Starting in cyber security (PATH/GUIDE)
#1
Hello All
This path/guide is credited by - x0rz
(Blog post - Here)


You are looking to start a technical career in infosec or cyber? You are curious about how things work and have thirst in learning new skills? Great! Let’s get started then ?

First thing first
A true computer hacker is someone able to develop its own tools in an elegant way. Unlike the script-kiddies — that by definition are just kids using other people’s scripts — a talented hacker must 1) comprehend what a script/tool is doing and how it basically works 2) able to develop its own tools when needed and first and foremost 3) understand the basics of IT: do you know how a computer is generally working? This is not that easy to be honest. Could you list what are the network stacks used in modern computing? You should definitely look it up and learn the basics, otherwise you’ll get overwhelmed looking at security specific topics.

That is why, before doing anything «security» related (pentesting, bug hunting, reverse engineering, etc.) I highly recommend knowing the basics: learn computer programming. Learn C, Python and x86 (in that order or not).

C is the mother of all native languages, with its strength and weaknesses. Linux is built in C. Windows kernel is built in C. And C is the natural introduction to its big brother C++ on which a lot of software rely on (userland Windows for example). I strongly advise you to learn C, you just cannot ignore how widespread it is.
Python is the most important scripting language in the community and one of the most rapidly growing programming language (see image below). It has a lot of interesting modules already ready for you to enjoy. It’s very handy to write quick PoCs and most people in the community will understand Python. Alternatively you can learn Ruby that is also very much used (ie. Metasploit framework): pick your poison.

Finally, x86/x64 Intel assembly is a must-have if you want to know the basics of reverse engineering. Nowadays very few people actually code in assembly code, but native compiled code can be reverted in assembly code… which you might want to understand to reverse and understand binary files (executables).

You don’t need to master these three languages, but at the very least be familiar with them. There are plenty of decent tutorials that you can find on Google.


Learning resources
Here is a curated list of awesome information security resources with tons of courses and links.

https://hackmd.io/s/V1GLSF0R#open-security-books

Get into the culture
Not everything is technical. Being a hacker is more about the mindset than the actual knowledge (in my opinion).

Read hacking zines like Phrack. There are some classics out there that you cannot miss. You’ll learn a lot reading them. Don’t get overwhelmed by the technical details, you can’t (and no one can) know everything about anything. Read what you like and find useful to you.

Hacker’s Manifesto: http://phrack.org/issues/7/3.html
Archive of zines: https://github.com/fdiskyou/Zines

Also, watch movies for hackers! ☠️?

Recommended books
So now, do you want to get into malware research and reverse engineering? Pentesting? Or web application security? Maybe the most difficult thing to do, is to choose a starting topic. You cannot master all the things — so pick the one you like the most and start with this.
If you’re more into vulnerability research (memory bugs, buffer overflows, etc.), this book is the reference and a great starter: https://www.amazon.com/Hacking-Art-Explo...593271441/

Certifications
I personally think most certifications are useless. If you need a certification to work at {Cool Company Inc.}, their hiring process is broken and they should know better.
If you really need (or want) one certification, I’m willing to endorse OSCP which is fairly advanced and well known. Forget about CEH and all other expensive EC-Council crap certifications. Please don’t give them any credit.


Finally, ask the community
Get in touch with others on Twitter, IRC, Jabber etc. Don’t be shy and ask for help! Only thing… Google it first!
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  CCNA Official Cert Guide Chapter 1 Notes - FEEL FREE TO STUDY!!! QMark 0 30 5 hours ago
Last Post: QMark
  which is better: elearn security or SANS? QMark 5 976 04-30-2020, 06:56 PM
Last Post: QMark
  How did you get into security? kms 18 9,934 05-09-2018, 09:44 PM
Last Post: 0xide
  my friend gave me a hella cool offensive security challenge QMark 11 6,313 03-14-2018, 07:09 PM
Last Post: QMark