The Key Skill-Set of Great Penetration Testers

Mar 24 2011 Mike Murray Uncategorized 7 Comments

I was reading an article entitled “Ideal Skill Set For the Penetration Testing” that I found fascinating. And while the author had some good points about the some of the more easily forgotten background skills that are required to be a great pen tester (e.g. OS and programming language skills), I think Keatron missed the majority of the real key skills that are required to become a great penetration tester.

Because, while it’s important to have all of the skills that he mentioned, one could have all of those skills and still be missing a lot.  In fact, I know a lot of people (even those who have penetration testing jobs) that have all of those skills in spades and yet have trouble executing on penetration tests.

For me, the difference between Keatron’s list and a great penetration tester comes down to one thing: intelligence types.   Specifically, the difference between convergent intelligence and divergent intelligence.  Convergent intelligence is the ability to derive a solution from the evidence available to us, while divergent intelligence is the act of taking a single thought or concept and finding multiple applications for it.

In the Western world, we have traditionally emphasized the importance of convergent intelligence – all of our schooling focuses on developing this type of intelligence. Yet, it is the ability to develop divergent intelligence that actually leads us to be great penetration testers.

Convergent Intelligence

Convergent intelligence is the ability to reach a conclusion from several pieces of data; that is, it involves the ability to find a solution from available information. This type of intelligence is mostly used in problem solving.

Moving from facts to a single answer

For example, you would be using convergent intelligence to answer the following questions:

  • What protocol generally runs on port 80?
  • What register is also called the Instruction Pointer?
  • Which utility do you use for listing the files in a directory on a *nix box?

These are the types of questions that the skills in Keatron’s article would provide – someone with a background in computer architecture, protocols and Unix administration would have no problem answering these.

Unfortunately, these aren’t the types of question that get asked very often while performing a penetration test.

Divergent Intelligence

Divergent intelligence is the act of starting from a central fact or idea and coming up with many possibilities or applications.

The traditional example of divergent intelligence is the answer to the question: “You have a brick.  How many uses can you come up with for it?

Moving from Facts to applications and ideas

These are the types of situations that we’re forced to confront more often than not in a penetration test.  For example:

  • The box you’re testing is only running Apache on port 80.  How many potential ways are there to attack it?
  • You’re attacking a box running SMB/Windows File Sharing.  What are your potential attack vectors?

The difference between a good penetration tester and someone with great system administration knowledge isn’t their mastery of ports and protocols, but the ability to answer questions like these.  And the ones who answer these the best are the ones who come up with the most potential answers – for example, if you didn’t come up with at least 5 answers to the first question and at least 10 to the second, you’re lagging way behind.

convergent intelligencedivergent intelligenceintelligenceskills

7 Comments

Leave a comment
JT

March 25, 2011 at 1:11 pm

Great article, and I agree that you located the critical piece of the puzzle. The only problem I see is that divergent intelligence can be “faked” by memorization. For example, you can read books and blogs and learn 5 ways to attack a web server if all you have available is port 80. The trick, and the thing that separates the elite, is the ability to find new ways to attack.

    rmurray

    March 25, 2011 at 1:22 pm

    Totally agree with your point on the ability to “fake” through memorization. So let us slightly modify your last sentence: “The trick, and the thing that separates the elite, is the ability to not have to “fake” your way through the techniques.” :)

Santi

March 26, 2011 at 2:46 am

Hey

I think it is not white or black rather we may have greys, for instance a guy that has on mind different techniques bcause he got them in different ways, but he finds out a specific situation where he takes part of one technique (code injection) and part of one other (CONECT tries) and then he thinks in a mixture of two more techniques, in that case he has innovative style, from my point of view. and is very common that successful attacks are materialized this way

Gmaster

September 10, 2012 at 7:04 am

Short but very well written. Special thanks for those two terms: convergent intelligence and divergent intelligence.

Andrew Jenkin

November 2, 2012 at 7:04 am

Good Article. Definetely Useful For The readers..!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>