Guest User

Prerequisite Skills to Studying Security 1.1

a guest
Jul 24th, 2021
784
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. DOCUMENT VER 1.1
  2. WRITTEN 2021-07-23
  3. TITLE "Prerequisite Skills to Studying Security"
  4.  
  5. The best thing you can do for yourself at this stage is expose yourself to many
  6. different topics and obtain a surface-level understanding of them. Hacking
  7. isn't a single skill, but rather exhausting as many possibilities as you can
  8. think of to accomplish a given task. Understand how systems are built before
  9. attempting to break them.
  10.  
  11. Use Library Genesis to search for the books mentioned. Yes it's safe. If you
  12. don't trust it then use a VM and scan the downloads for viruses.
  13. http://libgen.rs/
  14.  
  15. > Linux
  16.  
  17. Start with "The Linux Command Line" by William Shotts. It will take you from
  18. nothing to competent. This book should be enough for you to do the OverTheWire
  19. Bandit challenges which you can think of as a sort of rite of passage.
  20. https://overthewire.org/wargames/bandit/
  21.  
  22. If you are inclined, you can follow this up with "How Linux Works" by Brian
  23. Ward for some recap as well as a deeper dive into some more sysadmin focused
  24. topics that are just touched on in TLCL. Web security is basically just an
  25. application of DevOps so these are important things to understand. It will also
  26. offer you an extremely high-level introduction into how the kernel itself works
  27. which should be all you need if you are just going into web security.
  28.  
  29. If you want to really apply your Linux knowledge to a final lab then consider
  30. following the Linux From Scratch project:
  31. https://www.linuxfromscratch.org/lfs/
  32. It will have you build a Linux system from source so you'll encounter
  33. everything there is to know on the user's end and how the filesystem is laid
  34. out. It's just a book. Don't convince yourself you wouldn't be able to do it.
  35.  
  36. > Scripting/Python
  37.  
  38. My personal recommendation is to start with Python because it's such an
  39. incredible "Swiss Army knife" for hacking oriented tasks.
  40.  
  41. I like "Python Crash Course" by Eric Matthes because it's really two books in
  42. one: the first half is a typical beginners textbook, and the second half is
  43. three "real-world" projects: data visualization, game development, and web
  44. development. These may not seem directly relevant, but in the interest of
  45. exposing yourself to new things, what this should accomplish is demystifying
  46. software development so you have an idea as to how the systems you will be
  47. attacking are created, as well as the ability to look through a software
  48. project and understand how and why it is laid out the way it is.
  49.  
  50. If you'd like to follow that up with another book to drill in the concepts and
  51. to provide another teaching style and set of exercises, consider reading "Learn
  52. Python 3 the Hard Way" by Zed Shaw.
  53.  
  54. Python's most valuable feature is its thorough standard-library. Python 3
  55. Module of the Week, or the reference textbook equivalent "Python 3 Standard
  56. Library by Example" by Doug Hellmann presents libraries sorted in categories
  57. that will be helpful in aiding you to create your own scripts to accomplish
  58. tasks instead of relying on niche and archaic hacking tools you may find on
  59. github.
  60. https://pymotw.com/3/
  61.  
  62. Here are some websites that you can use for more coding exercises. You don't
  63. need to be as skilled as a software developer, but you should be able to brute
  64. force your way through easy to medium challenges without issue.
  65. https://edabit.com/
  66. https://www.codewars.com/
  67. https://leetcode.com/
  68. https://projecteuler.net/
  69.  
  70. Remember you can always seek guidance in /cyb/ or /dpt/.
  71.  
  72. > Networking
  73.  
  74. Unless you are planning to go into a network-related job you really don't need
  75. to go that deep into networking. "Computer Networking: A Top-Down Approach" by
  76. James F. Kurose and Keith Ross will teach you everything you should know. It
  77. has a "focus on security" throughout the book and an entire chapter on network
  78. security. I would urge you not to read this cover to cover but instead to be
  79. diligent in determining what parts will help you in the immediate future;
  80. namely the application layer.
  81.  
  82. Additionally, it has highly valuable WireShark packet analysis labs and Python
  83. network programming labs. If either of those things interests you enough to
  84. read additional material on them, consider "Practical Packet Analysis" by Chris
  85. Sanders and "Foundations of Python Network Programming" by Brandon Rhodes and
  86. John Goerzen.
  87.  
  88. > A Path Forward
  89.  
  90. At this point you have a solid foundation for beginning security oriented
  91. research. "The Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus
  92. Pinto is a great starting point because it's the only book around that really
  93. teaches attack methodology. At the same time, start doing as many CTF
  94. challenges as you can. The knowledge and experience you gain from doing one
  95. will lead to the next one.
  96.  
  97. Sec+ and PenTest+ certification study guides can be used as a check list for
  98. what you "should know" as a beginner from the industry's perspective. PenTest+
  99. in particular will give you insight into non-technical aspects of pentesting
  100. that aren't talked about as much. Note that this is not an endorsement of those
  101. certifications; I'm only suggesting that you read the study guides.
  102.  
  103. Possibly the most important skill is quickly thinking through and solving
  104. problems. You should be capable of intelligently researching a challenge you
  105. aren't understanding.
  106.  
  107. If you want more fundamentals to grind then here are some sub-topics that could
  108. be useful to you in doing CTFs:
  109.  
  110. * Web Scraping:
  111.  
  112. * "Web Scraping with Python" by Ryan Mitchell
  113.  
  114. * Web Development:
  115.  
  116. These were chosen to introduce you to as many different technologies as
  117. possible, not because they are the best path to learning webdev. If that's
  118. what you want to do, get better resources from /wdg/.
  119.  
  120. * William Vincent's book series on Django development
  121. * "Learning PHP, MySQL & JavaScript" by Robin Nixon
  122. * "30 Days of React" by fullstackreact
  123. * "Web Development with Node and Express" by Ethan Brown
  124. * "Designing Data-Intensive Applications" by Martin Kleppmann
  125. * "CSS in Depth" by Keith J. Grant
  126.  
  127. And as always, consult the installgentoo wiki for resources on computer science
  128. and more advanced programming.
  129. https://wiki.installgentoo.com/wiki/Programming_resources
RAW Paste Data