2341

stig. hey! Not sure if this directly answers your question, sortajust went on a tangent. I've have a year of work experience in the field. Stay up to date in Information Security Current Events. Hak5Threatwire is a great show for that as you may already know. (sic, aesthetics) Check other sources such as SANS, read InfoSec blogs, perhaps even consider getting involved in writing one of your own! Research exploits from different services, applications, operating systems, etc... that are written in various languages (python, shell, php) or that are used in environments such as HTML login screens / web hosted SQL databases / Cross-Site Scripting ... Understand what makes these services vulnerable, and how the exploit works. Many times, you will have to modify an exploit code for it to properly execute. This could be simple as changing the listening port or it could be more complicated such as generating a payload and inserting it into the PoC code. GET HANDS ON! Find hack challenges online.. there are plenty of ones provided, check out the OWASP community, they have some great web app based challenges. Get your hands on a vm from VulnHub or such, set it up, run it-- and see how much you can hack, for lack of a much better description that you indubitably can fill in. If you cannot complete the challenge, or simply have problems getting started, there are often tutorials submitted by various users on how they worked through it... Research Security Standards such as ISO27000, and try to understand Security as a big picture and not just the cool 'sexy' ub3r 1337 red team pentesting techniques. Think about how companies choose convenience over security. It is difficult to convince a CEO, often these days, to invest in security (ROI in Security is immeasurable) Understand the concepts of social engineering, and that the prime source of security errors is usually due to human error. People can be manipulated to lax security. tl;dr What would I assume security experts to know? To patch their systems. To lock their screens when they walk away ^_^ Command Line / Terminal -- With excellent proficiency in at least one Familiarization with programming languages -- With excellent proficiency in at least one Networking Advanced Concept Understanding, Strong knowledge of Basic Networking Information Security Current Events ... Also, Attending Events Regularly (Conferences) Exploits & How they work and how to run the exploits manually, not just Metasploiting Hope this was concise and complete enough to provide you with sufficient guidance. Looking forward to what others have to offer on this subject-- always willing to learn! 2341 h4ck th3 pl4n3t

My name is Derek aka 2341 (REAL) Favourite game: UT2004 Favourite OS: Debian-Based Linux Favourite console: N64 Nationality: US Accent: Yes I do plenty of accents. I like my Russian one the best. Sex: Male Age: 11100 Race: White American Height: 6.076923 feet Status: Pleasantly Single Build: Super Fast Metabolism... Sometimes Very Energetic Sometimes Very Lethargic Favourite band: System of a Down Favourite book: Neverwhere by Neil Gaiman Favourite author: H.P. Lovecraft Favourite movie: 1951 Alice in Wonderland Favourite director: Harmony Korine Favourite TV Show: Futurama Favourite Comedian: Mitch Hedberg Other hobbies: Freestyle Rapping, Breakdancing, Bending Time, Computer Art (Mostly Abstract, gimp), Languages, Scripts, Scripts, All the Instruments, Roller Hockey Occupation: Cyber Security Engineer