Best products from r/AskNetsec

That's a good setup you have going on, honestly. If you're looking for more resources, I can think of a few resources to supplement what you're already reading/doing

The Tangled Web - https://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886

SQL Injection Attacks and Defense - https://www.amazon.com/gp/product/1597494240

Hacking Exposed: Web Application - https://www.amazon.com/HACKING-EXPOSED-WEB-APPLICATIONS-Edition/dp/0071740643/

https://pentesterlab.com/bootcamp - At this point, you can probably filter out what's relevant to you or not, this will map out other topics related to what you need to know, and may fill in any gaps you have at this point.

OWASP - https://www.owasp.org/index.php/Main_Page [Borderline vital to web app exploitation, Highly recommend if you haven't explored this site yet]

Now, the books and study materials are nice and all, but the most important thing is practical experience, and I see you've identified that by engaging yourself in DVWA. A few additional hands on labs you could dive into are vulnhubs that target the web (Broken Web Applications Project by OWASP is a must):

https://www.vulnhub.com/?q=Web&sort=date-asc&type=vm

Wargames (Overthewire / Smashthestack):

http://overthewire.org/wargames/natas/

SecurityInnovation (canyouhack.us):

http://canyouhack.us/ - It will start off with web challenges, feel free to stop when it starts getting into binary exploitation. What you've learned up to this point should carry you through the web application portion of this challenge, although some lateral thinking is required, which is also a skill you'll need for the GWAPT.

Google-Gruyere - https://google-gruyere.appspot.com/

Since you stated that you were going through the WAHH book, the labs over at mdsec may be a good investment for you at this point to follow along (although not exactly required if you properly use the resources above)

http://mdsec.net/labs/

https://www.wechall.net/challs - Again, filter out what you need to practice here. Lots of good challenges for multiple different areas of study.

CTF's: Be on the lookout for CTF's on http://ctftime.org and put a focus on the web challenges. These challenges will encourage lateral thinking like the securityinnovation challenge.
http://shell-storm.org/repo/CTF/ is an archive of older CTF's if you're having a hard time finding upcoming CTF's with good web exploitation sections. In my opinion, CSAW is especially good when it comes to web challenges, but check most of them out if you get time.

Another recommendation to you is to develop a decent understanding of how a web application is structured. It becomes easier to visualize how to attack a web application, when you can engineer one. So I will recommend that you learn:

HTML/CSS - don't spend way too much time on this, codecademy should suffice here

Javascript: The source of the client side exploits you will find in the future. Get your feet wet in javascript via codecademy, and progress further.

PHP: Source of the majority of server side exploits you will find (RFI/LFI, SQL Injection, etc). As with javascript, get your feet wet through codecademy, and try to progress further from there.

SQL: Important to know for SQL Injection. PHP is responsible for the implementation that leads to SQL Injection, but you should really know SQL to actually manipulate the DBMS to your needs.

With the web languages I listed, the end goal for you, should be to identify vulnerable source code, as well as being able to intentionally develop vulnerable source code, and fix it.

At this point, you should be relatively comfortable with the concepts covered in the GWAPT, however if not, take a look at the bulletin/syllabus of the actual exam, and individually research each topic.

http://www.giac.org/certification/web-application-penetration-tester-gwapt

Looking at the syllabus for the actual course that maps to GWAPT may provide some insight as well.

https://www.sans.org/course/web-app-penetration-testing-ethical-hacking

Hope I was able to help. Best of luck to you, and if you have any questions, feel free to let me know.

Part of me wants to say just do it. The course starts at a beginner level, but bear in mind that most people, myself included spend between 2-4 weeks of the precious lab time doing the course. Unfortunately there is no way to get the course material ahead of time, so factor that in when choosing how much lab time to prepare.

Having said that, I highly recommend reading Georgia Weidman’s book prior as this covers a lot of the same material as the PWK and is a great way to prep for the coursework so some of the ideas presented are not completely new to you

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Depending on your ease with programming, you may want to bone up on some python fundamentals as well. I did about 1/4 of this Udemy course before starting

https://www.udemy.com/the-modern-python3-bootcamp/learn/lecture/7991038#overview

Here’s a great guide from Abatchy on OSCP Prep, although a lot of the stuff he discusses in the guide are covered in the OSCP course

https://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob.html

There is also a YouTuber named IPPSEC that does video walkthroughs for retired Hackthebox machines. some of the machines are very CTF like, so Just watch the OSCP Like ones in this playlist.

https://www.youtube.com/playlist?list=PLidcsTyj9JXK-fnabFLVEvHinQ14Jy5tf

Finally, if your willing to shell out some money, 30 days on Virtualhackinglabs.com is a great way to practice. Their course is very OSCP like and a good way to jump right in.

https://www.virtualhackinglabs.com

Of course Hackthebox is always a great resource to practice your pwnage skills.

https://www.hackthebox.eu

Don’t feel like you have to do ALL of this before the OSCP, the list I gave is pretty much every resource outside of the PWK course I used to pass the exam.

If you only did one thing before you start the course, Definitely read Georgia’s book. Everything else can be used in conjunction with the course if you need extra help.


There is also an active discord channel for PWK students, use it!

Servers should always be hardened and because everyone likes long guides the National Vulnerability Database actually maintains a lot of information regarding hardening servers. So for the actual server itself can be hardened using the following guide located here. That is for Red Hat Enterprise Linux 5. It will change from distro to distro, but some things are pretty standard. I agree with PalermoJohn as well that learning more about networking will certainly help you in securing your server and network.

For applications running on your web server the link for OWASP Top 10 that Rsaesha posted will help you. If you have more time and would like to learn about Application Security, The Web Application Hacker's Handbook is a great resource to learn a lot about security in Web Applications.

Both application and network level security are required to truly secure your web server.

Cheers!

> Ps; anyone know of a good recommendation on how to start on web apps on the labs. Looking for a good book or resource.

The OSCP web app portion is good, but if you're like me you might benefit from some supplemental materials. Not necessarily specific to the course, but I found these resources really helpful for working on my web app skills

• Metasploitable2 has Damn Vulnerable Web App and Mutillidae. and a couple other web components. Takes common vulns from easy mode to hard.
  
• Google Gruyere more exploitable web app with a guide. Good info
  
• Pentester Lab exercises Web for Pentester I and Web for Pentester II are great and thorough.
  
• Web Application Hacker's Handbook web app hacking BIBLE.
  
• OWASP Testing Guide industry web app testing standard
  
  Hope that helps! :)

I was a solo consultant from 2005-2007 and supported my family of four during that time.

I suggest working to become recognized for your expertise before you go solo.

I prepared by blogging, writing many articles and two books, presenting at conferences, and teaching classes. Additionally I was a consultant for a security company for several years, which meant I had a lot of contacts who might hire me for work as an independent. When I was considering going solo, I emailed many of them to let them know I was considering an independent path.

I decided to make the leap when a prospect said they had months of work for me to do. I left my job, but that prospect was all talk! Fortunately I found plenty of other work to compensate.

I paid my bills by scheduling and teaching independent classes. Above that I consulted, which was "bonus" at that point.

I read this book back then. It's from 2000 but the overall message is still relevant:

https://www.amazon.com/Serf-Surfer-Becoming-Network-Consultant/dp/0782126618

Be sure you take care of the "infrastructure" issues early -- taxes, business bank accounts and credit cards, insurance if you need it, etc.

Finally, it's best to decide right away if you intend to be a solo consultant, or if you are starting a business that would employ others. The latter is more complicated, obviously.

It's extremely hard work and the pressure is enormous. Two years was plenty for me but I'm glad I did it. Good luck!

As a pentester you would typically need to follow a methodology of some sort. Here is a well known one http://www.pentest-standard.org/index.php/Main_Page

Typically you would first enumerate all open tcp/udp ports using a port scanner such as nmap. Then you would analyze ports one by one to see if they contain any vulnerabilities. If it’s a service running an outdated version of a particular software you would look up exploit-db and see if there is a corresponding exploit. Then tweak it to give you reverse shell to your IP address in metasploit or netcat. If it’s a web service you would use web methodology such as the one from here https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/ to look for web vulnerabilities in the web application and attempt to gain a shell that way. After you get a shell you might be highest privileged user or you might need to escalate your privileges. If you are regular user you look for ways to escalate your privileges depending on operating system you are logged in to. Get hackthebox vip account because this will give you access to retired vms and especially windows.

The OSCP certification is pretty much is doing combination of the steps described above on multiple machines. There is a book which goes over this methodology as well https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Here is a great resource that many people use as a resource to study for OSCP as well https://xapax.gitbooks.io/security/content/
And if you search for oscp survival guide you can get additional resource to reference. Also rtfm is a good reference book as well.

Edit: here’s a good guide on using methodology with template you can import https://411hall.github.io/OSCP-Preparation/

I may be a bit too harsh, I admit. I'm a jaded tech douche. But consider this....

>This is the worlds most advanced ethical hacking course with 18 of the most current security domains any ethical hacker will ever want to know when they are planning to beef up the information security posture of their organization.

>In short, you walk out the door with hacking skills that are highly in demand, as well as the internationally recognized Certified Ethical Hacker certification!

This is directly from their website. I feel like they make some pretty bold claims there. My instructor was, overall, a pretty solid guy. But my qualms were with the 3rd-party training facility, (my employer had made me do this as OSCP wasn't recognized by the client I was working with), as well as the material. I felt that EC misled people taking the course by what skills they would gain and that it also misleads others by what cert holders are capable of.

But I think we get off of topic - I would suggest that a better book for someone is this.

Maybe v9 is very different. I had several EC Certs as I was once subject to the DoD 8570. But I let them expire as I have several issues with EC Council. One of which being you need 120 CPEs annually. Taking another one of their certifications, gives you a full 120. But discovering a vulnerability is only 5 CPEs. (What?!)

Hey man! I work as Security Analyst - about a year away from graduating with my Bachelors.

I suggest you pick up the CompTIA Security+ Certification, as well as start learning the basics of Networks and how they function. Learn ports and protocols, as well as how IDS/IPS/Firewalls function. This will get you an entry level role as a Jr Analyst. I suggest you use [http://www.professormesser.com/security-plus/sy0-401/sy0-401-course-index/](Professor Messers Security+ Videos) This will teach you the basics of security work, networking concepts, threats, etc.

At the same time start listening to podcasts like Paul's Security Weekly, Down the Security Rabbit Hole, etc. As well as start reading blogs on hacking to get a feel for whats done.

Get a home lab and learn a few tools like Wireshark and Nmap for basic Security Analyst work - to learn how packets work, how they are structured, and how to scan pc's for ports and services. At the same time, focus on learning about threats and vulnerabilities (which are covered in security+).

If you want to get into PenTesting then you need a wide range of knowledge. Pick up and learn a few languages (master the basics and understand what the code does and how to read/interpret it). You need to know: PHP, HTML, SQL, Python (or Ruby), and a basic language like C, or Java.

If you want to dig deeper into PenTesting then start reading: https://www.offensive-security.com/metasploit-unleashed/

Good way to get into the Kali Distro and learn how to run Metasploit against vulnerable VM's.

Take a look at https://www.vulnhub.com/resources/ for books, and vulnerable VM's to practice on.

https://www.cybrary.it/ is also a good place with tons of videos on Ethical Hacking, Post Exploitation, Python for Security, Metasploit, etc.

Pick up some books such as

The Hacker Playbook 2: Practical Guide To Penetration Testing

Hacking: The Art of Exploitation

Black Hat Python: Python Programming for Hackers and Pentesters

Rtfm: Red Team Field Manual

The Hackers Playbook and The Art of Exploitation are great resources to get you started and take you step by step on pen testing that will allow you to alter explore the endless possibilities.

Also a good list of resources that you can learn more about security:

Getting Started in Information Security

Pentester Labs

Awesome InfoSec

Awesome Pentest

Overall experience and certification are what will get you into the door faster. Most employers will look for experience, but if they see you have motivation to learn and the drive to do so, then they might take you. Certifications also are big in the infosec field, as they get you past HR. And having a home lab and doing side projects in security also reflects well.

Depends on what you want to learn.

Web Application Security?

Exploit Development?

"Pentesting" techniques?

Also check here for tons other of resources.

As for certs, if you are a beginner beginner, then probably stuff like Security+ and Network+. Unlike the guy behind me, I will never get, nor do I really recommend CISSP, unless you are going for strictly blue team (defense) work. I personally enjoy red team (pentesting, etc), so something like OSCP would be more useful.

Like I said in a post above, feel free to PM me with questions. I'm always happy to help others on their quest to learn more about the wide world of infosec :)

How has the holy trinity not been mentioned?

Incident Response & Computer Forensics, Third Edition

• This one will hit a lot of the beats you're looking for, even though it's a bit old (up to Win7) but still has the majority of things you need to get in there. Learn this book at 50% retention and you'll be better than a good majority of the IR professionals currently billing hours.
  
  Practical Malware Analysis
  
• Less focused on attack to defense relationships but lays the groundwork for a better look into what and why certain things "be how they be"
  
  Art of memory forensics
  
• Rounds it all out a bit with some fresh volatility goodness

Honestly, it's not as hard as it sounds. It's not particularly easy mind you, but with zero previous experience, I had a pretty good grasp on it in 8 weeks, which was how long my course lasted. This was the textbook I used and it does a great job of explaining it, especially if you go through each lab in order. Jumping ahead several labs per week like I had to was a challenge. There's also several videos on youtube that explain exactly what's going on in the labs, based on the solutions manual.

Building Virtual Machine Labs: A Hands-On Guide https://www.amazon.ca/dp/1546932631/ref=cm_sw_r_cp_apa_i_QFOQCbBVY1YD2

This book walks through setting up Splunk using their free developer license (I think like 500mb/day or something around there). Goes through some basic examples for rules to set up. Also a great resource for lab set up in general. I think there is a new version in the works as well?! For a long time the author was giving this away for free.

Security Onion is another good resource, has built in SIEM tools as well.

Do you have a home lab, even if it's just VirtualBox running on your computer? Running virtual machine labs is critical to learning and getting into infosec.

If you're not familiar with how to run virtual machine labs, this book is a great place to start. It will get you up to speed quickly. https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631

This blog post has some good info and links to further reading: https://www.stevencampbell.info/2016/07/how-to-break-into-information-security/

BTW, don't be tempted to try to get into pentesting (offensive) because it seems like an exciting job. There's much more demand and opportunity for security analysts and engineers. If you want to go that route, get a few years of experience in a "blue team" (defensive) security role first.

Also, check out the sidebar here. There's a lot of good resources linked there.

the tao of network security monitoring explains a framework for stitching together different pieces of network security data into a process for investigation (the follow-up is also good).

yes, the thing you want is called 'full packet', and yes, it usually involves just sniffing, saving, and indexing all traffic at your network ingress/egress. there's some good open source frameworks like moloch for doing that, or if you've got money kicking around, something like solera or netwitness will do the trick nicely.

Some great resources are The Web Application Hackers Handbook. It's a long read but very in-depth. Link

If you want to practice as you read look into Damn Vulnerable Web App (DVWA) [Link] (http://www.dvwa.co.uk/), Pentester Lab challenges [Link] (https://www.pentesterlab.com/), bWapp. Learn how to use tools like Burp, ZAP, sqlmap, and BEEF (among others).

I've also heard that Security Tube has a lot of great videos but I haven't checked it out personally yet.

As for fundamental knowledge, you'll need to understand how the web and web applications work. Things like HTTP/HTTPS, HTTP methods, forms, Javscript, sessions, cookies, databases. Also about application input, application frameworks, application firewalls. If you don't have any programming experience, you should start learning some fundamentals to understand application logic and structure. This can help you think of assumptions that developers made and how you might be able to bypass or work around those assumptions to do things that weren't intended or anticipated.

Well give CISSP a wide birth as it's not what you want.

If you just want to get a simple over view to understand some basic concepts then 'Learn Ethical Hacking from Scratch' is available as an Ebook/Book from Packtpub and there's an accompanying course on Udemy.

https://www.packtpub.com/networking-and-servers/learn-ethical-hacking-scratch

https://www.udemy.com/learn-ethical-hacking-from-scratch/

Both are on special offer regularly and will just scratch the surface of some concepts and tools just to give you a taste for it.

Another good beginnner resource is Georgia Weidman's 'Penetration Testing: a Hands-on introduction to hacking'

https://www.amazon.co.uk/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

and she has a course on Cybrary which I believe follows on from that book:

https://www.cybrary.it/course/advanced-penetration-testing/

​

Good luck!

I think the main issue with the C|EH (I have it) is that the exam format is based around remember / regurgitate multiple choice answers, and doesn't really encourage the student to learn the practical side of things. With a couple of weeks and a decent book, it's fairly easy to pass. You'll have the cert but no further on in knowing how to actually conduct a pen test.

IMHO, if there was more of a focus on doing things, such as actually running and interpreting an nmap scan, with perhaps 10 or so simulations on the exam, I think it would improve it's standing and be of more benefit to the student.

EDIT Save yourself the $870 and buy these two books

https://www.amazon.com/Certified-Ethical-Hacker-Guide-Third/dp/125983655X/ref=sr_1_1?ie=UTF8&qid=1481303255&sr=8-1&keywords=certified+ethical+hacker+exam+guide

https://www.amazon.com/Certified-Ethical-Hacker-Practice-Exams/dp/1259836606/ref=pd_sim_14_3?_encoding=UTF8&pd_rd_i=1259836606&pd_rd_r=D0PT9NP2JQPKJFZBCRYK&pd_rd_w=nnz94&pd_rd_wg=3DMrQ&psc=1&refRID=D0PT9NP2JQPKJFZBCRYK

You then need to jump through a few hoops and convince the EC Council that you don't need their training package, and just want to take the exam for $500

It's the standard reference for web application testing. I'm a security consultant who spends a significant portion of my time reviewing web applications and we hand WAHH to every junior who comes on board, while intermediate/senior testers brush up on it periodically alongside the OWASP Testing Guide.

Once you're comfortable with the material in WAHH, also check out The Tangled Web: A Guide to Securing Modern Web Applications which starts to look into browser mechanics and their impact on web application security.

Currently Practical Malware Analysis is the go to book. The first few chapters go over basic techniques and tools. The remaining of the book focuses on advanced techniques like disassembling and debugging samples.

Another good book is Malware Analyst's Cookbook. This gives some good recipes and tools to use.

I don't have much experiencing detecting samples that AV misses. I would first start out with a tool like MalwareBytes Anti-Malware. A lot of malware will try to "phone home", so you could monitor networking from the system. There are also common places on the system malware uses. I've seen samples use the temp, startup, and application data directories. You should also check the registry for any files to run at start. Hope this helps.

Get this book and go through it. A LOT of the crowsourced pentesting platforms have web application testing as their bread and butter.

And the other user who suggested it got downvoted for some reason, but further down the line you should go for GWAPT. I say further down the line because, like all SANS certs, it's expensive af.

Web app pentesting is the largest pentesting market around right now, so it's a good one to jump into. Good luck!

>I don't want to ask the kids at school because I don't want them to think I'm dumb and also I want to be able to learn this on my own!!

Communication and respect are two key things that need to happen to really succeed at things like the CCDC. If you can't do that with your classmates now then you're not going to get super far.
(Vice versa to them as well)

BUT on the other note if you dont know where to start on building a lab
"Building Virtual Machine Labs: A Hands-On Guide" LINK
seems to be a solid book on the subject in general in regards to VMs. But at the end of the day its really just figuring out what you want to start on and then just using your favorite search engine on how to get started.

If HIPAA is the focus, study the HCISPP material, specifically the books from the supplementary references. Really, you probably only need to read Sean Murphy's HIPAA book (https://www.amazon.com/Healthcare-Information-Security-Privacy-Murphy-ebook/dp/B00LI367Q4/ref=sr_1_3?ie=UTF8&qid=1536086450&sr=8-3&keywords=hcispp) for a high-level overview, then focus on becoming an expert on the HITRUST CSF Assurance Program. There are a ton of free references available on how to implement healthcare-specific security controls and you'll learn a lot about ISO 27001/02 and SOC 2 in the process. Just google HITRUST CSF v9 and Healthcare Sector Cybersecurity Framework Implementation Guide to get started.

From where you are, it doesn't sound like studying CRISC is the best use of your time, especially if you're not even planning to test for it.

• The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition (2012)
  
  This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.
  
  
• Rootkits and Bootkits: Reversing Modern Malware and Next Generation Threats (Release date set to january 2019)
  
  While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.
  
  I'd also recommend having a look at the following books:
  
  
• Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software (2012)
  
  
• Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation 1st Edition (2014)
  
  
• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition (2014)
  
  
  Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.

I'd suggest you first take an ASM course.
This would be a great start
http://opensecuritytraining.info/Training.html
Next, you have two options.
You can get this awesome book
https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901
or you can start with this course
https://samsclass.info/126/126_S16.shtml
which is a reduced version of the book.

After you're done, I think the best thing to do is to find someone who can sponsor you to attend SANS 610 course.

Here are a few books I recommend:

Blue Team Handbook


Defensive Security Handbook


The Practice of Network Security Monitoring


Crafting the Infosec Playbook


And don't forget the NIST Cyber Security Framework

Do you want an already identified vulnerability from this post to include in your work? Or do you want suggestions for an open source application which you’ll test?

In either of the case, you really need to start with reading up on setting a test environment first. I would suggest this book:
Building Virtual Machine Labs: A Hands-On Guide https://www.amazon.com/dp/1546932631/ref=cm_sw_r_cp_api_i_N-bIDb1Z79EN7

Or do you want a setup for doing a security audit? In which case, I would give you the tool which I always use primarily: Burp Suite.
You can always make your own custom python tools according to your needs. Good luck.

• The Practice of Network Security Monitoring: Understanding Incident Detection and Response
  
  
• Applied Network Security Monitoring: Collection, Detection, and Analysis
  
  Either one of these two should get you started. I haven't personally read the 2nd one, but I've heard good things.
  
  Followup/Read along with either/both of the following:
  
  
• [Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems] (http://amzn.com/1593272669)
  
  
• Network Forensics: Tracking Hackers through Cyberspace

This is an excellent start:

https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631

I worked through this a while back. Learned a lot and enjoyed the process.

u/mhurron has a great point here. Similar outcome matrix to this book i listened to recently. I highly recommend it.

Never Split the Difference: Negotiating as if Your Life Depended on It

https://www.amazon.com/Never-Split-Difference-Negotiating-Depended/dp/B01COR1GM2

https://www.amazon.com/Practical-Malware-Analysis-Hands-Dissecting/dp/1593272901/ref=sr_1_3?ie=UTF8&qid=1525305254&sr=8-3&keywords=malware+analysis

It is a little old but still awesome to learn

You can pick up an inexpensive 'Managed' switch to mirror (or SPAN) traffic from one or more ports to a different port. This should take care of your needs if you are only trying to analyze your Internet traffic. If you're doing LAN and or LAN and Internet and the traffic approaches the full 1Gbps you'll probably going to need a more powerful switch to see all the traffic.

I picked this one some time back for about $15 on sale (now $25):


https://www.amazon.com/gp/product/B00N0OHEMA

Like the All-In-One series CEH book. I only read that book and I passed with a perfect score. Even has example/practice tests in the back that were very close to the real test.

http://www.securitytube.net/ has good primers. Hacking: The Art of Exploitation is good, too.

I really like the book Practical Packet Analysis

But just to get you started, try capturing traffic and then going to a website (non-ssl) like reddit.com. After loading the first page, stop the capture and take a look at it. You can search for strings you would expect in the capture, like "reddit.com" or "GET". You can start looking at the payload portion of the packets and go up to see all the layers.

I would recommend reading:

http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470

and looking at CTF challenges focused on web over at CTFTime.org

I hear many pentesters talk about Pentoo as the better wireless platform and they recommend the :

tplink TL-WN722N- http://www.amazon.com/TP-LINK-TL-WN722N-Wireless-Adapter-External/dp/B002SZEOLG

and the alfa awus036h- http://www.amazon.com/Alfa-Network-Wireless-802-11g-AWUS036H/dp/B000WXSO76

Also if you are into wireless pentesting heres the playlist for the 2014 DefCon Wireless Village Talks: http://www.irongeek.com/i.php?page=videos/defcon-wireless-village-2014/mainlist

Have you seen an OpenWRT router made for Security-savvy people? Please refer to our product page on Amazon: https://www.amazon.com/dp/B07GBXMBQF It's designed for travel, but it might also fit your needs.

IMO, these books are the best ones for web pentesting:

The Web Application Hacker's Handbook

The Tangled Web

OWASP Testing Guide v4

Of the many good reads in your future, please consider this one:
http://www.amazon.com/gp/product/1593272669?keywords=practical%20packet%20analysis&qid=1457992016&ref_=sr_1_1&sr=8-1

How useful do you think books like these to be?

https://www.amazon.com/d/Books/Black-Hat-Python-Programming-Pentesters/1593275900


https://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

I just finished up a mini project in python and am looking for something else to do (other than learning C and another text on data structures). These books seem to be more about pen testing so I'm not sure it's really relevant.

Have you verified your broadcom chipset is packet injection/monitor mode capable?

I ended up picking up an Alfa this one for ~$45 dual band as well runs faster than my wifi on my mac. With another card I can continue to do things online & capture/do whatever on the Alfa at the same time.

The web application hacker's handbook is an excellent book for web applications pentesting. https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

I believe I've heard good things about The Tao of Network Security Monitoring, but haven't had a chance to read it myself. In the description lists a few other books the author recommends.

One of the books I see come up time and again in recommendations for OSCP prep is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

She has also done a video series along the same lines as the book that is available for free from Cybrary.

Hacking: The art of exploitation

The Web Application Hackers Handbook

The Tangled Web: A Guide To Securing modern Web Applications

The Hacker Playbook 2

The Hacker playbook 3

Black Hat Python: Python Programming for Hackers and Pentesters

This book is really good for setting up a pentesting lab for multiple hypervisors including VMWare.

Just a suggestion, there are so many other good products out there than C&A. Just make a VM of Kali and get any wireless card that can do monitor/promiscuous mode. It's just

​

Any alfa card should work i think but I use the following.

https://www.amazon.com/TP-Link-TL-WN722N-Wireless-network-Adapter/dp/B002SZEOLG/ref=sr_1_5?keywords=atheros&qid=1554314194&s=gateway&sr=8-5

​

https://www.amazon.com/Alfa-AWUSO36NH-Wireless-Long-Rang-Network/dp/B0035APGP6/ref=sr_1_8?keywords=atheros&qid=1554314194&s=gateway&sr=8-8

​

https://www.amazon.com/Alfa-Long-Range-Dual-Band-Wireless-External/dp/B00VEEBOPG/ref=sr_1_2?keywords=AWUS052NH&qid=1554314402&s=gateway&sr=8-2

Thanks, what do you think of this book?
http://amzn.com/1118026470 (Web Application Hacker's Handbook 2nd Edition)

The book "Penetration Testing: A Hands-On Introduction to Hacking" by Georgia Weidman isn't free, but it's low cost and will give you the same information that PWK course materials provides, and a lot more. https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641/ref=sr_1_1?ie=UTF8&qid=1503490444&sr=8-1&keywords=georgia+weidman+pentesting

For completely free training, search around Vulnhub for targets to go after. Plenty of lists on the internet about which ones are similar to the OSCP lab machines.

Build a lab at home and start learning networking and system administration. While you are doing that, start filling out applications for any computer/network related jobs you can find and hopefully you will get a hit. Depending on how rural you are, you may have to commute into a city to find work. But these days, everyone has computers.

​

https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631

On network security monitoring (network ids/ips) you might want to have a look at that book http://www.amazon.co.uk/Practice-Network-Security-Monitoring-Understanding/dp/1593275099/ref=pd_bxgy_b_img_y

> No, you can't drop it because you're passively monitoring it.

That's not true. The IPS can send RST packets to both endpoints and cause the connection to prematurely terminate, or ICMP unreachable for UDP.

You can also just use an older hub, but here are some affordable devices which support mirroring:

https://www.amazon.com/midBit-Technologies-LLC-10-100/dp/B00DY77HHK/

https://www.amazon.com/Dualcomm-DCSW-1005-Powered-Ethernet-Mirroring/dp/B002BSF112/

https://www.amazon.com/NETGEAR-GS105Ev2-Ethernet-Lifetime-Replacement/dp/B00HGLVZLY/

https://www.amazon.com/TP-Link-Gigabit-Ethernet-Managed-TL-SG105E/dp/B00N0OHEMA/

Great intro resource to web attacks and defenses. Start with their "top 10":
http://www.owasp.org

In-depth discussion of exactly how to carry out different types of attacks:
http://www.amazon.com/The-Web-Application-Hackers-Handbook/dp/1118026470

I missed your bit about books and training question- try checking out some stuff like this http://www.amazon.com/The-Tao-Network-Security-Monitoring/dp/0321246772

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

IMO Georgia's book covers everything you'll need for the exam (specifically exploit development and POC modification).

The Metasploit book is cool, but since you don't really get to use it in the exam lab (you only get one Metasploit "lifeline" to use) it may not be worth picking up right now.

The Tangled Web

The Web Application Hackers Handbook

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

I wouldn't say this a good training book as it's just a list of commands that can be used as a reference for those who already know what they're doing but need to job their memory.

I'd say look at Metasploit The Penetration Testers Guide or Georgia's book Penetration Testing A Hands On Introduction to Hacking to get started off.

https://www.amazon.de/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

Also a little dated, but check out [Hacking, the Art of Exploitation] (http://www.amazon.com/Hacking-The-Art-Exploitation-Edition/dp/1593271441/ref=sr_1_1?ie=UTF8&qid=1381672203&sr=8-1&keywords=hacking)

https://www.amazon.com/Practical-Malware-Analysis-Hands--Dissecting/dp/1593272901/ref=sr_1_1?s=books&ie=UTF8&qid=1468615877&sr=1-1&keywords=practical+malware+analysis

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470/ref=sr_1_1?ie=UTF8&qid=1494817730&sr=8-1&keywords=web+application+hackers+handbook


Or look into SANS training.

http://www.amazon.com/Cybersecurity-Cyberwar-Everyone-Needs-Know%C2%AE/dp/0199918112



http://www.amazon.com/Tangled-Web-Securing-Modern-Applications/dp/1593273886/

No. If it were so easy, pentesters wouldn't get pais so much to do it. That being said, start here

Offensive Security's OSCP should be your goal if you wanna get into pentesting. Start with reading CEH material and The Hacker Playbook http://www.amazon.com/The-Hacker-Playbook-Practical-Penetration/dp/1512214566.

I've had this bookmarked forever (Probably linked to from here)

http://www.irongeek.com/i.php?page=videos/web-application-pen-testing-tutorials-with-mutillidae

I have no comments on the quality of the information, it's been on the master to-do list for damn near ever.

If you want to spend some money there is also http://www.amazon.com/gp/product/1118026470/ref=ox_sc_sfl_title_2?ie=UTF8&psc=1&smid=ATVPDKIKX0DER

(again, it's been mentioned here, and again, can't say anything about it personally, master to-do list)