Jump to content

Advanced Topics for Security Enthusiasts


5t19
 Share

Recommended Posts

Hi,

I'm fairly sure most people who get involved in security, pen testing etc, will know things about networks, linux, and a handful of languages and understanding of exploits depending on what they're doing. A part from things like becoming a better programmer or learning more about networks what are some things you would assume security experts to know? I'm looking for things to do with security but mainly things that don't necessarily come under security like linux kernel development or AI but could be incredibly beneficial to someone in security.

Thanks!

Link to comment
Share on other sites

stig.
hey!

Not sure if this directly answers your question, sortajust went on a tangent. I've have a year of work experience in the field.

Stay up to date in Information Security Current Events. Hak5Threatwire is a great show for that as you may already know.              (sic, aesthetics)
Check other sources such as SANS, read InfoSec blogs, perhaps even consider getting involved in writing one of your own!

Research exploits from different services, applications, operating systems, etc... that are written in various languages (python, shell, php) or that are used in environments such as HTML
login screens / web hosted SQL databases / Cross-Site Scripting  ... Understand what makes these services vulnerable, and how the exploit works. Many times, you will have to modify an
exploit code for it to properly execute. This could be simple as changing the listening port or it could be more complicated such as generating a payload and inserting it into the PoC code.

GET HANDS ON! Find hack challenges online.. there are plenty of ones provided, check out the OWASP community, they have some great web app based challenges.
Get your hands on a vm from VulnHub or such, set it up, run it-- and see how much you can hack, for lack of a much better description that you indubitably can fill in.
If you cannot complete the challenge, or simply have problems getting started, there are often tutorials submitted by various users on how they worked through it...

Research Security Standards such as ISO27000, and try to understand Security as a big picture and not just the cool 'sexy' ub3r 1337 red team pentesting techniques.
Think about how companies choose convenience over security. It is difficult to convince a CEO, often these days, to invest in security (ROI in Security is immeasurable)

Understand the concepts of social engineering, and that the prime source of security errors is usually due to human error. People can be manipulated to lax security.

tl;dr

What would I assume security experts to know?

To patch their systems. To lock their screens when they walk away ^_^
Command Line / Terminal   -- With excellent proficiency in at least one
Familiarization with programming languages -- With excellent proficiency in at least one
Networking Advanced Concept Understanding, Strong knowledge of Basic Networking
Information Security Current Events  ... Also, Attending Events Regularly (Conferences)
Exploits & How they work and how to run the exploits manually, not just Metasploiting


Hope this was concise and complete enough to provide you with sufficient guidance.

Looking forward to what others have to offer on this subject-- always willing to learn!

2341


h4ck th3 pl4n3t

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...