Guest User

Untitled

a guest
Jul 23rd, 2021
1,091
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. DOCUMENT VER 1.0
  2. WRITTEN 2021-07-23
  3.  
  4. The best thing you can do for yourself at this stage is expose yourself to many
  5. different topics and obtain a surface-level understanding of them. Hacking
  6. isn't a single skill, but rather exhausting as many possibilities as you can
  7. think of to accomplish a given task. Understand how systems are built before
  8. attempting to break them.
  9.  
  10. Please use Library Genesis to search for the books mentioned. Yes it's safe. If
  11. you don't trust it then use a VM and scan the downloads for viruses.
  12. http://libgen.rs/
  13.  
  14. > Linux
  15.  
  16. Start with "The Linux Command Line" by William Shotts. It will take you from
  17. nothing to competent. This book should be enough for you to figure out the
  18. OverTheWire Bandit challenges which you can think of as a sort of rite of
  19. passage.
  20. https://overthewire.org/wargames/bandit/
  21.  
  22. If you are inclined, you can follow this up with "How Linux Works" by Brian
  23. Ward for some recap as well as a deeper dive into some more system admin
  24. focused topics that are just touched on in TLCL. Web security is basically just
  25. an application of DevOps so these are important things to understand before
  26. proceeding. It will also give you an extremely high-level introduction into how
  27. the kernel itself works which should be all you need if you are just going into
  28. web security.
  29.  
  30. If you really want to apply your Linux knowledge to some final lab then
  31. consider following the Linux From Scratch project:
  32. https://www.linuxfromscratch.org/lfs/
  33. It will have you build a Linux system from source so you'll encounter
  34. everything there is to know on the user's end and how the filesystem is laid
  35. out. It's just a book. Don't convince yourself you wouldn't be able to do it.
  36.  
  37. > Scripting/Python
  38.  
  39. My personal recommendation is to start with Python because it's such an
  40. incredible "Swiss Army knife" for hacking oriented tasks.
  41.  
  42. I really like "Python Crash Course" by Eric Matthes because it's really two
  43. books in one: the first half is a typical beginners textbook, and the second
  44. half is divided 3 "real-world" projects: data visualization, game development,
  45. and web development. These may not seem directly relevant, but in the interest
  46. of exposing yourself to new things, what this should accomplish is demystifying
  47. software development so you have an idea of how the systems you will be
  48. attacking are created, as well as the ability to look through a software
  49. project and understand how and why it is laid out the way it is.
  50.  
  51. I would then recommend that you follow that up with another book to really
  52. drill in the concepts and to provide another teaching style and set of
  53. exercises. If you decide to do this, I recommend "Learn Python 3 the Hard Way"
  54. by Zed Shaw for this task.
  55.  
  56. Python's most valuable feature is its thorough standard-library. Never reinvent
  57. the wheel. To get an idea of the most useful modules in the Python STL I
  58. recommend Python 3 Module of the Week, or the reference textbook equivalent
  59. "Python 3 Standard Library by Example" by the same author, Doug Hellmann.
  60. https://pymotw.com/3/
  61. If you are already decent at scripting logic, knowing how to use these
  62. libraries will be extremely helpful in aiding you to create your own tools and
  63. short scripts to accomplish tasks instead of relying on niche and archaic
  64. hacking tools you may find on github. Just look how massive pentesting distro
  65. package repos are for yourself: https://blackarch.org/tools.html
  66.  
  67. Here are some websites that you can use for more coding exercises. You don't
  68. need to be a perfect software development, but you should be able to brute
  69. force your way through easy to medium challenges pretty easily.
  70. https://edabit.com/
  71. https://www.codewars.com/
  72. https://leetcode.com/
  73. https://projecteuler.net/
  74.  
  75. Remember you can always ask questions either in /cyb/ or /dpt/ for guidance.
  76.  
  77. > Networking
  78.  
  79. Unless you are planning to go into a network-related job, you really don't need
  80. to go that deep into networking. "Computer Networking: A Top-Down Approach" by
  81. James F. Kurose and Keith Ross will alone teach you everything you should know.
  82. It has a "focus on security" throughout the book and an entire chapter on
  83. network security. I would urge you not to read this cover to cover but instead
  84. to be diligent in determining what parts of the book will help you in the
  85. immediate future. Really take notes and study the ins and outs of the
  86. application layer especially.
  87.  
  88. It has plentiful exercise questions and both WireShark packet analysis labs and
  89. Python Network Programming (with sockets) labs. These are extremely valuable to
  90. do and I highly recommend taking them seriously. If either of those things
  91. interests you enough to read additional material on them, consider reading
  92. "Practical Packet Analysis" by Chris Sanders and "Foundations of Python Network
  93. Programming" by Brandon Rhodes and John Goerzen.
  94.  
  95. > A Path Forward
  96.  
  97. At this point you have an extremely solid foundation for beginning security
  98. oriented research. "The Web Application Hacker's Handbook" by Dafydd Stuttard
  99. and Marcus Pinto is a great starting point because it's the only book around
  100. that really teaches and emphasizes attack methodology. At the same time, start
  101. doing as many CTF challenges as you can. The knowledge and experience you gain
  102. from doing one will lead to the next one.
  103.  
  104. Flipping through the Sec+ and PenTest+ certification study guides will act as
  105. a check list for what you "should know" as a beginner in security from the
  106. industry's perspective. PenTest+ in particular will give you insight into
  107. non-technical aspects of pentesting that isn't talked about as much. Note that
  108. this is not a recommendation for what certifications to get; I'm only trying to
  109. suggest that you read the study guides.
  110.  
  111. You should also know enough at this point to intelligently research a specific
  112. topic if there is a challenge you are having trouble understanding. An
  113. important skill is quickly thinking through and solving problems.
  114.  
  115. If you want more fundamentals to grind then here are some sub-topics that could
  116. be useful to you in doing CTFs:
  117.  
  118. * Web Scraping:
  119.  
  120. * "Web Scraping with Python" by Ryan Mitchell
  121.  
  122. * Web Development:
  123.  
  124. These were chosen to introduce you to as many different technologies as
  125. possible, not because they are the best path to learning webdev. If that's
  126. what you want to do, get better recommendations from /wdg/.
  127.  
  128. * William Vincent's book series on Django development
  129. * "Learning PHP, MySQL & JavaScript" by Robin Nixon
  130. * "30 Days of React" by fullstackreact
  131. * "Web Development with Node and Express" by Ethan Brown
  132. * "CSS in Depth" by Keith J. Grant
  133.  
  134. And as always, consult the installgentoo wiki for resources on computer science
  135. and more advanced programming.
  136. https://wiki.installgentoo.com/wiki/Programming_resources
RAW Paste Data