Summary:

In this episode of Exploring Information Security, host Tim De Block sits down with James Gillkey to discuss hands-on hacking training at ShowMeCon. James is revamping a long-standing pentesting training course to bring modern techniques, updated tools, and a focus on efficiency to security professionals. He shares insights into building effective training labs, leveraging Python virtual environments, and incorporating real-world offensive security methodologies into a structured learning experience.

Topics Discussed

The evolution of hands-on hacking training and its history

Setting up virtualized pentesting environments with Python and GitHub tools

Common mistakes in pentesting and how to avoid them

The balance between red team engagements and SOC awareness

The importance of password cracking, enumeration, and network recon

How cloud security assessments differ from traditional network pentesting

The role of AI in pentesting and whether it’s a useful tool or a shortcut

ShowMeCon’s Fallout-themed hacking lab and what to expect in the training

Key Takeaways

Hands-on experience is crucial. The best way to learn pentesting is by doing it.

Virtualized environments simplify tool management and prevent conflicts.

AI is an emerging tool in pentesting, but it doesn’t replace fundamental knowledge.

Cloud security requires a different mindset due to its unique challenges and toolsets.

Communication with SOC teams is essential to avoid unnecessary panic during testing.

Efficiency matters. The goal of the training is to give students actionable skills they can use immediately.