Where to even begin...
#1
I'll preface this with the following: I'm interested in many directions. If I had to state a goal right now of what I want to get out of this, it would be to eventually pass OSCP. That is currently way over my head. Any pointers on where to start? I feel like I could be all over the place.

I ask because I've got college classes going on, an intense leadership course, and on top of that three months of ojt/upgrade training. I don't currently have much time to devote to anything else at the moment. This should all die down some come April or May.

I know personal interests could affect advice, but that aside, I just want to try and prepare a track for myself. To keep me heading in one direction for the time instead of hopping around. Which is also ok. It just depends.

I'm slowly figuring out linux at the moment. I have several books I could read: Hacking: AoE,
Weidman's Penetration Testing, The C Programming Language by Kernighan & Ritchie, and loads of digital stuff off Humble Bundle. I've started Hacking: AoE before but had to put it down during a major move. I was also considering messing around with OverTheWire CTFs. Has anyone used that? Does anyone recommend CTFs somewhere else? Or vulnhubs or hackthebox? (also over my head at the moment)

Any tips & advice is great. I know the choice is up to me. Just trying to get a bearing for maybe where I should start first
Reply
#2
For what you are saying I would say that you actually know what you want and you are in the right direction.
I would also suggest ctftime for your ctfs, it is a good website and has a lot of fields, writeups are also available at: ctftime.org/writeups
If you are into that check it out!

Also if you are busy at the moment just devote the time you have left to read books or watch conferences or whatever suits you more.
Just don't push you too much or you will end up getting bored.
The sources and books you mentioned are actually pretty good too.

I don't think you actually need directions, you got it all man hahah
Good luck!  Tongue
Reply
#3
I think you just answered your own question. Just keep going where you are going now. Keep learning linux and commandline, it's very useful. And learning C will be very useful for you if you want to get into reverse engineering and stuff, I recommend you keep at it. (I'm learning it as well).

And doing CTFs like overthewire is really great as well! You'll get to become more confident in your practical skills, and that's very important for OSCP as well. It's a very practical exam. Got a whole section for that: https://greysec.net/forumdisplay.php?fid=15

In my own experience, I cannot tell you where to start. You can start anywhere IMO. Just dive in and make your own path! The hacking area is so broad sometimes it's easy to sit and think where to start but don't get anyware. Better to start learning what you can, when you can!

If you want some quick hacking stuff though, I would recommend learning web application hacking and stuff. I got a few threads on SQLi injection and so does others. https://greysec.net/forumdisplay.php?fid=9

I made a post here with some book recommendations as well: https://greysec.net/showthread.php?tid=8...45#pid9445
Reply
#4
Thank you enmafia2 and Insider.

I saved those links you both shared for later reference.

I'm glad to hear you think I'm on the right track on my own. And I definitely don't want to push myself too hard right now. Good reminder. Cypher and I were talking about burnout quite a bit recently.
Reply
#5
I've been thinking about where I want to focus myself at the moment, and I realized that being so new to this, maybe I should take a step back. I understand some security concepts and opsec etc., but my foundation in it could be much better to start with. I'll continue to tinker with linux and such as I'm inspired and follow the rabbit holes, but I think I want to focus more on security as a whole, then learning how stuff works, and then learning how to think around the stuff and/or break it.

So I started reading Social Engineering: The Art of Human Hacking by Christopher Hadnagy. I was scrolling through my digital library, came across it, and thought maybe learning about the human element will give me some good insight into security and grow me as a critical thinker. I'm not particularly interested in learning social engineering as a means to an end, but just for the knowledge I can take way (at least at this time).

If any of you are tracking what I'm trying to say, do you have a suggestion on any other good resources for building my security foundation? Definitely ask if you need some clarification.
Reply
#6
(02-22-2018, 05:16 AM)acolyte Wrote: If any of you are tracking what I'm trying to say, do you have a suggestion on any other good resources for building my security foundation? Definitely ask if you need some clarification.

Well I thought you were conviced haha
If you don't know the fields you are interested in you can always check them all one by one and see which ones you like the most. If you are a visual learner like I am conferences are really interesting. Check this website out: https://infocon.hackingand.coffee
Reply
#7
(02-22-2018, 08:35 AM)enmafia2 Wrote: Well I thought you were conviced haha
If you don't know the fields you are interested in you can always check them all one by one and see which ones you like the most. If you are a visual learner like I am conferences are really interesting. Check this website out: https://infocon.hackingand.coffee

I'm not conflicted. I was agreeing to take it slow at the moment with all the other stuff I have going on at the moment, as well as agreeing I'm making my own path and such.

Since I only have time for reading right now and not so much the hands on stuff, I'm just gonna read a book for now. And I want to  learn more about security in general, opsec, etc. I think Social Engineering is a great read to go with. I was just asking for more material, if anyone has a suggestion.

Here's an example: I know some opsec, but I don't have a lot of technical experience with keeping myself protected. I didn't think to use something like full disk encryption for my linux box. Because there is so much I don't know, there are definitely ways I could be practicing security that I don't know of.

Does that make sense? I'm just looking for some other good reads. If not, I'll find stuff either way. I know Cypher posted some good stuff over the past few days, like How to Master Secret Work. I also found The Paranoid Bible.
Reply
#8
(02-22-2018, 08:11 PM)acolyte Wrote:
(02-22-2018, 08:35 AM)enmafia2 Wrote: Well I thought you were conviced haha
If you don't know the fields you are interested in you can always check them all one by one and see which ones you like the most. If you are a visual learner like I am conferences are really interesting. Check this website out: https://infocon.hackingand.coffee

I'm not conflicted. I was agreeing to take it slow at the moment with all the other stuff I have going on at the moment, as well as agreeing I'm making my own path and such.

Since I only have time for reading right now and not so much the hands on stuff, I'm just gonna read a book for now. And I want to  learn more about security in general, opsec, etc. I think Social Engineering is a great read to go with. I was just asking for more material, if anyone has a suggestion.

Here's an example: I know some opsec, but I don't have a lot of technical experience with keeping myself protected. I didn't think to use something like full disk encryption for my linux box. Because there is so much I don't know, there are definitely ways I could be practicing security that I don't know of.

Does that make sense? I'm just looking for some other good reads. If not, I'll find stuff either way. I know Cypher posted some good stuff over the past few days, like How to Master Secret Work. I also found The Paranoid Bible.

Here you can find some exciting titles to buy  Tongue
https://greysec.net/showthread.php?tid=857
Reply
#9
(02-23-2018, 10:11 AM)enmafia2 Wrote: Here you can find some exciting titles to buy  Tongue
https://greysec.net/showthread.php?tid=857

b^.^d
Reply
#10
Acolyte,
You seem to be very broad spectrum most books are references and you should goto them as such. Trying to learn threw just a book or a few with out a Human interface (Sponsor I.E. Forum boards, and videos) is re creating the wheel. I see you are working on your --->TruLinux Skills<--- That's great get your Kernel (TruLinux) skills up to the best. Start with anything your used to do with GNU (Graphic interface)
-Processes (What makes it Tick)
+Understand the Native ones (required)
+Terminate them
+Bring them to the foreground
+Return them to the background
-Directory tree (There's only one and its powerful)
+Directory Commands
+Location of items
+Space allocation of files and directory
-Hardware (Innovation comes with the ability to add)
+Which directory are they In?
+See the modification you can and cant do?
+How to modify Driver's
-User (Who's doing what)
+ Root
+ Create Users/Groups/
+ Creating/Changing Groups
-Rights (Dictatorship of Linux no better ways to take control of a accessed computer)
+The types
+When to issue them
+How to revoke them
-Network (The highways of the technology world can you drive on it safely)
+Connecting to the WorldWideWeb (STATIC, DHCP, DNS)
+Virtual Private Networks (VPN, SoCks,)
+SSH and TLS capabilities and how utilize them
Once you have to figured out how to do it and confident in the GNU. Step it up and do it all in the Kernel(command line). By doing this you will learn to use all the logs within Linux this will get you to the point were your down time is seconds and not hours or days. Once you have mastered the kernal commands automate them right your con-fig files and scripts to execute common commands. Once you can conduct all your required business in GUI, Kernel and Automated. It is time to expand your capabilities with new applications and scripts. When you something goes wrong with these application-error you will know how to pull logs and read them. Also you will know how to read the read-me. That will explain what the application was originally meant to be used for. Once you get to this point you can be innovative and modify the applications successfully to do exactly what you need them to do. I hope this helped you. If there is anything I can do don't hesitate to ask.
-->L0stH0p3Ful<--
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  sections I think we should have even if probably no one agrees with me QMark 2 3,762 02-10-2018, 12:08 AM
Last Post: MuddyBucket