Getting into security

A friend of mine that I'm working on a steganography CTF with wanted to start getting into Hacking CTFs as well, so I'm gonna put out some things on some basic security topics and hopefully be a little more coherent than with my older notes.

Basic computing stuff

Before you get into any sort of security topics, you should have a basic background in IT.

A+/Net+

A+ and Net+ are entry level IT certs from CompTIA that cover a lot of basic material. Books can be found online to study for these. Even if you don't intend on taking the certs, the knowledge gained by learning the information they test for is foundational to any sort of IT or computer science related tasks, so it would be beneficial to know this stuff. Often, even, I'll ask people if they have "A+ level knoweldge" when they ask things like "how do I hack" on Reddit, etc.

Anyway, if you're not hot for reading, a guy called Professor Messer has good video courses on these topics as well.

• Professor Messer's A+ course
• Professor Messer's Net+ course

THM's videos

TryHackMe is a security training platform that offers hands on training for a modest subscription fee (about $14/month as of this writing). I would highly advise anyone interested in security to begin learning from here, honestly.

Anyway, THM has videos that are free to the public that cover some absolute basics about networking, Linux and web app related topics.

THM networking

• What is networking
• Intro to LAN(Covers network toplogies and subnetting)
• OSI Model
• Packets and frames
• Extending your network

THM Linux fundamentals

• Linux Fundamentals 1
• Linux Fundamentals 2
• Linux Fundamentals 3

THM Web basics

• DNS in Details
• How Websites Work
• HTTP In Detail
• Putting it all together

Kali Linux

Kali is a distribution of Linux that's specifically tailored for penetration testing work. It contains a large number of stock tools that we'll frequently use on engagements, and since it's standard, we can have a standardized way to talk about getting different tools up and running without having to concern ourselves with how to make something run on different operating systems.

While we could install Kali directly to the system, or onto a live USB stick, for most usecases, it's simplest to just run it in a virtual machine.

David Bombal on youtube has instructions for installing Kali on Virtualbox in Windows, which can be found here

Programming

While you don't necessarily need to be a full on developer in order to play hacking CTFs, it is beneficial to have a bit of programming knowledge or at least the ability to read some common languages. This is because for tasks like binary exploitation, or public exploit modification, you'll need to understand what's going on with the code being presented.

• Learn C. C is an older systems programming language that's useful to understand for things like evasive malware development.
• Learn Python. Python is a modern scripting language that's fairly simple to use and is handy for building tools on the fly.

From here...

The above should get you squared away with basic background knowledge on computing. Moving forward, I'll be writing more on specific security topics and techniques.

For now, I would advise getting into THM and doing their beginner and pre-security courses, and work up through their Junior Pentester route.

Most recent:

Tags: