(2/?) On top of a technical foundation, you'll likely need to be well rounded in other areas. You should be well-written, as we write tons of reports. You should be personable and able to talk in front of people. Note: you don't have to be an extrovert. Many of us fake this :)
-
-
Prikaži ovu nit
-
(3/?) With that out of the way, let's talk the foundations: Linux: OverTheWire's wargames , such as Bandit (http://overthewire.org/wargames/bandit/ …), and Linux Journey (https://linuxjourney.com/ ) are a great place to start. Self plug, I have a Linux for Hackers course toohttps://www.youtube.com/watch?v=rZsJieGi8os …
Prikaži ovu nit -
(4/?) Python can be learned from resources like CodeCademy (https://www.codecademy.com/ ), edX (https://www.edx.org/learn/python ), Learn Python the Hard Way (https://learnpythonthehardway.org/book/ ), Google (https://developers.google.com/edu/python/ ), and so much more. Honestly, just Google it and focus on Python3 as 2 is EOL
Prikaži ovu nit -
(5/?) For networking, I would consider starting with Professor Messer's Network+ course (https://www.professormesser.com/network-plus/n10-007/n10-007-training-course/ …). You can expand upon this and learn Cisco related command line by using tools like Packet Tracer (https://www.netacad.com/courses/packet-tracer …) and taking netacad courses from that link
Prikaži ovu nit -
(6/?) On to the hacking. Again, you need a good foundation to start. I'm going to be biased here and recommend my 15 hour course on network pentesting to start with your foundations: https://www.youtube.com/watch?v=WnN6dbos5u8 …. This will brush up on Linux, Python, and guide you slowly through it.
Prikaži ovu nit -
(7/?) Once you're understanding the foundations, it's best to get some practice in. By practice, I mean attack known vulnerable machines and try to exploit them. We call this capture the flag (CTF) hackthebox - https://www.hackthebox.eu/ vulnhub - https://www.vulnhub.com/
Prikaži ovu nit -
(8/?) Additionally, you might want to participate in CTFs for fun and learning. A great website to find out about upcoming CTFs is CTF Time (https://ctftime.org/ ). For hackthebox, start with easy rated boxes. For vulnhub, try working this list:https://www.abatchy.com/2017/02/oscp-like-vulnhub-vms …
Prikaži ovu nit -
(9/?) An important part of hacking is learning from others. If you're doing hackthebox, try to learn from a team. There are some great channels out there, including: NetSecFocus: https://mm.netsecfocus.com/ TCL: https://discord.gg/Fs76d4Y My Discord:https://discord.gg/REfpPJB
Prikaži ovu nit -
(10/?) Once you're getting comfortable, it's time to start rounding yourself out. To be a good pentester, your skillset should include basic hacking methodology, active directory exploitation, web application pentesting, and wireless pentesting...amongst other things
Prikaži ovu nit -
(11/?) Let's start with Active Directory. Try to understand the common attacks that exist out there (https://medium.com/@adam.toscher/top-5-ways-i-gained-access-to-your-corporate-wireless-network-lo0tbo0ty-karma-edition-f72e7995aef2 …). If you did the 15 hour course from post #6, you were introduced to these. Build your own lab & try to recreate attacks. There are also people to follow
Prikaži ovu nit -
(12/?) Some of the great content creators for AD pentesting include:
@PyroTek3 - https://adsecurity.org/@harmj0y - https://blog.harmj0y.net/@_dirkjan - https://dirkjanm.io/@Haus3c - https://hausec.com/ Do your research and you'll find plenty more.Prikaži ovu nit -
(13/?) For web apps, there are an insane # of resources. First, content creators:
@NahamSec - https://www.youtube.com/channel/UCCZDt7MuC3Hzs6IH4xODLBw …@stokfredrik - https://www.youtube.com/channel/UCQN2DsjnYH60SFBIA6IkNwg …@TomNomNom - https://www.twitch.tv/tomnomnomuk Not all inclusive (sorry if I missed you). These should keep you busy for a while.Prikaži ovu nit -
(14/?) There are also tons of free training sites:
@PortSwigger Academy - https://portswigger.net/web-security@Hacker0x01 101 - https://www.hackerone.com/hacker101@Bugcrowd University - https://www.bugcrowd.com/hackers/bugcrowd-university/ … Again, just a start, but should keep you busy.Prikaži ovu nit -
(15/?) Once you start to get the basics down, it's best to explore public bug bounty programs and try to enumerate and attack. You might not find anything right away, but you can focus methodology. Those include
@Hacker0x01,@Bugcrowd,@intigriti,@SynackRedTeam, and others.Prikaži ovu nit -
(16/?) Familiarize yourself with web application testing methodologies as well via
@owasp. Treat this guide (https://github.com/tanprathan/OWASP-Testing-Checklist …) and the corresponding PDF (https://www.owasp.org/images/1/19/OTGv4.pdf …) as your bible. Read write-ups, such as https://hackerone.com/hacktivity ,@disclosedh1,@PentesterLandPrikaži ovu nit -
(17/?) Lastly, learn wireless pentesting. WPA2 personal is pretty straight forward and can be learned via a blog post (https://www.aircrack-ng.org/doku.php?id=cracking_wpa …). WPA2 enterprise can be a little trickier, but again, some blog posts to the rescue: https://n0where.net/targeted-wpa2-enterprise-evil-twin-attacks-eaphammer … https://teckk2.github.io/wifi%20pentesting/2018/08/09/Cracking-WPA-WPA2-Enterprise.html …
Prikaži ovu nit -
(18/?) Now, this list is not all-inclusive, but a good start. You can learn all of this stuff for free and not spend tons of money on college/certifications, especially if you lack the means to do so. Also, you're welcome to post the resources that helped you w/ these topics.
Prikaži ovu nit -
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
Husband |
Vet | Founder
YouTuber
Streamer