today, we’re taking a closer look at a day in the life of one of Comtact’s penetration testers, to get an insight into an elite pen tester’s training regime – and how they continue to learn the best ethical hacking techniques.

Just like training for a marathon, a lot of behind-the-scenes work goes into training and maintaining the most up-to-date cyber security skills that experienced penetration testers require.

A day in the life of a penetration tester

Day in the life of a pen tester

Penetration testing is a brilliant way of identifying your biggest security threats, quickly. But in addition to detailed reports of exploitable security threats uncovered in a penetration test, you should also get to talk face-to-face with the pen tester, together with senior members of their security team.

So it is always important to recognise that in addition to the actual penetration test and report, you’re also paying for many years of security expertise and experience on the part of the pen tester.

Face-to-face with an ethical hacker

So what actually goes into building the necessary skills – and staying up-to-date?

Well, we spoke to Joseph (not his real name), one of Comtact’s highest rated pen testers, with many years’ experience under his belt.

Taking time to investigate recent security breaches

Joseph really does treat his day like an elite athlete – albeit sat behind a computer. Fuelled by a strong coffee, Joseph will start his day by reviewing the overnight news – typically reviewing anywhere between 50-100 articles.

Joseph starts…

“There could be information about security breaches that have happened, or it could be information about newly discovered vulnerabilities and exploits. Recently, there was a pretty major new Oracle exploit; and there was a new Microsoft one yesterday too…”

“There could be information about security breaches that have happened, or it could be information about newly discovered vulnerabilities and exploits.”

Capture the Flag (CTF) missions

If he’s not on engagement, he also spends time on Capture the Flag (CTF) missions – no, not the game you played in the woods as kids, but specially-configured servers with baked-in hidden vulnerabilities.

Teams then compete in a race to identify and exploit security vulnerabilities – pitched against team from around the world. Good fun, but also a fantastic way to learn from others.

“There are four of us in my team, and they’re definitely a lot more fun when there are more people involved. With multiple people, you can bounce ideas off each other, and people have different knowledge.”

Gamification at its best!

“There are four of us in my team, and they’re definitely a lot more fun when there are more people involved. With multiple people, you can bounce ideas off each other, and people have different knowledge.”

“In fact, the other day, I was working with a hacker friend of mine – on a VPN with my spare laptop – and asked him to take a look around.”

“Within half an hour, he’d managed to find something I’d initially overlooked which led us to a whole bunch of user passwords, which is the initial foothold you need to start creating problems inside a network – if you had malicious intentions, at least.”

“Then, once you’ve got user privileges, you can then start to escalate those privileges and look for admin rights, which will let you perform much more damaging acts in a network.”

“The speed at which you can do this varies massively, and in the real-world is a very good indicator of the strength of an organisation’s defences.”

Pen Tester (Joseph)

If that sounds like a fun morning…

In the afternoon after lunch, Joseph then needs to start on a slew of admin tasks.

“I’m really bad with scheduling. It’s easy to overlook the admin time it takes to get scoping calls done with a new client, NDAs signed, or a Statement of Works agreed and signed-off.”

“It’s easy to overlook the admin time it takes to get scoping calls done with a new client… NDAs signed, or a Statement of Works agreed and signed-off.”

After that, it’s important to stay up to date with new infrastructure too, so Joseph always spends an hour or so to understand infrastructure configurations, or look at newly-released CPD materials from Cyber Essentials, CREST and other accredited providers.

As Joseph spends most of his time on-site with clients, it is naturally important to make the most of his “free” time – always aware that continual development and learning is an essential trait for the job. And that’s his training done for the day. Phew!

Continual learning & training

Just like our own personal careers, success is achieved through hard work and continual development – just like a professional athlete. What happens on race day is down to the many hours of focused training each athlete endures – and penetration testing is no different.

Training, practice and hours of reading all come together to form a crucial part of the pen tester’s skillset – which is what you’re paying for (as a client) – to ensure your network defences are rigorously tested.


Related articles:

Comtact's UK Security Operation Centre (SOC)


About Comtact Ltd.

Comtact Ltd. is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC).

Located at the heart of a high security, controlled-access Tier 3 data centre, Comtact’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.