Faster Delivery = Happy Users
Automated Process = Fewer Errors
Standards = Cost Reduction
Order Visibility = Confidence
Linking Systems = Efficiency
A while back, a Twitter user asked us the following question:
I have a friend who is looking into ethical hacking. She is also a broke college student so do you know of any free for affordable resources she can use?
Ethical hackers use their knowledge of vulnerabilities to help defend against criminals, hacktivists, and nation-state attackers (and sometimes, mischievous pranksters). They need a solid background in writing software, designing networks, navigating operating systems, and interpreting network protocols. But beyond that, they’ll need resources to stay on top of current attacks, learn how to use common tools, and build a network of like-minded peers. Even the best of us can’t do it alone!
Unlike criminals who attack systems and networks without consent, ethical hackers must find opportunities to practice and enhance their skills in safe environments. For some, that means setting up a home or shared lab environment with vulnerable networks, servers, and workstations. But the cost and maintenance of such a lab can be expensive and time-consuming. Fortunately, there are a plethora of resources available to the aspiring ethical hacker!
We’ll break this into two parts: learning the basic skill set and staying current.
Capture the Flag exercises can be self-paced, downloadable vulnerable environments, or competitive online events in which you are expected to attack and/or defend vulnerable systems. Some are made to be frustrating, which is probably not what you want. Others are great for beginners, and some give you enough to build confidence while stretching your skills a bit. But, most importantly, they are safe environments to build your skills! Here are a few of my favorites:
An important note about CTFs in general: You’ll sometimes find yourself stuck, exhausted, and frustrated. That’s expected. Take good notes, take a break, then come back in a few weeks when teams have started doing write-ups. (Watch CTFTime for write-ups.) Those write-ups will often walk you through the thought process, tools, and attacks used by more advanced teams to succeed. Use CTF writeups to grow and learn! (Otherwise, frankly, what’s the point?)
Personally, I like books that give lots of hands-on examples and labs, since that’s my learning style. I also tend to focus on Windows-based attacks, since that’s where my interest (and, frankly, the demand) lies. On a budget? Check your local library to see if they’ve got any in stock, if they can borrow a copy, or if they subscribe to an ebook service. My favorites are:
Once you’ve got some skills under your belt, you’ll need to stay on top of current attacks and new tools. Here’s how members of our Metasploit development team stay current:
As an avid Reddit lurker, I find it a good way to keep up with specific areas of InfoSec. The following is a list of subreddits that I would consider following, from active subreddits I consider an absolute must to less-populated and focused subreddits:
There are also a handful of lower-traffic groups that are more focused, depending on your interests: /r/reverseEngineering, /r/Malware, /r/Metasploit, /r/blackhat, /r/cyberlaws, /r/computerforensics, /r/AskNetsec, /r/securityCTF, /r/vrd, /r/lowlevel, /r/rootkit
You’ll build your own list of sources over time, but here’s a good start.
There are tons of YouTube and other videos out there with tutorials on ethical hacking, but the quality and relevance of the content vary hugely. This is another place where I (and the team) will admit bias, but Metasploit contributor Rob Fuller’s Metasploit Minute series is one reliable, high-quality source of information. Rob (@mubix) not only knows pen testing inside-and-out, he invests a lot of energy in giving back to folks who are learning.
I’m not big on Twitter myself, but I hear from reliable people that it’s a great resource for real-time conversations and curating lists of knowledgeable folks with specialized (or not!) interests. The best way to go about this is simply to dive into the wormhole: Find some security researchers or practitioners who seem interesting, see who they follow and talk to, rinse and repeat. Check out the lists fellow infosec folks have made for themselves, too; many people create general “Security” or more narrowly-focused lists of people whose content they find valuable.
Twitter’s also a good resource during big infosec events—and events in this context can mean both conferences (search for your favorite con’s hashtag to see who’s sharing good info, what’s getting attention, etc.) and “events” like malware campaigns or publication of high-profile vulns. The Twitter conversation around celebrity vulnerabilities—not to mention campaigns like WannaCry or Not-Petya with lots of media coverage—can get noisy, but they’re also good opportunities to see where the security community agrees and disagrees on analysis, exploitation, and defense strategy.
There are some staples and some lesser-known ones. Find what works for you. Do you prefer small conferences where you can form relationships or big conferences with high-profile talks? (Personally, I’m in it for the small ones.) Here’s my list:
Whew! That should keep you busy for a bit, but please, if we missed anything, or if you want to chime in with your own favorite resources, let us know below! Happy hacking!
This article was originally published here.