Getting Started in Offensive Security (Shortened)
Currently this post is just a collection of links with a description of how I recommend using them.
TryHackMe recently released a good blog on this: Free Intro to Cyber. It goes along with a lot of this post and can be done independently or as a supplement to this post.
A simple collection of resources can be found at: My Cyber Resources.
If you live in the United States and are a citizen without a Bachelor's/Master's Degree, I recommend heading over to WGU's website. I'm currently enrolled in the BSCIA there and it follows along with many of my recommendations in this post.
Last updated: April 14th, 2023
Getting Started
Intro
- Computer Security
This page is a bit long but it covers cybersecurity and its importance well and will help you understand how the field came to be, how it's evolved, and how it's implemented in the private and public sector. - Penetration
Testing
Know what the goals of a pentest are, what the phases of a pentest are, and what white/black box refers to.
Google is my Superpower
- Refine Web
Searches
Most search engines allow users to optimize searches through the use of keywords and operators. We can use these methods to refine our searches but they also have an interesting security implication. - Google
Hacking/Dorking
Although google dorking is a bit out of scope for this section it's existence should plant some ideas about the "misuse" of innocent features and the scope of security in todays increasingly complex internet. An interesting side effect of adding complexity to any feature is that there are usually unintended consequences. - GHDB
This might come in handy later.
Linux Fu
- Linux
By now it might be obvious that I love Wikipedia. - Online Man Pages
A site that allows you to search the documentation of system commands for linux. These will be useful for completing the challenges at the end of this section. - Bash
Bash's Wikipedia page. Although it might not be incredibly helpful yet, you can refer to it in the future. - CmdChallenge
An online introduction to shell commands, don't forget to check the man pages. Go as far as you can. - VirtualBox Download
Page
Under "VirtualBox x.x.x platform packages" select your host. Download the "VirtualBox x.x.x Oracle VM VirtualBox Extension Pack" as well. You should only have to walk through the installation GUI. Refer to the docs if you run into issues. - Kali Download
Page
Select one of the VirtualBox downloads. You probably won't have to configure much but if you run into problems refer to the docs. Default credentials are kali/kali. - Bandit OTW
Further introduction to the shell, this time you have to ssh into the labs. You can do this with PuTTY on Windows or Linux. I describe installing VirtualBox and a Kali VM above. Try your best to reach and complete level 13.
Windows Pain
- Microsoft Windows
A brief intro to Windows from Wikipedia - cmd.exe
cmd.exe's Wikipedia page. The internal command section is particurlarly useful. You may notice some commands are the same as the Bash commands from before but many are different. Try to determine which commands were essential during the challenges and what they are in cmd. - PowerShell
PowerShell will feel more familiar than cmd but in reality it's quite different than bash. You can invoke PowerShell withPS
in a cmd shell. - Intro to
PowerShell
The basics, provided by Microsoft itself. - Century UTW
UnderTheWire, inspired by OverTheWire and for PowerShell. Go as far as you can.
CompTIA A+ (Non-free - Optional)
-
Official A+
page
The A+ exams cover the basics of computing and IT as the field is today. The exam will ensure that you have the necessary competancy to approach most basic problems faced as an IT professional. I only recommend taking this if you're a total noob or you have the money. My recommendation:- Take ExamCompass practice tests by topic.
- Study underperformed topics using Professor Messer's videos.
- Use getcertified4less to buy discounted voucher when thoroughly prepared.
- ExamCompass Practice
Tests
Free practice exams that can be taken by topic. Topics where you struggle can be improved by watching professor Messer. - Professor Messer 1101
and Professor Messer 1102
videos
Completely free videos that cover almost everything on each test. - getcertified4less
An authorized CompTIA partner that offers soon-to-expire vouchers at a discounted price. Make sure you select your regions voucher.
Getting Challenged
Networking
- OSI (7-layer)
Model
All networking courses seem to start here and for good reason, it will help conceptualize how the internet works. Remeber the layers, PDU's and the function of each layer, but most importantly; Please Don't Throw Sausage Pizza Away! - TCP/IP Model
An alternative to the OSI Model but actually implemented as a protocol stack. Memorize the comparison between the OSI Model and the TCP/IP Model. I learned this one from the top-down using this book: Computer Networking: A Top-Down Approach, Global Edition, 8th Edition. I can't recommend the book enough. I highly recommend buying if you can, otherwise it is atainable through that link. - TCP and UDP
Both are transport protocols but differ from each other significantly. TCP is connection-oriented and makes use of a three-way handshake to establish a connection. UDP is connectionless, meaning that it does not provide guaranteed delivery although there are some applications that attempt to make up for this, such as TFTP, which has a rudimentary handshake process. - Client-Server Model
and
Peel-to-Peer
Understand the difference between the two and be able to identify some applications that uses each. - Wireshark
Download
Wireshark is already on Kali if you downloaded that earlier. The official page has some sample captures that might be of interest. I suggest checking out the protocols you're familiar with: SampleCaptures. You can also capture your own traffic and observe it. - Hackers-Arise: Networking
for Hackers
A good intro to networking. I recommend just looking through this casually so you become familiar with terminology.
CompTIA Network+ (Non-free - Recommended)
-
Official Network+
page
I recommend taking, or at least studying this exam. It probably won't land you any jobs but the information you will take away is highly applicable. I recommend the same method for preparing for the A+:- Take ExamCompass practice tests by topic.
- Study underperformed topics using Professor Messer's videos.
- Use getcertified4less to buy discounted voucher when thoroughly prepared.
- ExamCompass Practice
Tests
Free practice exams that can be taken by topic. Topics where you struggle can be improved by watching professor Messer. - Professor Messer
N10-008 videos
Completely free videos that cover almost everything on each test. - getcertified4less
An authorized CompTIA partner that offers soon-to-expire vouchers at a discounted price. Make sure you select your regions voucher.
Bash Scripting (Optional but recommended)
- Bash One-Liners
Explained: Part 1, Part 2, Part 3, Part 4, and Part 5
Learning one-liners will be a great primer for learning bash scripting and will make life in the shell easier. - Learn Bash in Y
mins
This site is an awesome resource for quickly covering the basics of a language. I recommend using it -
Coding Game
A fun, interactive way to practice programming in multiple languages. Don't forget to select Bash. I recommend doing the few below:- Onboarding
- Power of Thor
- Mars Lander
- The Descent
- Temperatures
- Ascii-art
- Rock-Paper-Scissors
- Stock Exchange Losses
- Encryption/Decryption of Enigma Machine
Special (Optional) Challenges for the Initiated:
Python Scripting (Optional)
- Learn Python in Y
mins
Once you start using a language regularly you can compare the LXYM pages to the language's page you're already familiar with. I reccomend looking through this and writing what you don't know. - Automate the Boring
Stuff
This book has a nice intro to Python as well as practical use cases for python scripting. - Python-Course
Only read through what you're not familiar with. -
Coding Game
A fun, interactive way to practice programming in multiple languages. Don't forget to select Python. I recommend doing the few below:- Onboarding
- Power of Thor
- Mars Lander
- The Descent
- Temperatures
- Ascii-art
- Rock-Paper-Scissors
- Stock Exchange Losses
- Encryption/Decryption of Enigma Machine
Special (Optional) Challenges for the Initiated:
Javascript (Optional)
- Mozilla Developer
Network: JavaScript
A good resource for learning JS. - Learneroo: JS
Interactive JavaScript language guide with challenges - MDN: DOM
I highly recommend reading through this and going down the rabbit hole with DOM. - Javascript for Pentesters
(Challenging)
These are the challenges provided by Pentester Academy. We have yet to cover web attacks but this may serve as an introduction. If you want to do all of the challenges modify the URL by changing the 1 to a 2 and so forth. There are 21 pages in total. Good luck!
C++ (Optional)
- Learn C++ in Y
Mins
I recommend at least getting an elementary understanding of an intermediate or lower level language. This is a good start and there are more references at the bottom. - Learn Cpp
A course if you prefer. - Programming4Wannabes
Course covering C and Assembly, I do recommend reading through this as it will help with the C-Family Vulnerabilities course later.
ASM
- Assembly on
Wikipedia
Understand what assembly is and how it relates to programming today. - x86 Assembly
Refresher
This can serve as a cheat sheet for x86 Intel assembly. Look through and remember the registers and instructions. - OpenSecurityTraining2s Architecture 1001: x86-64 Assembly
A thorough intro to asm that covers the 20 most common instructions.
Getting Comfortable
Labs (Non-free Recommended 1-2 Month subscription)
- Tryhackme Jr Pentest
Path
A great hands-on introduction to Penetration Testing. I recommend taking notes.
Initial Reconnaissance
- HackTricks
When you start it seems like there is an overwhelming amount of possibilities. Over time you'll be able to narrow those possibilities down to the most likely to occur. I recommend using this site to get a sense of valuable targets and ports. Simply look up the ports open on the target, take notes and try to not become over-dependent. - Autorecon
Once you get some experience, it can sometimes save time to use this script. I only recommend using it once you can move through labs on your own. Alternatively, attempt to make your own script that can automate this phase.
Web Vulnerabilities
- Portswigger's Web
Academy
You need to sign up. They have a learning path that you can follow but I got bored going through all of them in order. I recommend reading what you find interesting, doing the apprentice labs and then 2 or 3 of the most interesting practitioner labs for each section. You can pair this with the next resource. - OWASP WSTG
Owasp's Web Security Testing Guide. I recommend reading through this as you're doing the labs from the last section and taking notes. - OWASP Juice Shop
An intentionally vulnerable site. Practice what you've learned in the past two sections.
Finding Known Vulnerabilities and Exploits
- Using Google for Finding
CVE's
Add the version of software to the beginning of this query. For example if you found a MySQL instance running version 5.0.12 then you would search for:mysql "5.0.12" "CVE"
This will return known vulnerabilities for that version and make finding exploits easier. - Using Google for Finding
Exploits
Add the CVE ID to the beginning of this query. For example if you found a service that was vulnerable to CVE-2012-2122 then your query would be:"CVE-2012-2122" "exploit"
- ExploitDB
You can modify the URL to search for text content within exploits, it's usually useful to try software name, software version and CVE ID.
Getting a Cert
Windows Privilege Escalation
- Windows PrivEsc
HackTricks
From the maker of PEASS-ng. Lots of good info on this cheat sheet. - Eli2k's Windows PrivEsc
Cheat Sheet
My personal cheat sheet. You can look up the Windows version and it will search the page for the first occurence of a kernel exploit for that version. - PEASS-ng
Binaries that will automate these checks to a degree, transfer and execute on victim. - LOLBAS
A list of binaries on Windows with methods for taking advantage of them.
Linux Privilege Escalation
- Linux Privilege
Escalation HackTricks
From the maker of PEASS-ng. Lots of good info on this cheat sheet. - Eli2k's Linux PrivEsc
Cheat Sheet
My personal cheat sheet. - PEASS-ng
Binaries that will automate these checks to a degree, transfer and execute on victim. - GTFOBins
A list of binaries with methods for taking advantage of them, similar to LOLBAS.
Memory Vulnerablities
- OpenSecurityTraining's
C-Family Vulns
An in-depth intro to memory vulns. Feel free to complete other courses on this site as they are all good. - Tib3rius's BoF room on
THM
A good room covering the basics and a solid methodology. If you want to host the files locally you can download them here: Exploitable-Binaries - Nightmare!
A challenging introductory course that has many hands on challenges. You can get the files without text from here: Nightmare-Files
Labs (Highly recommend a paid subscription to both TryHackMe and HackTheBox)
- Tryhackme Offensive
Pentest Path
A step-up from the previous tryhackme path, I highly recommend avoiding write-ups, if you struggle go back to your notes. This path covers Active Directory nicely as well. - Hack The Box: Starting
Point
HackTheBox is a great platform that allows you to test your skills on a variety of machines. I recommend starting here. - TJ_Nulls HackTheBox
list
A curated list said to be OSCP-like. Many of these are exceptionally difficult while you're starting out. I recommend going as far as you can in the labs while writing detailed notes. If you get stuck for more than 4 hours move on and come back later. - TJ_Nulls Vulnhub
list
A curated list said to be OSCP-like, I personally did not use this list but I have heard good things about it.
Resources
- IppSec
Once you complete a lab, I recommend checking out the associated video on ippsecs channel. They provide detailed explanations and may give you a different perspective. - Oxdf
If you prefer reading, this is a great alternative or addition to watching ippsecs videos. - LiveOverflow
This is the channel that got me into CTFs, I started with the pwnie adventures series. I followed along the best I could and then started watching every other series on the channel. I don't necessarily recommend the channel as a source of information since it isn't as concise and explicit in delivering information as some others but definitely do recommend the channel as a source of inspiration.
Note:
This is the end for now, If you've made it this far and done everything I recommended, Congrats! If you're still working through everything don't stress about speed too much. It took me almost a year to gather this list together and finish everything. Don't rush too much and enjoy the process as much as you can. The amount of things to do can get overwhelming and you'll never be able to do everything, just make sure you're doing things you enjoy.
And Beyond (Coming Soon. - Optional)
Mobile Security
Wireless and IoT Security
Hardware Security
Fuzzing
- Fuzzing 101
A great introduction to fuzzing.
Red Teaming
- Tryhackme's Red Teaming
Path
A nice intro to red teaming