
Ask HN: Get into computer security - newbie_hacker
I&#x27;ve got a month free to do what all I want. I really want to dive into computer security. I already know the basics. What would you suggest I should do?
======
TobbenTM
Go play some CTFs! [https://microcorruption.com](https://microcorruption.com)
is amazing.

------
alltakendamned
OSCP certification: [https://www.offensive-security.com/information-security-
trai...](https://www.offensive-security.com/information-security-
training/penetration-testing-training-kali-linux/)

The lab is a lot of fun.

~~~
runjake
I'm unsure why you're being downvoted. This is (one of) the best answers given
the OP's question.

The course is comprehensive and relatively inexpensive, although I recommend
90 days of lab time for the full effect.

------
tptacek
[http://cryptopals.com](http://cryptopals.com)

------
debacle
Hound 'tptacek to take you under his wing.

Alternately:
[http://www.amazon.com/lm/R2EN4JTQOCHNBA/ref=cm_lm_pthnk_view...](http://www.amazon.com/lm/R2EN4JTQOCHNBA/ref=cm_lm_pthnk_view?ie=UTF8&lm_bb=)

He (or Matasano?) also has an article somewhere outlining roughly what steps
you need to take from programmer -> security expert, but it wasn't easily
googleable.

------
sarciszewski
I maintain (curate, really) a list of resources on Github. Most of the content
on the list was suggested by other folks in the community:
[https://github.com/paragonie/awesome-
appsec](https://github.com/paragonie/awesome-appsec)

------
ptlab
Checkout
[https://pentesterlab.com/bootcamp](https://pentesterlab.com/bootcamp) and/or
[https://pentesterlab.com/exercises](https://pentesterlab.com/exercises)

------
vampire_dk
You can practice CTF challenges at
[https://backdoor.sdslabs.co/](https://backdoor.sdslabs.co/) :)

------
phaus
What area of security interests you and what do you mean by "I already know
all of the basics?"

~~~
newbie_hacker
I know about web security(SQL, XSS). Am comfortable with tools like DirBuster,
sqlmap, ripping git from web, etc. I am comfortable with networking concepts
like HTTP, TCP, UDP, IP. Have knowledge about IP Spoofing, packet sniffing,
syn flooding. By knowledge I mean I know the internals as well, not just how
to do them using tools. Regarding binary I can overflow a buffer by modifying
return addresses, see stack using format string vulnerability, etc. But this
only at a simple level. Have experienced with tools like gdb, objdump, IDA
pro, etc.

