(Part 2) Best products from r/netsecstudents

If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.

The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out


For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:

• Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.
  
  
• Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course
  
  
• Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.
  
  
• The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.
  
  Hands On:
  
  
  
• Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
  
  
• Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
  
  
• Crackmes These are more of challenges once you start to have a little understanding down
  
  Courses:
  
  Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
  
  
  
• Basic Dynamic Analysis
  
• Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.
  
  
  Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.
   
   
2. Architecture and Computer basics:
   Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
   Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
   
   
3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".
   
   
4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".
   
   
5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".
   
   
6. Specialized fields such as Cryptology and Malware Analysis.
   
   
   Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
   
   *edited a name out
   
   
   
   
   
   

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

You don't really need much to get started. If you have a beefy laptop or desktop you can virtualize yourself a nice lab. Download VirtualBox and get yourself a kali iso and some vulnerable machines from Vulnhub. Lots of good training is also available over at OverTheWire. I can't speak for Cybrary but I've heard good things about it. Youtube and SecurityTube have endless tutorials as well.

There are lots of good books out there too - almost too many to mention. If you're just starting, check this one out: https://www.amazon.com/Penetration-Testing-Essentials-Oriyano/dp/1119235308

EDIT: Oh, also - head over to /r/howtohack and join the IRC there. Lots of knowledgeable guys who can help point you in the right direction. You can only teach yourself so much, so find communities and bounce ideas off of other professionals' heads. Like some of the others here said, you really need to have a foundational understanding of what you're trying to hack. Most people start in tier 1/desktop support work and slowly, through time and experience, specialize in infosec. Don't every expect to just wake up and be a cyber security professional... it's going to take a long time.

Cybrary has solid training - I definitely would recommend them. I don't know that it alone will be enough to pass the exam but it certainly is a good start. The Darryl Gibson book seems to have pretty positive feedback so you may want to pick that one up as well. Here is an Amazon link for it: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=pd_sim_14_3?_encoding=UTF8&pd_rd_i=1939136059&pd_rd_r=W762ZND5VVXXV57WFX7R&pd_rd_w=mXr4x&pd_rd_wg=90N8D&psc=1&refRID=W762ZND5VVXXV57WFX7R

I would like to post another review of a certification for CEH version 10. I would like to say I am not a fan of dumps as it does not teach you anything and devalues the certification. I try to put in the time to really understand the information and be technically capable of doing the job.
I started off my process of doing my studying by taking an online based class of 40 hours that was lecture and labs. It was through the Army on something called Skill Port. It was fairly average and I would say that it was not that great a training aid. On a scale of 1-10 it was about a 5.
So I purchased the Sybex book for CEH (https://www.amazon.com/Certified-Ethical-Hacker-Study-Guide/dp/1119533198/ref=dp_ob_title_bk ) . I find that the Sybex book are very easy to read, convey the concept well and don’t drown people in a lot of fluff but they need a spell checker some times. I read through the book and took the practice tests. Anything that I felt weak on I would reread and do a little googling so I could make better sense out of it. Then I retook the practice tests again with a much better outcome.
The material is not super deep and from a hacking perspective it was not what I was expecting. Some areas I would concentrate on were basic ports and protocols, know how to look at a packet capture, ping vs ping sweep, scans, nmap commands and be able to know what it going on to be able to answer the question.
I got a lot of attack type question from cross site scripting attack to Buffer overflow and anything in-between. Some come in the form of questions and some were screen shots. I like the screen captures as I am much better at these because all the pertinent information is there as opposed to questions that a specific to a vendor and can be subjective if you don’t do a lot with EC-Council.
One thing I like to do is ensure I read the answers first and then I read the question. This way I am processing what is possible in the question verse total crap. Usually there are 4 answers and 2 are way out there and one is possible but usually has something that will not comply with the question. One thing I was able to do because I have a good base was even if I did not know the answer I was able to use some critical thinking and get the right answer.
I took about 87 minutes to do the test (they give you 240 mins) and I feel that the test really feels like an entry level exam for people getting into hacking (pen testing). I did well and I put in about 60 to 70 hours total of study time but again I have a good base to work from.
Use this as an nmap command reference. https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
This site has some good reference material also: https://www.danielowen.com/2017/01/01/sans-cheat-sheets/
Know some snort, ids and firewall rules\commands: be able to look at the command and tell what it does.

When I started my Sec+ studying, I was recommended a book called,

"Security+ get Certified Get Ahead" by Darril Gibson

It's regarded as one of the best books and it has that littke CompTIA certified material thing or whatever. Great book that's straight to the point with a lot of examples and practice questions.

Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.

As for the equipment: Both the below links are good starting points. The top one is a bit older.

Build Your Own Security Lab: A Field Guide for Network Testing

[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)

Both will give you a good idea and a starting point.

But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.

There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.

Also I highly recommend THP2 (pentesting focused) (you can skip THP, its contents are all included and better organized in THP2) and THP3 (red teaming focused). Peter also hosts awesome trainings which I've leveraged into internships and jobs. more info at https://securepla.net/training

Application Security:

• The Art of Software Security Assessment
  
• A Bug Hunter's Diary
  
  Web Security:
  
  
• The Tangled Web
  
  Secure Systems
  
  
• A Guide to Kernel Exploitation
  
• Rootkits
  

I don't get how you're in a masters program in cybersec without knowing how to code...

Anyway, if you are leaning towards pentesting/networks, https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 as well as black hat python/violent python are what you want to start off, as well as a good book on networking book: https://www.amazon.ca/Computer-Networking-Top-Down-Approach-6th/dp/0132856204.

I'm actually confused about what the content of an msc program could be in cybersec if you don't already know how to code.

Computer Networking: A Top Down Approach by Kurose and Ross is often highly recommended.

https://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

https://pen-testing.sans.org/blog/2014/02/27/building-a-pen-test-infrastructure-hacking-at-home-on-the-cheap

and because I like you:

https://www.cybrary.it/0p3n/tutorial-for-setting-up-a-virtual-penetration-testing-lab-at-your-home/

https://www.pentesterlab.com/

https://community.rapid7.com/docs/DOC-2196

I used this book and would recommend it.

https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=pd_lpo_sbs_14_t_0?_encoding=UTF8&psc=1&refRID=SCTGP0Y33FZNTKV344Z8

A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security https://www.amazon.com/dp/1593273851/ref=cm_sw_r_cp_apa_iWHXAb48X2078

Penetration Testing: A Hands-On Introduction to Hacking
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Offensive Computer Security Spring 2014 Homepage Florida State University
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity

Offensive Security Certified Professional
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional

The Hacker Playbook 3: Practical Guide To Penetration Testing
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759

MIT Course Number 6.858 :Computer Systems Security
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014

Subreddits https://www.reddit.com/r/netsec+privacy+SocialEngineering+onions+ReverseEngineering+crypto+blackhat+security+Malware+pwned+netsecstudents+computerforensics+HackBloc+securityCTF+xss+vrd+rootkit+REMath

More at http://Learn.SharjeelSayed.com