- Joined
- Dec 20, 2018
Still doing basics, sucks at math, and knows almost nothing about programming, but not completely computer illiterate.
Any advice for me going foward?
Any advice for me going foward?
Any advice for a cyber security major?
- Thread starter Vlinny-kun
- Start date
-
🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
- Joined
- Jul 22, 2017
Study everything on OWASP. You'll need to know programming to order to understand the mistakes programmers make that enable common security problems. You should also learn about being a linux sysadmin so you can understand the mistakes sysadmins make that enable common security problems.
Wingus Dongshire
kiwifarms.net
- Joined
- Dec 22, 2018
Setting up a metasploitable VM and learning to harden it against its myriad vulnerabilities is a decent practice for the linux sysadmin side of infosec. You can also use it to home-bake CVE exploit scripts to get your feet wet with network programming/scripting
- Joined
- Mar 11, 2015
- Joined
- Sep 24, 2018
People will tell you you don't need to learn programming to succeed in cyber security - and I imagine it's true for some cyber security roles - but just having a solid practical application / web development background will take you extremely far in those roles just in having the context to understand what's going on. The biggest consumer of cyber security employees are software companies, and if you know what the hell is going on with software dev you are going to be far more marketable.
Varg Did Nothing Wrong
kiwifarms.net
- Joined
- Oct 23, 2016
Don't forget to change the password to something other than "admin" or "password".
- Joined
- Oct 4, 2017
Wash your penis
- Joined
- Apr 22, 2019
I also +1 learning programming as it will enable you to understand the background of exploits and vulnerabilities better. Cyber Security is a very, very big field with a lot of specialties in it AFAICT. I do not work in the industry but have been interested in it. I would say learn the sysadmin stuff hand in hand with the programming, sysadmin work is often a little easier to wrap your head around.
If you're ever interested in trying Penetration Testing: https://www.hackthebox.eu/invite has VMs with exploits for you to find, you just have to reverse engineer their invite system to get into the site. Good luck!
If you're ever interested in trying Penetration Testing: https://www.hackthebox.eu/invite has VMs with exploits for you to find, you just have to reverse engineer their invite system to get into the site. Good luck!
a_lurker
kiwifarms.net
- Joined
- Jun 16, 2019
the 1-2 year security degrees that don't involve programming/advanced compsci courses can generally be summed up as "use a firewall/antivirus/vpn, don't use default configs/directories/passwords, encryption good, the majority of the time " deleting" a file doesn't delete shit except an MFT entry , and of course "does this REALLY need to be connected to the internet?""
- Joined
- Jul 22, 2017
Windows is not important.
- Joined
- Apr 20, 2018
If I were to make a list of things that are extremely useful skills to have in cyber security today is:
1. Know what the most commonly used/exploitable ports are. (I.E Port 20,22,80,443)
2. Cyber Security people do not need a lot of coding knowledge at least no where near as other CompSci professions. You really need to know how to read the common languages (C , Java, Python). However you might want to get accustom to making your own little scripts (Preferably in C or Python because they are quicker and less complicated to make) especially if you are thinking about entering Offensive Security.
3. Know linux. That is your bread and butter. Know how to use linux as well as you know how to use a Windows Machine. For Cyber Security specifically get accustom to using Kali especially if you plan to be doing any offensive security work.
4. Get accustom to using SIEM's. (Highly recommend getting adjusted to using Splunk since its a common one I see a lot in the industry and in Cyber Security Competitions.)
5. This website is your new best friend. Keep up with the latest exploits.
6. 4-Year College degree is a mandatory. Finding a job without one will be extremely difficult if not impossible.
7. CyberSec has good job security. (Depending where you live of course.) Most companies are always looking for CyberSec experts especially theglow in the dark government agencies.
8. In interviews they will ask you general questions such as "What type of Security would you implement to make sure only employees can use the dedicated work devices?" or something of that nature. Be prepare for hypotheical scenarios.
If you wanna go the extra mile I recommend getting CompTIA Network+ Certificate (preferably CISCO Network+ since CISCO is the gold standard now a days). It's moderate level of difficulty (at least for me). If you're extra serious follow through with getting CompTIA Security+ certificate if you can. This one is a little harder to get because there is a lot of terms you need to know and specific security scenarios they will ask you about. But having those two certs alone make you extremely valuable.
1. Know what the most commonly used/exploitable ports are. (I.E Port 20,22,80,443)
2. Cyber Security people do not need a lot of coding knowledge at least no where near as other CompSci professions. You really need to know how to read the common languages (C , Java, Python). However you might want to get accustom to making your own little scripts (Preferably in C or Python because they are quicker and less complicated to make) especially if you are thinking about entering Offensive Security.
3. Know linux. That is your bread and butter. Know how to use linux as well as you know how to use a Windows Machine. For Cyber Security specifically get accustom to using Kali especially if you plan to be doing any offensive security work.
4. Get accustom to using SIEM's. (Highly recommend getting adjusted to using Splunk since its a common one I see a lot in the industry and in Cyber Security Competitions.)
5. This website is your new best friend. Keep up with the latest exploits.
6. 4-Year College degree is a mandatory. Finding a job without one will be extremely difficult if not impossible.
7. CyberSec has good job security. (Depending where you live of course.) Most companies are always looking for CyberSec experts especially the
8. In interviews they will ask you general questions such as "What type of Security would you implement to make sure only employees can use the dedicated work devices?" or something of that nature. Be prepare for hypotheical scenarios.
If you wanna go the extra mile I recommend getting CompTIA Network+ Certificate (preferably CISCO Network+ since CISCO is the gold standard now a days). It's moderate level of difficulty (at least for me). If you're extra serious follow through with getting CompTIA Security+ certificate if you can. This one is a little harder to get because there is a lot of terms you need to know and specific security scenarios they will ask you about. But having those two certs alone make you extremely valuable.
I've had to work on windows machines a couple of times mainly for firewall configurations but getting familiar with windows is good but not as important as linux though.
- Joined
- Mar 11, 2015
If you don't have the ability to deal with the number 1 desktop OS, one which is used by users (aka security vulnerabilities) at work, there's a gap in your knowledge.
- Joined
- Feb 4, 2019
- Joined
- Jul 22, 2017
If you're not already competent enough with Windows to basically understand all the user-facing stuff, then you shouldn't even be looking into InfoSec. You should be starting out in a tier 1 helpdesk position.
SisterMichael
kiwifarms.net
- Joined
- Apr 17, 2019
I'd imagine like many Cybersecurity college students you will want to be a penetration tester when you graduate? If so, you've got a long road ahead but it is much easier these days.
Online resources:
Immersive Labs - With an academic (.edu/.ac.uk) you will get a free account. This site includes exercises on pretty much everything.
Hacker101 / Bugcrowd University - Bug Bounties are everywhere nowadays and are a good way to show an employer how good you are. Thankfully Hacker1, Bugcrowd and other services have free online resources. Abuse them, they are much better than what you will get in university.
Portswigger Web Academy - Tied to Bug Bounties, Web App testing is in demand. Portswigger, who made Burpsuite, the industry web app testing tool, have a free online resources too.
RE: Windows vs Linux:
Linux and Windows admins are v. important. I don't think any network in the world doesn't at least have a windows box somewhere. Linux and Windows CLI proficiency is necessary in Cybersecurity. However, increasingly Windows Active Directory is in demand. Using Bloodhound to own a windows network is in nearly every SME pentest I see.
I would recommend having a public Twitter (and LinkedIn) to allow you to network with the industry. Saving content for reading later and reaching out to people. Get along to conferences. local Bsides, BlackHat and DEFCON. A lot of conferences have student scholarships, allowing you to go for a free. Once there talk to people. You will be amazed how far knowing the right people will get you.
Finally, look at your university/college, do you have a cybersecurity society, DEFCON group, Linux user group, 2600 group, etc? Go to them, if not look to start one.
Online resources:
Immersive Labs - With an academic (.edu/.ac.uk) you will get a free account. This site includes exercises on pretty much everything.
Hacker101 / Bugcrowd University - Bug Bounties are everywhere nowadays and are a good way to show an employer how good you are. Thankfully Hacker1, Bugcrowd and other services have free online resources. Abuse them, they are much better than what you will get in university.
Portswigger Web Academy - Tied to Bug Bounties, Web App testing is in demand. Portswigger, who made Burpsuite, the industry web app testing tool, have a free online resources too.
RE: Windows vs Linux:
Linux and Windows admins are v. important. I don't think any network in the world doesn't at least have a windows box somewhere. Linux and Windows CLI proficiency is necessary in Cybersecurity. However, increasingly Windows Active Directory is in demand. Using Bloodhound to own a windows network is in nearly every SME pentest I see.
I would recommend having a public Twitter (and LinkedIn) to allow you to network with the industry. Saving content for reading later and reaching out to people. Get along to conferences. local Bsides, BlackHat and DEFCON. A lot of conferences have student scholarships, allowing you to go for a free. Once there talk to people. You will be amazed how far knowing the right people will get you.
Finally, look at your university/college, do you have a cybersecurity society, DEFCON group, Linux user group, 2600 group, etc? Go to them, if not look to start one.
- Joined
- Sep 18, 2017
First, get a VIP membership to HackTheBox.eu. It's $12 USD each month, but it allows you to use the retired machines. Watch IppSec's YouTube videos on the boxes and hack through with him. Start with the absolute most simple (I think Lame might be the first box... 10.10.10.3), and learn. Go sequentially through the retired boxes. Lame then Legacy then Devel then Popcorn, etc. Repeat the steps on each box and read the material until you really understand what's going on. You will want to use a VM for the hacking, with Kali's being the most purely focused on that. There are a couple of reasons to use a VM, firstly many hacking tools require root privileges so using a VM as root is fine. Secondly, you will be in a vpn to HTB, and HTB is full of hackers. So, be smart, use a VM.
There are Kali images for VMplayer located Here, and VMplayer itself is free, just grab it from here.
For hackthebox, you'll need to hack an invite through the web portal. It's not difficult.
And to further clarify, any active boxes on HTB do not allow for write-ups or videos... so all of the HTB videos on IppSec's channel are for retired boxes.
Additional Links :
Hack The Box
IppSec's channel
{EDIT}
As for necessary skills, you'll definitely need to be comfortable with Linux and Bash. Python is probably the most useful "language" in infosec, but you'll need to be able to at least read some others. php & javascript are thingsyou will absolutely be dealing with, and get to understand how SQLi works for the various databases. Get comfortable with powershell... and stick to command line tools as much as possible. GUI tools aren't useful when you're on a target machine and only are in a shell.
Buffer Overflows are an interesting subject you'll be dealing with, so you will need to learn some Assembly, both 32 and 64 bit. For Windows you can use Immunity-Debugger (free), and on Linux gdb is fine.
As @Splendid said, you will need to understand Windows as well. Many times it won't necessarily be an exploit that will grant you root/System, but rather poorly configured services which you can use for privesc.
There are Kali images for VMplayer located Here, and VMplayer itself is free, just grab it from here.
For hackthebox, you'll need to hack an invite through the web portal. It's not difficult.
And to further clarify, any active boxes on HTB do not allow for write-ups or videos... so all of the HTB videos on IppSec's channel are for retired boxes.
Additional Links :
Hack The Box
IppSec's channel
{EDIT}
As for necessary skills, you'll definitely need to be comfortable with Linux and Bash. Python is probably the most useful "language" in infosec, but you'll need to be able to at least read some others. php & javascript are thingsyou will absolutely be dealing with, and get to understand how SQLi works for the various databases. Get comfortable with powershell... and stick to command line tools as much as possible. GUI tools aren't useful when you're on a target machine and only are in a shell.
Buffer Overflows are an interesting subject you'll be dealing with, so you will need to learn some Assembly, both 32 and 64 bit. For Windows you can use Immunity-Debugger (free), and on Linux gdb is fine.
As @Splendid said, you will need to understand Windows as well. Many times it won't necessarily be an exploit that will grant you root/System, but rather poorly configured services which you can use for privesc.
Last edited:
- Joined
- Feb 10, 2019
I'd like to congratulate OP on being a non-nigger with a clean penis.
Advice - get in contact with reputable dealer that has access to uncut uppers, and can do bulk deals at a discount.
Advice - get in contact with reputable dealer that has access to uncut uppers, and can do bulk deals at a discount.
- Joined
- Oct 8, 2019
Depending on where you wanna lean to, it may be necessary to know some programming, as it allows you to catch malicious code.
- Joined
- Sep 18, 2017
Programming, networking, scripting, database management, system administration... plus keeping up with all of the CVEs and exploits (exploit-db) are all pretty necessary.