I have also recently started a series on Pwn Adventure 3, where we are hacking a game and I explain my process: https://www.youtube.com/playlist?list=PLhixgUqwRTjzzBeFSHXrw...
Besides that, I can also really recommend livestreams/screenshares from the following creators. To me, seeing how somebody really does it and where they struggle, really really helped me break through a wall I was hitting:
+ ippsec: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
+ John Hammond: https://www.youtube.com/user/RootOfTheNull
+ Gynvael EN: https://www.youtube.com/user/GynvaelEN
+ Derek Rook: https://www.youtube.com/channel/UCMACXuWd2w6_IEGog744UaA
The entry level cert in this area is the CEH. It's kind of looked down upon, like a lot of entry level certs are, but studying/working towards that isn't a bad thing.
The Web Application Hacker's Handbook 2nd Edition - Gives a very good overview and is a good place to start.
The Hacker Playbook 3: Practical Guide To Penetration Testing - #3 just came out. Haven't gone through my copy yet, but I've heard good things.
RTFM - Red Team Field Manual - Nice to have, quick reference guide
BTFM - Blue Team Field Manual - Like the above, but for the good guys ;)
- Covering the bigger picture, if you're curious (geopolitical):
The Hacked World Order: How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age
The Red Web: The Struggle Between Russia's Digital Dictators and the New Online Revolutionaries
Dark Territory: The Secret History of Cyber War
Cyberspies: The Secret History of Surveillance, Hacking, and Digital Espionage
They successfully lobbied the DoD to make it an option for 8570 compliance and, after becoming a government contractor, doubled the price immediately afterward.
CEH never taught anything useful or lasting even at its former price point, and it only exists now to soak up mandatory spending of government cheddar. (The cynic in me speculates that this was their intention all along.)
Don't bother with it unless someone else is footing the bill.
Well, it's an entry level cert, as you say. Passing CEH doesn't mean someone knows what they're doing.
Is there an alternative entry-level qualification that evokes fewer frowns?
That's not a problem with the certificate, it's a problem with people confusing it for an advanced qualification.
Some general recommendations:
- follow smart security people on Twitter, which is the defacto medium for information security discussion
- read publicly disclosed bug bounty reports on Hackerone and Bugcrowd
- read The Tangled Web by Michal Zalewski
- learn to use Burp Suite
Burp Suite is an awesome tool for devs as well. The Repeater tool is better for messing with API calls than any of the browser dev tools, imo.
For people finding the proxy setup stuff annoying: install Foxyproxy in Firefox and it makes your life really simple.
Hacking, 2nd edition (some specifics are out of date, but it teaches hacking by teaching how the relevant pieces of a computer work which is still valuable)
Anything else from https://nostarch.com/catalog/security that looks relevant to your specific interests
OverTheWire: http://overthewire.org/wargames/ (wargames to ease you into things)
WeChall: https://www.wechall.net/ (challenge site directory that'll help you pick challenge sites based on your topic of interest)
+Ma's Reversing: http://3564020356.org/ (old reverse engineering site/community - mostly dead as far as I know but the puzzles will still challenge you and the old articles you can unlock make it a bit of a hacking museum)
CTF Time: https://ctftime.org/ (A directory/calendar of tons of CTFs you can play in)
Pwn Adventure: http://www.pwnadventure.com/ (A vulnerable MMO server/client designed to demonstrate common game vulnerabilities)
VulnHub: https://www.vulnhub.com/ (A repository of deliberately vulnerable VMs you can host and attack in your security lab)
When I worked at Mashery (a SaaS API management company) we were the front end for the APIs of hundreds of companies around the world, handling billions of API calls for the likes of Comcast, Best Buy, Starbucks, Macy’s, etc. During my time there, I learned a god awful amount about ops, scaling, amd security, simply by sticking my head in whenever I detected chaos going down.
Some comments mentioned tools like Metasploit, or reading up on the OWASP 10. Yup and yup. Plus, there are other tools to add to your belt that I find indispensable: Charles Proxy (install a MITM to watch web traffic), nmap (discover all the services running on a network)
When training newbies I will start with this and get them to play around with google-gruyere.appspot.com.
These are only relevant for web app testing, I haven't been able to find a suitable free resource for network testing but for paid resources OSCP is a great practice course if not pretty challenging for first timers
WebGoat is a good way to put things in practice locally.
The project ZAP is a really great tool to help you in the process.
Outside the web sphere, exploit database is a great site with a bunch of exploit code, explanation and papers.
The tool suite in Kali Linux is also very good if you don't mind read the documentation and try understanding the goal of the tools.
Kali NetHunter lets you practice from Android.
Security is such a wide domain that you can quickly get flood.
I don't think the ultimate step-by-step learning guide exists.
Once you've learned and practiced a bit, if you don't give up too soon, you will get the point and understand how deep you need to go into a protocol or a system to actually do something yourself (then this not about security documentation anymore, but about understanding how the target works, and how you can make it work the way you want).
I would say that you need to focus on some targets first, and expand the scope over time depending on your needs/interests.
In case you want cert: skip CEH, get some basic knowledge and go OSCP
For lightweight learning by watching after work, check out LiveOverflow: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
I would also like to highlight the following other creators. For me seeing the process of others has been a lot more fruitful then just following text tutorials:
I recommend it to everyone who is even remotely interested in security as your videos provide really valuable knowledge which is very easy to digest in the same time.
Thank you and keep it up please!:)
One way to keep up on what's new, is to watch the talks posted by security conferences. Speakers generally submit their freshest work, and are often playing their own game of resume-enhancement by getting their name associated with hot topics. So pay attention to not just the topics, but also the vocabulary around them...
A lot of the newest-fanciest research won't necessarily be within your grasp as a neophyte, but some of it will, and some of it will inform your direction and focus as you work your way up.
And some of it will suggest entirely new avenues, disciplines, and modes of thinking.
The price isn't bad, either.
DDoS BootCamp: https://www.ddosbootcamp.com/
InfoSec Industry: https://www.infosecinstitute.com/topics/information-security...
Learning Tree (might have free access through your local library): https://www.learningtree.com/training-directory/cyber-securi...
and several courses available on Coursera: https://www.coursera.org/learn/it-security
I'd bet being solid in python/bash/powershell would come in handy, and that having no skills in any of them may be a dealbreaker.
One related suggestion: Do not become reliant on third party modules/add-ins (other than the standard library stuff) - at least when learning. Really learn how it works.
Offensive Computer Security (used to be a class at FSU):
https://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity/le... (2014 version)
Opensecuritytraining (various stuff on different topics):
netsecfocus.com - chat community, super active
I've only done the foundation so far, but as a long time developer I've already learnt a few things
OWASP find your local chapter and go to meetings.
YouTube, and pentesterlab (even the free ones are better than most (even all) other paid resources).
Use vulnerable VM's and practice like Metasploitable and https://github.com/SecGen/SecGen
Get the OSCP
I also highly recommend being good at some programming. This is for source code review and quick scripts/exploit development.
I mean, sure, yeah, that's great, but that's not an easy task.
Find it at sec.edu.au/moocs
- Pick one programming language along the way and try scripting programs while learning.
- you need not master every topic but knowledge of how and why everything works the way it works increases you expertise as security practitioner
- since there are many public bug bounty programs these days, legally testing out stuffs to hone your knowledge has never been easy. plus you get paid.
Security Engineering — The Book https://www.cl.cam.ac.uk/~rja14/book.html