(Part 2) Best products from r/netsecstudents
We found 28 comments on r/netsecstudents discussing the most recommended products. We ran sentiment analysis on each of these comments to determine how redditors feel about different products. We found 95 products and ranked them based on the amount of positive reactions they received. Here are the products ranked 21-40. You can also go back to the previous section.
22. Build Your Own Security Lab: A Field Guide for Network Testing
- 80 PLUS Bronze certified High efficiency operation for less excess heat and lower operating costs
- Thermally Controlled Fan Silent operation at low and medium loads
- Semi -Modular Make your builds and upgrades easy with clean great-looking results
- Five year Your of reliable operation that will last across several system builds. Continuous output rated temperature-40°C
Features:
23. A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
- Used Book in Good Condition
Features:
24. Computer Networking: A Top-Down Approach (6th Edition)
- Online Access
Features:
25. The Hacker Playbook 3: Practical Guide To Penetration Testing
- Clear Circle Epoxy Stickers
- Quantity: 50 Pcs.
- Diameter: Various diameters between 1/4 inch and 3 inch
- Thickness: 1/16 inch - (1.6mm)
- Please contact us for custom sizes and shapes.
Features:
26. The IDA Pro Book, 2nd Edition: The Unofficial Guide to the World's Most Popular Disassembler
- Used Book in Good Condition
Features:
28. How Linux Works, 2nd Edition: What Every Superuser Should Know
- No Starch Press
Features:
30. Windows System Programming (4th Edition) (Addison-Wesley Microsoft Technology Series)
31. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
- Used Book in Good Condition
Features:
35. Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition
- O'Reilly Media
Features:
37. Automate the Boring Stuff with Python: Practical Programming for Total Beginners
- No Starch Press
Features:
If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.
The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out
For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.
x86 Assembly:
If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.
A few good books would be:
Hands On:
Courses:
Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.
Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:
Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
*edited a name out
In my opinion; every book in this bundle is a bag of shit.
Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):
Web Hacking:
The Web Hackers Handbook (Link)
Infrastructure:
Network Security Assessment (Link)
Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.
General:
Hacking: The Art of Exploitation (Link)
Grey Hat Hacking (Link)
Linux:
Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)
Metasploit:
I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).
Nmap:
The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.
Malware Analysis:
Practical Malware Analysis (Link)
The book is old, but the methodology is rock solid.
Programming / Scripting:
Python: Automate the Boring Stuff (Link)
Hope that helps.
You don't really need much to get started. If you have a beefy laptop or desktop you can virtualize yourself a nice lab. Download VirtualBox and get yourself a kali iso and some vulnerable machines from Vulnhub. Lots of good training is also available over at OverTheWire. I can't speak for Cybrary but I've heard good things about it. Youtube and SecurityTube have endless tutorials as well.
There are lots of good books out there too - almost too many to mention. If you're just starting, check this one out: https://www.amazon.com/Penetration-Testing-Essentials-Oriyano/dp/1119235308
EDIT: Oh, also - head over to /r/howtohack and join the IRC there. Lots of knowledgeable guys who can help point you in the right direction. You can only teach yourself so much, so find communities and bounce ideas off of other professionals' heads. Like some of the others here said, you really need to have a foundational understanding of what you're trying to hack. Most people start in tier 1/desktop support work and slowly, through time and experience, specialize in infosec. Don't every expect to just wake up and be a cyber security professional... it's going to take a long time.
Cybrary has solid training - I definitely would recommend them. I don't know that it alone will be enough to pass the exam but it certainly is a good start. The Darryl Gibson book seems to have pretty positive feedback so you may want to pick that one up as well. Here is an Amazon link for it: https://www.amazon.com/CompTIA-Security-Get-Certified-Ahead/dp/1939136059/ref=pd_sim_14_3?_encoding=UTF8&pd_rd_i=1939136059&pd_rd_r=W762ZND5VVXXV57WFX7R&pd_rd_w=mXr4x&pd_rd_wg=90N8D&psc=1&refRID=W762ZND5VVXXV57WFX7R
I would like to post another review of a certification for CEH version 10. I would like to say I am not a fan of dumps as it does not teach you anything and devalues the certification. I try to put in the time to really understand the information and be technically capable of doing the job.
I started off my process of doing my studying by taking an online based class of 40 hours that was lecture and labs. It was through the Army on something called Skill Port. It was fairly average and I would say that it was not that great a training aid. On a scale of 1-10 it was about a 5.
So I purchased the Sybex book for CEH (https://www.amazon.com/Certified-Ethical-Hacker-Study-Guide/dp/1119533198/ref=dp_ob_title_bk ) . I find that the Sybex book are very easy to read, convey the concept well and don’t drown people in a lot of fluff but they need a spell checker some times. I read through the book and took the practice tests. Anything that I felt weak on I would reread and do a little googling so I could make better sense out of it. Then I retook the practice tests again with a much better outcome.
The material is not super deep and from a hacking perspective it was not what I was expecting. Some areas I would concentrate on were basic ports and protocols, know how to look at a packet capture, ping vs ping sweep, scans, nmap commands and be able to know what it going on to be able to answer the question.
I got a lot of attack type question from cross site scripting attack to Buffer overflow and anything in-between. Some come in the form of questions and some were screen shots. I like the screen captures as I am much better at these because all the pertinent information is there as opposed to questions that a specific to a vendor and can be subjective if you don’t do a lot with EC-Council.
One thing I like to do is ensure I read the answers first and then I read the question. This way I am processing what is possible in the question verse total crap. Usually there are 4 answers and 2 are way out there and one is possible but usually has something that will not comply with the question. One thing I was able to do because I have a good base was even if I did not know the answer I was able to use some critical thinking and get the right answer.
I took about 87 minutes to do the test (they give you 240 mins) and I feel that the test really feels like an entry level exam for people getting into hacking (pen testing). I did well and I put in about 60 to 70 hours total of study time but again I have a good base to work from.
Use this as an nmap command reference. https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
This site has some good reference material also: https://www.danielowen.com/2017/01/01/sans-cheat-sheets/
Know some snort, ids and firewall rules\commands: be able to look at the command and tell what it does.
When I started my Sec+ studying, I was recommended a book called,
"Security+ get Certified Get Ahead" by Darril Gibson
It's regarded as one of the best books and it has that littke CompTIA certified material thing or whatever. Great book that's straight to the point with a lot of examples and practice questions.
Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.
As for the equipment: Both the below links are good starting points. The top one is a bit older.
Build Your Own Security Lab: A Field Guide for Network Testing
[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)
Both will give you a good idea and a starting point.
But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.
There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.
Also I highly recommend THP2 (pentesting focused) (you can skip THP, its contents are all included and better organized in THP2) and THP3 (red teaming focused). Peter also hosts awesome trainings which I've leveraged into internships and jobs. more info at https://securepla.net/training
Application Security:
Web Security:
Secure Systems
I don't get how you're in a masters program in cybersec without knowing how to code...
Anyway, if you are leaning towards pentesting/networks, https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 as well as black hat python/violent python are what you want to start off, as well as a good book on networking book: https://www.amazon.ca/Computer-Networking-Top-Down-Approach-6th/dp/0132856204.
I'm actually confused about what the content of an msc program could be in cybersec if you don't already know how to code.
Computer Networking: A Top Down Approach by Kurose and Ross is often highly recommended.
https://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://pen-testing.sans.org/blog/2014/02/27/building-a-pen-test-infrastructure-hacking-at-home-on-the-cheap
and because I like you:
https://www.cybrary.it/0p3n/tutorial-for-setting-up-a-virtual-penetration-testing-lab-at-your-home/
https://www.pentesterlab.com/
https://community.rapid7.com/docs/DOC-2196
I used this book and would recommend it.
https://www.amazon.com/CompTIA-Security-Certified-Ahead-SY0-401/dp/1939136024/ref=pd_lpo_sbs_14_t_0?_encoding=UTF8&psc=1&refRID=SCTGP0Y33FZNTKV344Z8
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security https://www.amazon.com/dp/1593273851/ref=cm_sw_r_cp_apa_iWHXAb48X2078
Penetration Testing: A Hands-On Introduction to Hacking
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
Offensive Computer Security Spring 2014 Homepage Florida State University
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity
Offensive Security Certified Professional
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional
The Hacker Playbook 3: Practical Guide To Penetration Testing
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759
MIT Course Number 6.858 :Computer Systems Security
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014
Subreddits https://www.reddit.com/r/netsec+privacy+SocialEngineering+onions+ReverseEngineering+crypto+blackhat+security+Malware+pwned+netsecstudents+computerforensics+HackBloc+securityCTF+xss+vrd+rootkit+REMath
More at http://Learn.SharjeelSayed.com