After last week’s talk on Web Application Pentesting, you would be forgiven for leaving the room scratching your head – potentially more confused than when you entered. “I’m supposed to be learning here” you think silently, wondering where you can gain the knowledge to even understand all of this terminology. RCE, XSS, CSRF, DNS – WTF??
As with any technical field, Cyber Security comes with plenty of technical jargon to get your head around. Luckily, Google (*cough* or DuckDuckGo *cough*) is always your friend and honing your Google-fu is an important part of the OSINT methodology. For more about OSINT download Peter’s slides from week 1 here.
Vernacular aside, getting started in security is greatly benefited by a working understanding of a variety of IT (and sometimes non-IT) fields. These include:
- Operating Systems
- Hardware (Consumer and embedded systems)
While broad, these concepts should be considered from both a user and a developer perspective. In understanding how these systems and principles are intended to work, you gain the ability to see also how their implementation could have unforeseen consequences too (read: vulnerabilities).
With even a basic understanding of some of these concepts, you are in a position to get started on reading about the fun stuff – the vulnerabilities and exploits.
- Excess XSS – A guide to XSS (Cross-Site Scripting)
- W3Schools SQL Injection – SQL Injection Basics & Concepts
- The Presentation and Tutorial for Cross-Site Scripters Who Can’t Stack Buffer Overflow Good and Want to Do Other Stuff Good Too – Thanks Peter
- The Easiest Metasploit Guide You’ll Ever Read
- Practical Challenges/CTFs
- HackTheBox – A platform with a mixture of CTF-style challenges and real-world pentest scenarios – joining is free! (just pass the entry challenge)
- VulnHub – A repository of downloadable vulnerable machines and challenges
- OverTheWire – CTF-style pwn/RE/PrivEsc challenges
- HackThisSite – A beginner-friendly site aimed at testing web app pentest skills
- CTFTime – The go-to resource for CTF competitions and qualifiers
- Hardware Resources
- Hak5 – Creators of the infamous WiFi pineapple and other PenTest hardware
- OSINT (Open Source INTelligence)
If you find any other resources you think should be on this list, simply comment on this post, post in the Facebook group or message me on Facebook/Discord.