We're testing for Security Analysts, not for pen-testers.
Hello
@Tess Sluijter, thanks for reading my post. Appreciate your comments! In short - you can NEVER have too much.
I guess it goes along with the definition of "security analyst" and "pen-tester". One might consider them to the same thing; like so many other things in the IT world, definitions are not very static - they have have different meanings within the Job Description.
I do suggest a lot of tools because the OP was looking for a comprehensive list of tools used for building a laboratory environment. I would agree - deep knowledge of how to use Metasploit or Kali is not as intense in CySA as it would be in PT+. But there is a LOT of cross-over between these different credentials, because they are two sides of the same coin. CySA, as you know is basically "Blue Team Operations"; PenTest is "Red Team Operations". And exposure to Nessus, Qualys, OpenVAS, Burp, Nikto, dig, how to do a dd for a forensic capture, or how to read and study log files is essential technical knowledge for the CySA, as well as building a vulnerability program, incident management, and all the various IT and security management frameworks is critical to being successful.
I know for myself, I can talk about Metasploit all day long, but until I used it the first time to scan a targeted Windows box for Bluekeep, it didn't become real to me. I may or may not have sat out in my backyard one fine evening with a little laptop running Kali and fiddled with Aircrack-NG with the scores of APs in my neighborhood...not going to lie. (don't worry, I didn't break INTO anything, but it cemented the knowledge of how painfully easy it is to penetrate - which is benefits me as a defender) And I have been using OpenVAS on my corporate network to scan my servers and vulnerabilities pretty regularly.
In fact, I scanned my population of Polycom phones with OpenVAS and they all started ringing when the sweep happened. That was a sorry/not sorry/funny moment.
Both CySA and PenTest benefit from deep knowledge of the other. I personally see these two exams as interrelating as much as A+ does for (historically) hardware and software, which now have even a tighter blend with Core 1 and 2.
So yes, while my list is long, I am quite certain I didn't mention everything needed because when building an instructional lab, instructors need to overprepare and build much more varied environments for their students. While students often have that mindset of "what is the minimum I need to pass the exam", instructors need to really be saying, "how can i enrich my learning environment to provide more resources than I could ever cover in class".
/r
