An absolutely excellent post about penetration testing by maderas: Shared thoughts after 6+ years in Pentesting. The insight provided is astounding. I kept reading and thinking, “I love this quote and need to pull it out,” but I kept thinking that just about every 2-3 sentences or so.
One of my favorites, though, is this line about the process of pen testing an environment: “Always be advancing your position(s).” I love this quote, and while I haven’t thought this exactly myself, it fits. There were are times in a lab looking at a system or already having access, where I’m feeling stuck. The author makes a chess analogy, and while I like his better, I also in my mind make one: “What is my next goal, and what steps can I take to get there?” Imagine what success looks like (capturing a Queen, getting root on this system), and start going through the permutations of how to get there, while at the same time fending off other attacks, mistakes, and not giving away the goal to an opponent).
I really like this post, and I really like the attitude of the author. Prefers knowing the surgical, underlying tools rather than the paid commercial stuff (Hack Naked!). Towards the end, there are some links for further study in anonymization and tools.
Honestly, I really might just snag that whole post as text and put it into a folder for reading when I need some inspiration or perspective.