Neko

Getting Started in Offensive Security (Shortened)

Currently this post is just a collection of links with a description of how I recommend using them.

TryHackMe recently released a good blog on this: Free Intro to Cyber. It goes along with a lot of this post and can be done independently or as a supplement to this post.

A simple collection of resources can be found at: My Cyber Resources.

If you live in the United States and are a citizen without a Bachelor's/Master's Degree, I recommend heading over to WGU's website. I'm currently enrolled in the BSCIA there and it follows along with many of my recommendations in this post.


Last updated: April 14th, 2023

Getting Started

Intro

  • Computer Security
    This page is a bit long but it covers cybersecurity and its importance well and will help you understand how the field came to be, how it's evolved, and how it's implemented in the private and public sector.
  • Penetration Testing
    Know what the goals of a pentest are, what the phases of a pentest are, and what white/black box refers to.

Google is my Superpower

  • Refine Web Searches
    Most search engines allow users to optimize searches through the use of keywords and operators. We can use these methods to refine our searches but they also have an interesting security implication.
  • Google Hacking/Dorking
    Although google dorking is a bit out of scope for this section it's existence should plant some ideas about the "misuse" of innocent features and the scope of security in todays increasingly complex internet. An interesting side effect of adding complexity to any feature is that there are usually unintended consequences.
  • GHDB
    This might come in handy later.

Linux Fu

  • Linux
    By now it might be obvious that I love Wikipedia.
  • Online Man Pages
    A site that allows you to search the documentation of system commands for linux. These will be useful for completing the challenges at the end of this section.
  • Bash
    Bash's Wikipedia page. Although it might not be incredibly helpful yet, you can refer to it in the future.
  • CmdChallenge
    An online introduction to shell commands, don't forget to check the man pages. Go as far as you can.
  • VirtualBox Download Page
    Under "VirtualBox x.x.x platform packages" select your host. Download the "VirtualBox x.x.x Oracle VM VirtualBox Extension Pack" as well. You should only have to walk through the installation GUI. Refer to the docs if you run into issues.
  • Kali Download Page
    Select one of the VirtualBox downloads. You probably won't have to configure much but if you run into problems refer to the docs. Default credentials are kali/kali.
  • Bandit OTW
    Further introduction to the shell, this time you have to ssh into the labs. You can do this with PuTTY on Windows or Linux. I describe installing VirtualBox and a Kali VM above. Try your best to reach and complete level 13.

Windows Pain

  • Microsoft Windows
    A brief intro to Windows from Wikipedia
  • cmd.exe
    cmd.exe's Wikipedia page. The internal command section is particurlarly useful. You may notice some commands are the same as the Bash commands from before but many are different. Try to determine which commands were essential during the challenges and what they are in cmd.
  • PowerShell
    PowerShell will feel more familiar than cmd but in reality it's quite different than bash. You can invoke PowerShell with PS in a cmd shell.
  • Intro to PowerShell
    The basics, provided by Microsoft itself.
  • Century UTW
    UnderTheWire, inspired by OverTheWire and for PowerShell. Go as far as you can.

CompTIA A+ (Non-free - Optional)

  • Official A+ page
    The A+ exams cover the basics of computing and IT as the field is today. The exam will ensure that you have the necessary competancy to approach most basic problems faced as an IT professional. I only recommend taking this if you're a total noob or you have the money. My recommendation:
    1. Take ExamCompass practice tests by topic.
    2. Study underperformed topics using Professor Messer's videos.
    3. Use getcertified4less to buy discounted voucher when thoroughly prepared.
  • ExamCompass Practice Tests
    Free practice exams that can be taken by topic. Topics where you struggle can be improved by watching professor Messer.
  • Professor Messer 1101 and Professor Messer 1102 videos
    Completely free videos that cover almost everything on each test.
  • getcertified4less
    An authorized CompTIA partner that offers soon-to-expire vouchers at a discounted price. Make sure you select your regions voucher.

Getting Challenged

Networking

  • OSI (7-layer) Model
    All networking courses seem to start here and for good reason, it will help conceptualize how the internet works. Remeber the layers, PDU's and the function of each layer, but most importantly; Please Don't Throw Sausage Pizza Away!
  • TCP/IP Model
    An alternative to the OSI Model but actually implemented as a protocol stack. Memorize the comparison between the OSI Model and the TCP/IP Model. I learned this one from the top-down using this book: Computer Networking: A Top-Down Approach, Global Edition, 8th Edition. I can't recommend the book enough. I highly recommend buying if you can, otherwise it is atainable through that link.
  • TCP and UDP
    Both are transport protocols but differ from each other significantly. TCP is connection-oriented and makes use of a three-way handshake to establish a connection. UDP is connectionless, meaning that it does not provide guaranteed delivery although there are some applications that attempt to make up for this, such as TFTP, which has a rudimentary handshake process.
  • Client-Server Model and Peel-to-Peer
    Understand the difference between the two and be able to identify some applications that uses each.
  • Wireshark Download
    Wireshark is already on Kali if you downloaded that earlier. The official page has some sample captures that might be of interest. I suggest checking out the protocols you're familiar with: SampleCaptures. You can also capture your own traffic and observe it.
  • Hackers-Arise: Networking for Hackers
    A good intro to networking. I recommend just looking through this casually so you become familiar with terminology.

CompTIA Network+ (Non-free - Recommended)

  • Official Network+ page
    I recommend taking, or at least studying this exam. It probably won't land you any jobs but the information you will take away is highly applicable. I recommend the same method for preparing for the A+:
    1. Take ExamCompass practice tests by topic.
    2. Study underperformed topics using Professor Messer's videos.
    3. Use getcertified4less to buy discounted voucher when thoroughly prepared.
  • ExamCompass Practice Tests
    Free practice exams that can be taken by topic. Topics where you struggle can be improved by watching professor Messer.
  • Professor Messer N10-008 videos
    Completely free videos that cover almost everything on each test.
  • getcertified4less
    An authorized CompTIA partner that offers soon-to-expire vouchers at a discounted price. Make sure you select your regions voucher.

Bash Scripting (Optional but recommended)

Python Scripting (Optional)

Javascript (Optional)

  • Mozilla Developer Network: JavaScript
    A good resource for learning JS.
  • Learneroo: JS
    Interactive JavaScript language guide with challenges
  • MDN: DOM
    I highly recommend reading through this and going down the rabbit hole with DOM.
  • Javascript for Pentesters (Challenging)
    These are the challenges provided by Pentester Academy. We have yet to cover web attacks but this may serve as an introduction. If you want to do all of the challenges modify the URL by changing the 1 to a 2 and so forth. There are 21 pages in total. Good luck!

C++ (Optional)

  • Learn C++ in Y Mins
    I recommend at least getting an elementary understanding of an intermediate or lower level language. This is a good start and there are more references at the bottom.
  • Learn Cpp
    A course if you prefer.
  • Programming4Wannabes
    Course covering C and Assembly, I do recommend reading through this as it will help with the C-Family Vulnerabilities course later.

ASM

Getting Comfortable

Labs (Non-free Recommended 1-2 Month subscription)

Initial Reconnaissance

  • HackTricks
    When you start it seems like there is an overwhelming amount of possibilities. Over time you'll be able to narrow those possibilities down to the most likely to occur. I recommend using this site to get a sense of valuable targets and ports. Simply look up the ports open on the target, take notes and try to not become over-dependent.
  • Autorecon
    Once you get some experience, it can sometimes save time to use this script. I only recommend using it once you can move through labs on your own. Alternatively, attempt to make your own script that can automate this phase.

Web Vulnerabilities

  • Portswigger's Web Academy
    You need to sign up. They have a learning path that you can follow but I got bored going through all of them in order. I recommend reading what you find interesting, doing the apprentice labs and then 2 or 3 of the most interesting practitioner labs for each section. You can pair this with the next resource.
  • OWASP WSTG
    Owasp's Web Security Testing Guide. I recommend reading through this as you're doing the labs from the last section and taking notes.
  • OWASP Juice Shop
    An intentionally vulnerable site. Practice what you've learned in the past two sections.

Finding Known Vulnerabilities and Exploits

  • Using Google for Finding CVE's
    Add the version of software to the beginning of this query. For example if you found a MySQL instance running version 5.0.12 then you would search for: mysql "5.0.12" "CVE"
    This will return known vulnerabilities for that version and make finding exploits easier.
  • Using Google for Finding Exploits
    Add the CVE ID to the beginning of this query. For example if you found a service that was vulnerable to CVE-2012-2122 then your query would be: "CVE-2012-2122" "exploit"
  • ExploitDB
    You can modify the URL to search for text content within exploits, it's usually useful to try software name, software version and CVE ID.

Getting a Cert

Windows Privilege Escalation

  • Windows PrivEsc HackTricks
    From the maker of PEASS-ng. Lots of good info on this cheat sheet.
  • Eli2k's Windows PrivEsc Cheat Sheet
    My personal cheat sheet. You can look up the Windows version and it will search the page for the first occurence of a kernel exploit for that version.
  • PEASS-ng
    Binaries that will automate these checks to a degree, transfer and execute on victim.
  • LOLBAS
    A list of binaries on Windows with methods for taking advantage of them.

Linux Privilege Escalation

Memory Vulnerablities

Labs (Highly recommend a paid subscription to both TryHackMe and HackTheBox)

  • Tryhackme Offensive Pentest Path
    A step-up from the previous tryhackme path, I highly recommend avoiding write-ups, if you struggle go back to your notes. This path covers Active Directory nicely as well.
  • Hack The Box: Starting Point
    HackTheBox is a great platform that allows you to test your skills on a variety of machines. I recommend starting here.
  • TJ_Nulls HackTheBox list
    A curated list said to be OSCP-like. Many of these are exceptionally difficult while you're starting out. I recommend going as far as you can in the labs while writing detailed notes. If you get stuck for more than 4 hours move on and come back later.
  • TJ_Nulls Vulnhub list
    A curated list said to be OSCP-like, I personally did not use this list but I have heard good things about it.

Resources

  • IppSec
    Once you complete a lab, I recommend checking out the associated video on ippsecs channel. They provide detailed explanations and may give you a different perspective.
  • Oxdf
    If you prefer reading, this is a great alternative or addition to watching ippsecs videos.
  • LiveOverflow
    This is the channel that got me into CTFs, I started with the pwnie adventures series. I followed along the best I could and then started watching every other series on the channel. I don't necessarily recommend the channel as a source of information since it isn't as concise and explicit in delivering information as some others but definitely do recommend the channel as a source of inspiration.

Note:

This is the end for now, If you've made it this far and done everything I recommended, Congrats! If you're still working through everything don't stress about speed too much. It took me almost a year to gather this list together and finish everything. Don't rush too much and enjoy the process as much as you can. The amount of things to do can get overwhelming and you'll never be able to do everything, just make sure you're doing things you enjoy.

And Beyond (Coming Soon. - Optional)

Mobile Security

Wireless and IoT Security

Hardware Security

Fuzzing

Red Teaming

Cert Advice