Links for CyberCon2023 Presentation
Most of penetration testing is using intended functionality in unintended ways. To do this, you need to understand how systems are intended to work (basic IT knowledge). Below is a list of skillsets that will help you greatly in penetration testing, with some resources to point you in the right direction for learning them.
Active Directory ADSecurity.org & MS Docs
- Structure
- Authentication mechanisms
Networking - Settng up a homelab or revamping your home network is great hands on practice
- Subnetting
- Firewall/IDS/IPS
Databases - w3schools.com/sql/
- Structure
- Querying
Web Applications
- Backend Languages
- Java/PHP/ASP.NET/NodeJS
- Frontend Languages - w3schools.com
- HTLM/CSS/JavaScript
- Wordpress/Tomcat/Jboss/Jenkins/WebLogic
Linux - DigitalOcean Guides
- Filesystem Layout
- Basic commands
General
- CTFs can help with core skills such as:
- Reading & Understanding code
- Researching on-the-fly
- Common ports/applications
- Some options:
- OverTheWire.org (Linux based)
- UnderTheWire.tech (Powershell based)
- HackTheBox / Local CTFs
- Python - LearnPython.org
- Seriously it’s used everywhere
- Tools of the trade - https://github.com/arch3rPro/PentestTools
The best way to learn penetration testing is to find a project! Run a game server, build a portfolio website, break things and fix them!
The best guide to IR. Highly Recommend starting here: Incident Response & Computer Forensics, Third Edition 3rd Edition
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software 1st Edition
IR Investigations Scenarios Break Down
https://github.com/cugu/awesome-forensics
Prebuilt VM with tooling: https://github.com/mandiant/flare-vm