5t19 Posted November 28, 2017 Share Posted November 28, 2017 Hi, I'm fairly sure most people who get involved in security, pen testing etc, will know things about networks, linux, and a handful of languages and understanding of exploits depending on what they're doing. A part from things like becoming a better programmer or learning more about networks what are some things you would assume security experts to know? I'm looking for things to do with security but mainly things that don't necessarily come under security like linux kernel development or AI but could be incredibly beneficial to someone in security. Thanks! Quote Link to comment Share on other sites More sharing options...
2341 Posted November 28, 2017 Share Posted November 28, 2017 stig. hey! Not sure if this directly answers your question, sortajust went on a tangent. I've have a year of work experience in the field. Stay up to date in Information Security Current Events. Hak5Threatwire is a great show for that as you may already know. (sic, aesthetics) Check other sources such as SANS, read InfoSec blogs, perhaps even consider getting involved in writing one of your own! Research exploits from different services, applications, operating systems, etc... that are written in various languages (python, shell, php) or that are used in environments such as HTML login screens / web hosted SQL databases / Cross-Site Scripting ... Understand what makes these services vulnerable, and how the exploit works. Many times, you will have to modify an exploit code for it to properly execute. This could be simple as changing the listening port or it could be more complicated such as generating a payload and inserting it into the PoC code. GET HANDS ON! Find hack challenges online.. there are plenty of ones provided, check out the OWASP community, they have some great web app based challenges. Get your hands on a vm from VulnHub or such, set it up, run it-- and see how much you can hack, for lack of a much better description that you indubitably can fill in. If you cannot complete the challenge, or simply have problems getting started, there are often tutorials submitted by various users on how they worked through it... Research Security Standards such as ISO27000, and try to understand Security as a big picture and not just the cool 'sexy' ub3r 1337 red team pentesting techniques. Think about how companies choose convenience over security. It is difficult to convince a CEO, often these days, to invest in security (ROI in Security is immeasurable) Understand the concepts of social engineering, and that the prime source of security errors is usually due to human error. People can be manipulated to lax security. tl;dr What would I assume security experts to know? To patch their systems. To lock their screens when they walk away ^_^ Command Line / Terminal -- With excellent proficiency in at least one Familiarization with programming languages -- With excellent proficiency in at least one Networking Advanced Concept Understanding, Strong knowledge of Basic Networking Information Security Current Events ... Also, Attending Events Regularly (Conferences) Exploits & How they work and how to run the exploits manually, not just Metasploiting Hope this was concise and complete enough to provide you with sufficient guidance. Looking forward to what others have to offer on this subject-- always willing to learn! 2341 h4ck th3 pl4n3t Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.