Jump to content

Help getting to NextGen!


street1314

Recommended Posts

Greetings, sorry for the wall of text and thank you for those of you who read through it entirely.

I am a junior network security professional... i guess. I have my first job in the industry and i am looking for guidance on how to get to the next level. Firstly i will list my current skillset and then i will discuss my desired field. I am about to graduate university with my BA in CS but i feel it hasn't prepared me or given me the knowledge i was after. (Maybe i was lazy when i should have been more proactive) I know basic programming, Java and C++ syntax, basic structures and functions. I never really considered myself a programmer because building a program from start to finish was always hard for me. I can read someone else's code and understand what it is doing, but creating it myself is near impossible. I have my Security+ cert with some very limited network and deadbox forensics. I have taken a couple CEH equivalent classes (Outside of my university) and was able to learn and use the tools provided with success. This, however, only made me feel inadequate because using someone else's tools without knowing what they do is disheartening to say the least. And lastly, my current position has me doing security appliance installation with a lot of the new expensive toys like fire-eye etc.. So to sum up my current low level skills:

  • Basic NCASE + FTK deadbox and network forensics
  • Average network security fundamentals (Sec+)
  • Basic Programming Knowledge (Object Oriented)
  • Basic CEH experience, using premade scripts to find vulnerabilities i don't understand and deliver a reverse shell
  • Average experience with current security vendor technologies.

My desired Field would be Pen tester - Network Incident Response - Reverse Malware Engineer

To accomplish this goal, i decided to do a lot of research. I found that most Pen testers are knowledgeable in scripting, programming, DB languages as well as a really strong grasp on networking. So i imagine i need to acquire those skills and do it in a way that gives me a better then BASIC understanding. So i am designing my home lab and writing a "Homemade" Degree Plan.

This is where i need advice as i want to make sure i am headed in the right direction. Firstly, i was thinking about learning key things one at a time and using them to build my knowledge base. Here is my home degree plan:

1. Learn Python. I know i need to get better at programming but i hate Java and C. I hear Python is better for those looking to learn how to automate tasks and make smaller programs faster. I have already completed Codecademy and am reading Violent Python. Is this a good first move? (I can use the book to make tools to use in my pen test lab outlined below)

2. Once i have a firm grasp on Python and more importantly i continue to USE IT, i was think of learning more about SQL and databases. I could start learning how to do manual SQL injections and really understand what i am doing during those attacks.

3. REPEAT with sniffers and security tools. After learning SQL and datebasing, with injection techniques i will start over again but this time using some security tools to get in the way/see what the network looks like when the attack is happening.

4. Once i feel i have a decent understanding on all of the above, i will tackle Reverse Engineering mMalware with IDA Pro (or free equivalent). I have taken a course at my university so it is not 100% new to me.

The next question i need help with is my lab setup. Does anyone know any resource on setting up advanced Home-labs? I want to setup an environment where i have the ability to do Malware Analysis, Penetration Testing, OpenSource Security Appliance install and Network Sniffing. I have a Cisco 3560 and a Cisco Aironet AP and an oldish server(6gigs of ram) with server 2012 and VMworkstation. Ideally i want to place the pen testing targets on the WinServer hosting VMware but i imagine i wouldn't want to host the malware analysis VMs there as well. Also i want to be able to see the traffic off a span port so i see what certain activities look like when traversing the network. Lastly i want to be able to place open source security tools in between my attack machine and victim. Should i try to set the lab up this way or am i being inefficient? Would just using the VMware workstation without the switch be good enough?

Sorry for the wall of text but i figured i should ask some smart people before i try to do this all myself and piss my wife off by buying a bunch of new hardware :)

Thanks in advance

Street

Link to comment
Share on other sites

Here's the link to a previous topic here on how to set up your own security lab. This details the process of setting up a single machine with 2 VMs, one being the attacker and the other the victim, and the victim runs an image with known problems so you can exploit them in a safe, controlled environment and monitor everything as you're doing it so you get a better grasp on the whole process. Just _how_ you attack and what tools you use is, of course, left as an excersize to the user.

In his instructions he includes, at the very end, a link to some thing that's supposedly very SQL-injection friendly so that should give you a nice target to work on those skills aswell.

As for programming, the goal of it is to make repeat-jobs less tedious and boring. You didn't go to school all those years so you could sit at a terminal and write "./attack 192.168.0.1" then "./attack 192.168.0.2" etc. You have a computer at your fingertips EAGER to do that simple work for you. Python can be great to make something complex and potentially low-level like attack tools, but don't forget about the shell. This bash.org quote sums it up quite nicely.

Good luck!

Link to comment
Share on other sites

I'll start by saying that the question wasn't to long, it said what you wanted, what you had tried and gave plenty of details, if only everyone would ask questions in such a way it would make answering them a lot easier.

To answer your question, Cooper is right about the repeating tasks, find something at work and automate it, having a reason to write code always helps me learn. Alternatively either get involved with an open source project or start your own, even if it is something simple, it gives you a motivation to do it and to make sure it is done well as it will be looked at by your peers.

For your VM environment, that server sounds fine but could do with more RAM, the more the better. There is nothing wrong with doing malware work on the same machine as your labs, just make sure you keep them separate and only power on the ones you need at the time. I'd suggest building some base machines then snapshotting them and cloning, that way you can easily create new labs to play with whatever you need just by starting up your existing stock. Maybe try ESXi rather than a base Windows or Linux OS, that may give you a bit more performance.

And for your aims, they all sound good, you say what and why you want to learn, both of which are important.

I'd also add to get out there and talk to people, get on mailing lists, contribute here, ask questions, answer questions, get a reputation. Start a blog, even if it is about really simple things, every bit counts. Once you have all this, when you go to a new employer you can show your "portfolio" which shows you are in security because of passion rather than being just a boring 9-5 guy. I've read a lot of CVs and if they don't show any out-of-hours interest they don't go beyond the first screening.

Good luck

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...