The Key Skill-Set of Great Penetration Testers
I was reading an article entitled “Ideal Skill Set For the Penetration Testing” that I found fascinating. And while the author had some good points about the some of the more easily forgotten background skills that are required to be a great pen tester (e.g. OS and programming language skills), I think Keatron missed the majority of the real key skills that are required to become a great penetration tester.
Because, while it’s important to have all of the skills that he mentioned, one could have all of those skills and still be missing a lot. In fact, I know a lot of people (even those who have penetration testing jobs) that have all of those skills in spades and yet have trouble executing on penetration tests.
For me, the difference between Keatron’s list and a great penetration tester comes down to one thing: intelligence types. Specifically, the difference between convergent intelligence and divergent intelligence. Convergent intelligence is the ability to derive a solution from the evidence available to us, while divergent intelligence is the act of taking a single thought or concept and finding multiple applications for it.
In the Western world, we have traditionally emphasized the importance of convergent intelligence – all of our schooling focuses on developing this type of intelligence. Yet, it is the ability to develop divergent intelligence that actually leads us to be great penetration testers.
Convergent intelligence is the ability to reach a conclusion from several pieces of data; that is, it involves the ability to find a solution from available information. This type of intelligence is mostly used in problem solving.
For example, you would be using convergent intelligence to answer the following questions:
- What protocol generally runs on port 80?
- What register is also called the Instruction Pointer?
- Which utility do you use for listing the files in a directory on a *nix box?
These are the types of questions that the skills in Keatron’s article would provide – someone with a background in computer architecture, protocols and Unix administration would have no problem answering these.
Unfortunately, these aren’t the types of question that get asked very often while performing a penetration test.
Divergent intelligence is the act of starting from a central fact or idea and coming up with many possibilities or applications.
The traditional example of divergent intelligence is the answer to the question: “You have a brick. How many uses can you come up with for it?“
These are the types of situations that we’re forced to confront more often than not in a penetration test. For example:
- The box you’re testing is only running Apache on port 80. How many potential ways are there to attack it?
- You’re attacking a box running SMB/Windows File Sharing. What are your potential attack vectors?
The difference between a good penetration tester and someone with great system administration knowledge isn’t their mastery of ports and protocols, but the ability to answer questions like these. And the ones who answer these the best are the ones who come up with the most potential answers – for example, if you didn’t come up with at least 5 answers to the first question and at least 10 to the second, you’re lagging way behind.