I'll caveat my response by saying I'm not in this field - I'm a lowly
sysadmin :)

On Oct 30, 2016 00:01, "David Christensen" <dpchr...@holgerdanske.com>
wrote:
>
> On 10/29/2016 11:50 AM, emetib wrote:
> > have been a linux only person since before 2000 (late 2.2 early 2.4
> > kernels), yet haven't done much with it in the last ten years. ...
>
> > i'm looking at getting back into it and into pen
> > testing.
>
> I assume you mean penetration testing.  Given that computers and
> networks are built from many hardware, firmware, and software work
> products, I would expect that there are specialties.  It might help to
> pick one, and then find the knowledge and skill dependencies.
>

It really would, but I assume he'll find some subset he enjoys more than
others after some learning. You'll either learn enough to run tools and
scan for known issues or find it more enjoyable to research all the myriad
of ways our tech is broken.

Either way, you want to know (at least) the basics of programming. I
touched bash, python, ruby, and perl and json, yaml and ini last week
(mainly at work) and I can assure you they're all pretty much the same, so
don't really worry about learning multiple until you must - pick one and
learn it. Pick something useful (ie, most people don't use Smalltalk so you
support community and modules won't be as large so maybe not the best - fun
language though) and maybe you find yourself using a tool a lot - might
consider learning the language it's written in. To be more precise -
Metasploit is ruby, recon-ng is python, nmap is c (with an o object passed
everywhere), volatility is python, etc.

Pentesting - start staying up to date with CVEs and netsec on reddit and
darkreading and the like. Learn the tools and what they do. Lots of CTFs
are downloadable after the event (and people often do writeups that you can
look for when you run into trouble). And learn your tools  - this includes
basic Unix like strings, grep, file (know the limitations of magic though),
find but also nmap, msf, Wireshark, volatility, recon-ng, sqlmap, etc. This
isn't to say you shouldn't know how the tools you run work, but I find it
useful to learn the tool and look at what it's doing. Ie, start Wireshark
and capture and run a basic nmap and see what happens.

Exploit dev - so you can either go down the network path - I'd start by
gripping the RFCs for the word "should" and "may" and see which daemons
have issues with that part of their implementation (also be aware networks
love time and some errors may lead to leaks). If you go down the normal x86
exploit dev path, I'd start by looking at old viruses and malware and PoC
exploits and understand how they work. Also probably want to setup setup
cuckoo sandbox and mastiff.

All of this said, I'd strongly suggest having a good rounded base of
knowledge. So get ready for the real reading list - not just to sit on the
couch with - read them while in front of a computer:
PC asm (freely available online - nostarch also publishes a much bigger /
more in depth / pricier assembly book I have and haven't gotten around to
reading yet)
Hacking the art of exploitation

And depending on which route you go:
Metasploit
Practical malware analysis

You'll notice a trend - other than pc assembly, they're all published by
nostarch. I'm unaware of any books on malware dev - which is why I
recommend looking at prior malware and an analysis book, though I'm sure
your gov can provide tons of literature here if you ask nice enough ;)

Most conferences also post talks on YouTube - for the most part, I suggest
being active as you watch them (pause, Google, read, return, repeat).

>
> > from what i have been reading lately i'm going to have to know quite
> > a bit about a couple of different things that i didn't jump to deep
> > into before, programming and networking especially. ...
>
> > i have given myself a four year window on this learning cycle and am
> curious about going about it. ...
>
> > please just give advice and not right or wrong opinions on what i
> > maybe trying to do with my options and if i should actually take some
> > classes to augment my self learning.
>
> If you are serious about this, go get yourself a degree in computer
> science.  I preferred and recommend the old-fashioned university
> approach -- professors, planned sequence of courses, classrooms, labs,
> textbooks, homework, projects, and especially the camaraderie of other
> students.
>

I'll preface this by saying I have 30 hours of community college credits.
I've also had this discussion a few times - mixed reviews.

Most schools won't teach you computer security. I think CMU might have the
best program in the states though. But basically, if you go this route,
read up on what the professors do when not teaching - if none have been in
industry for years or don't have any research industry is talking about...

So given the expense (both time and money), I recommend against this. If
this interests you enough, you'll find tons online and pick it up. If it
doesn't, drop it - it'll give you headaches even if you enjoy it sometimes
(like spending 8+ hours banging your head against one flag and not going to
sleep until 0600 because of it) so if you don't you will hate life and suck
at it.

A word on certs - don't get them until someone is paying you to do so (with
the exception of RHCE and OSCP). If a job wants you to have X cert, they
can hire you with the contingency of you gaining said cert within some
reasonable time frame. And most are multiple guess, so just pick up the
shortest, highest rated book on the cert and write flash cards while you
read, memorize them, take the test and be done with it.

HTH

Reply via email to