Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- DOCUMENT VER 1.0
- WRITTEN 2021-07-23
- The best thing you can do for yourself at this stage is expose yourself to many
- different topics and obtain a surface-level understanding of them. Hacking
- isn't a single skill, but rather exhausting as many possibilities as you can
- think of to accomplish a given task. Understand how systems are built before
- attempting to break them.
- Please use Library Genesis to search for the books mentioned. Yes it's safe. If
- you don't trust it then use a VM and scan the downloads for viruses.
- http://libgen.rs/
- > Linux
- Start with "The Linux Command Line" by William Shotts. It will take you from
- nothing to competent. This book should be enough for you to figure out the
- OverTheWire Bandit challenges which you can think of as a sort of rite of
- passage.
- https://overthewire.org/wargames/bandit/
- If you are inclined, you can follow this up with "How Linux Works" by Brian
- Ward for some recap as well as a deeper dive into some more system admin
- focused topics that are just touched on in TLCL. Web security is basically just
- an application of DevOps so these are important things to understand before
- proceeding. It will also give you an extremely high-level introduction into how
- the kernel itself works which should be all you need if you are just going into
- web security.
- If you really want to apply your Linux knowledge to some final lab then
- consider following the Linux From Scratch project:
- https://www.linuxfromscratch.org/lfs/
- It will have you build a Linux system from source so you'll encounter
- everything there is to know on the user's end and how the filesystem is laid
- out. It's just a book. Don't convince yourself you wouldn't be able to do it.
- > Scripting/Python
- My personal recommendation is to start with Python because it's such an
- incredible "Swiss Army knife" for hacking oriented tasks.
- I really like "Python Crash Course" by Eric Matthes because it's really two
- books in one: the first half is a typical beginners textbook, and the second
- half is divided 3 "real-world" projects: data visualization, game development,
- and web development. These may not seem directly relevant, but in the interest
- of exposing yourself to new things, what this should accomplish is demystifying
- software development so you have an idea of how the systems you will be
- attacking are created, as well as the ability to look through a software
- project and understand how and why it is laid out the way it is.
- I would then recommend that you follow that up with another book to really
- drill in the concepts and to provide another teaching style and set of
- exercises. If you decide to do this, I recommend "Learn Python 3 the Hard Way"
- by Zed Shaw for this task.
- Python's most valuable feature is its thorough standard-library. Never reinvent
- the wheel. To get an idea of the most useful modules in the Python STL I
- recommend Python 3 Module of the Week, or the reference textbook equivalent
- "Python 3 Standard Library by Example" by the same author, Doug Hellmann.
- https://pymotw.com/3/
- If you are already decent at scripting logic, knowing how to use these
- libraries will be extremely helpful in aiding you to create your own tools and
- short scripts to accomplish tasks instead of relying on niche and archaic
- hacking tools you may find on github. Just look how massive pentesting distro
- package repos are for yourself: https://blackarch.org/tools.html
- Here are some websites that you can use for more coding exercises. You don't
- need to be a perfect software development, but you should be able to brute
- force your way through easy to medium challenges pretty easily.
- https://edabit.com/
- https://www.codewars.com/
- https://leetcode.com/
- https://projecteuler.net/
- Remember you can always ask questions either in /cyb/ or /dpt/ for guidance.
- > Networking
- Unless you are planning to go into a network-related job, you really don't need
- to go that deep into networking. "Computer Networking: A Top-Down Approach" by
- James F. Kurose and Keith Ross will alone teach you everything you should know.
- It has a "focus on security" throughout the book and an entire chapter on
- network security. I would urge you not to read this cover to cover but instead
- to be diligent in determining what parts of the book will help you in the
- immediate future. Really take notes and study the ins and outs of the
- application layer especially.
- It has plentiful exercise questions and both WireShark packet analysis labs and
- Python Network Programming (with sockets) labs. These are extremely valuable to
- do and I highly recommend taking them seriously. If either of those things
- interests you enough to read additional material on them, consider reading
- "Practical Packet Analysis" by Chris Sanders and "Foundations of Python Network
- Programming" by Brandon Rhodes and John Goerzen.
- > A Path Forward
- At this point you have an extremely solid foundation for beginning security
- oriented research. "The Web Application Hacker's Handbook" by Dafydd Stuttard
- and Marcus Pinto is a great starting point because it's the only book around
- that really teaches and emphasizes attack methodology. At the same time, start
- doing as many CTF challenges as you can. The knowledge and experience you gain
- from doing one will lead to the next one.
- Flipping through the Sec+ and PenTest+ certification study guides will act as
- a check list for what you "should know" as a beginner in security from the
- industry's perspective. PenTest+ in particular will give you insight into
- non-technical aspects of pentesting that isn't talked about as much. Note that
- this is not a recommendation for what certifications to get; I'm only trying to
- suggest that you read the study guides.
- You should also know enough at this point to intelligently research a specific
- topic if there is a challenge you are having trouble understanding. An
- important skill is quickly thinking through and solving problems.
- If you want more fundamentals to grind then here are some sub-topics that could
- be useful to you in doing CTFs:
- * Web Scraping:
- * "Web Scraping with Python" by Ryan Mitchell
- * Web Development:
- These were chosen to introduce you to as many different technologies as
- possible, not because they are the best path to learning webdev. If that's
- what you want to do, get better recommendations from /wdg/.
- * William Vincent's book series on Django development
- * "Learning PHP, MySQL & JavaScript" by Robin Nixon
- * "30 Days of React" by fullstackreact
- * "Web Development with Node and Express" by Ethan Brown
- * "CSS in Depth" by Keith J. Grant
- And as always, consult the installgentoo wiki for resources on computer science
- and more advanced programming.
- https://wiki.installgentoo.com/wiki/Programming_resources
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement