Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DOCUMENT VER 1.1
- WRITTEN 2021-07-23
- TITLE "Prerequisite Skills to Studying Security"
- The best thing you can do for yourself at this stage is expose yourself to many
- different topics and obtain a surface-level understanding of them. Hacking
- isn't a single skill, but rather exhausting as many possibilities as you can
- think of to accomplish a given task. Understand how systems are built before
- attempting to break them.
- Use Library Genesis to search for the books mentioned. Yes it's safe. If you
- don't trust it then use a VM and scan the downloads for viruses.
- http://libgen.rs/
- > Linux
- Start with "The Linux Command Line" by William Shotts. It will take you from
- nothing to competent. This book should be enough for you to do the OverTheWire
- Bandit challenges which you can think of as a sort of rite of passage.
- https://overthewire.org/wargames/bandit/
- If you are inclined, you can follow this up with "How Linux Works" by Brian
- Ward for some recap as well as a deeper dive into some more sysadmin focused
- topics that are just touched on in TLCL. Web security is basically just an
- application of DevOps so these are important things to understand. It will also
- offer you an extremely high-level introduction into how the kernel itself works
- which should be all you need if you are just going into web security.
- If you want to really apply your Linux knowledge to a final lab then consider
- following the Linux From Scratch project:
- https://www.linuxfromscratch.org/lfs/
- It will have you build a Linux system from source so you'll encounter
- everything there is to know on the user's end and how the filesystem is laid
- out. It's just a book. Don't convince yourself you wouldn't be able to do it.
- > Scripting/Python
- My personal recommendation is to start with Python because it's such an
- incredible "Swiss Army knife" for hacking oriented tasks.
- I like "Python Crash Course" by Eric Matthes because it's really two books in
- one: the first half is a typical beginners textbook, and the second half is
- three "real-world" projects: data visualization, game development, and web
- development. These may not seem directly relevant, but in the interest of
- exposing yourself to new things, what this should accomplish is demystifying
- software development so you have an idea as to how the systems you will be
- attacking are created, as well as the ability to look through a software
- project and understand how and why it is laid out the way it is.
- If you'd like to follow that up with another book to drill in the concepts and
- to provide another teaching style and set of exercises, consider reading "Learn
- Python 3 the Hard Way" by Zed Shaw.
- Python's most valuable feature is its thorough standard-library. Python 3
- Module of the Week, or the reference textbook equivalent "Python 3 Standard
- Library by Example" by Doug Hellmann presents libraries sorted in categories
- that will be helpful in aiding you to create your own scripts to accomplish
- tasks instead of relying on niche and archaic hacking tools you may find on
- github.
- https://pymotw.com/3/
- Here are some websites that you can use for more coding exercises. You don't
- need to be as skilled as a software developer, but you should be able to brute
- force your way through easy to medium challenges without issue.
- https://edabit.com/
- https://www.codewars.com/
- https://leetcode.com/
- https://projecteuler.net/
- Remember you can always seek guidance in /cyb/ or /dpt/.
- > Networking
- Unless you are planning to go into a network-related job you really don't need
- to go that deep into networking. "Computer Networking: A Top-Down Approach" by
- James F. Kurose and Keith Ross will teach you everything you should know. It
- has a "focus on security" throughout the book and an entire chapter on network
- security. I would urge you not to read this cover to cover but instead to be
- diligent in determining what parts will help you in the immediate future;
- namely the application layer.
- Additionally, it has highly valuable WireShark packet analysis labs and Python
- network programming labs. If either of those things interests you enough to
- read additional material on them, consider "Practical Packet Analysis" by Chris
- Sanders and "Foundations of Python Network Programming" by Brandon Rhodes and
- John Goerzen.
- > A Path Forward
- At this point you have a solid foundation for beginning security oriented
- research. "The Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus
- Pinto is a great starting point because it's the only book around that really
- teaches attack methodology. At the same time, start doing as many CTF
- challenges as you can. The knowledge and experience you gain from doing one
- will lead to the next one.
- Sec+ and PenTest+ certification study guides can be used as a check list for
- what you "should know" as a beginner from the industry's perspective. PenTest+
- in particular will give you insight into non-technical aspects of pentesting
- that aren't talked about as much. Note that this is not an endorsement of those
- certifications; I'm only suggesting that you read the study guides.
- Possibly the most important skill is quickly thinking through and solving
- problems. You should be capable of intelligently researching a challenge you
- aren't understanding.
- If you want more fundamentals to grind then here are some sub-topics that could
- be useful to you in doing CTFs:
- * Web Scraping:
- * "Web Scraping with Python" by Ryan Mitchell
- * Web Development:
- These were chosen to introduce you to as many different technologies as
- possible, not because they are the best path to learning webdev. If that's
- what you want to do, get better resources from /wdg/.
- * William Vincent's book series on Django development
- * "Learning PHP, MySQL & JavaScript" by Robin Nixon
- * "30 Days of React" by fullstackreact
- * "Web Development with Node and Express" by Ethan Brown
- * "Designing Data-Intensive Applications" by Martin Kleppmann
- * "CSS in Depth" by Keith J. Grant
- And as always, consult the installgentoo wiki for resources on computer science
- and more advanced programming.
- https://wiki.installgentoo.com/wiki/Programming_resources
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement