/ #Hacking 

Build Successful Infosec Career

Information Security

This is an advanced discipline, meaning you should ideally be good at some other area of tech before entering it. This isn’t required, but it’s common and it’s ideal. The three areas that infosec people normally come from are:

  1. System Administration
  2. Networking
  3. Development

Here are the basic areas you need to get from either university, trade school, or self study/certification:

  1. Networking (TCP/IP/switching/routing/protocols,etc.)
  2. System Administration (Windows/Linux/Active Directory/hardening,etc.)
  3. Programming (programming concepts/scripting/object orientation basics)

You can use the certification study books as teaching guides. They’re quite good at showing you the basics. Here are some examples:

  • A+
  • Security+
  • Linux+
  • CCNA

Read the full story on DanielMiessler.

Resources


Note:

It’s very important to focus on an area of hacking that is interesting & exciting to you. Focus on that one area and pick up new things as you go, but don’t try to be the “ultimate hacker” and learn everything. The greatest hackers on Bugcrowd have specialities and areas of interest, but they don’t know how to hack everything. Hacking is a lifelong journey of learning.

This is a list of resources that can be helpful to researchers that are just getting started, or those that want to improve some core aspects of their research and reporting. Please let us know if you have any suggestions for resources that we should add to this post!

Step 1) Start reading!

The Web Application Hacker’s Handbook: This is an absolute must-read and considered the web-app hacker’s ‘bible’. This book starts from square one, walking you through getting Kali Linux installed all the way through using tools and finding exploits.

Step 2) Practice what you’re learning!

Hacksplaining: This is a great site to learn a bit more about various web hacking techniques and how they’re done. It’s actually more of a practical walk-through. Super useful!

Penetration Testing Practice Labs: This site has a massive list of practice apps and systems for several hacking scenarios. Use this list to find new testing labs and sites to practice your skills.

Step 3) Watch tutorials on YouTube!

DEFCON Conference videos on YouTube: Watch all of the talks from DEFCON over the years. Very useful resource.

Hak5 on YouTube: Hak5 typically focuses on hardware hacking, but in addition to that they also have the ‘Metasploit Minute’ show, HakTip: NMap and much more.

LiveOverflow: LiveOverflow has so many basic to advanced tutorials.

JackkTutorials on YouTube: Jackk has created many tutorials that walk you through CSRF, XSS, SQL Injection, Target Discovery and much more.

Awesome-Infosec: This is a curated list of helpful security resources that covers many different topics and areas.

General Reading:

Web Application

Mobile Application:

Books:

Pentesting:

Web:

Mobile:

Good Courses

  1. Cybersecurity from RIT (Edx)

    – How to setup and secure basic computer systems and networks

    – Information security risk management framework and methodologies

    – How to implement network security solutions and detect intrusions

    – How to conduct a digital forensics investigation admissible to a court

    – To practice cybersecurity skills in real world scenarios

  2. Cyber Security Course from NYU (Coursera)

    – Ideal for beginners, no prior experience in the domain needed

    – Learn about real time Cyber Threat Detection and Mitigation

  3. IT Fundamentals for Cybersecurity Specialization (Coursera)

    – No previous cybersecurity knowledge is required, but basic computer usage is recommended.

  4. Cybersecurity Certification by University of Maryland (Coursera)

    – You need some prior experience.

  5. Cybrary

    – Covers network engineering, system administration, forensics and penetration testing.

I shall keep adding new content to this post. Keep checking this post for more updates.

Author

Bablu Kumar

He writes about Python, Cloud Computing and Linux. He is an open-source advocate and a cyber-security enthusiast. His Twitter handle: @hacback17