Learning to Code

You can't just jump into cyber security, you need some foundational knowledge and skills to learn first.

I started on client services side, desktop; then moved into system administration, application administration and finally security. I was weak on networking side, so I studied Cisco Networking and worked with the network team.

Now coding. I lack scripting and coding skills, so I am starting out by learning HTML, CSS and Javascript. Here are some resources that I am finding helpful:

Mozilla - Getting Started with the Web
Price: Free!
Starts with HTMl, CSS, then moves into JavaScript and others.

Site: https://www.freecodecamp.org
Price: Free!
Starts off basic with HTML and CSS; then gets more advanced as you go along. This course will get you from zero to full stack developer!

Site: https://www.codecademy.com
Price: Free!
Different options to choose from, I'm doing the HTML and JavaScript courses. Has great examples.

Site: https://www.udemy.com
Instructor: Todd Mcleod
Course: Build a website with HTML and CSS
Course Site: https://www.udemy.com/html-tutorial/learn/v4/overview
Course Price: $15 (promos running all the time)
Todd Mcleod is a great instructor, he knows how to teach. He also started his own training site and teaches many different topics. I also purchased his Go-Lang course, will be tackling that one later.

Site: https://github.com/
Signup on github to learn about source control. It's a good way to keep your projects organized and backed-up. Plus, you can make something useful and give back to the open source community! Win-Win!



Six Months of Labs and OSCP Exam

TL/DR - failed OSCP exam :(

After six months in the labs, I exploited 30 machines and found the network keys for all networks. That was my goal when I had started out, so I was happy with that.

The exam was much like the labs, time got me though. If given a couple days vs 24 hours, I would have passed.

I managed to root one machine and had low level privileges on two other machines which probably gave me about 40 points. I will attempt the exam again, after I work on a couple other things.

One piece of advice I can give is to be prepared for anything, read up and practise on all types of systems and practise editing/fixing existing exploits.


90 days in - Update

90 days in lab experience: 13 machines owned, a couple on their way...

I've renewed my lab time another 90 days. I plan to go through the material and videos a second time and write up the exercises.

Huge learning experience for me, scripting and being able to read different code is important. Also, think simple. Sometimes its the little things that make a system vulnerable...


Penetration Testing Resources

Free Penetration Testing Resources
If you are taking the PWK/OSCP, then you are expected to aid your studies with additional resources. Check out the following...

NIST - Technical Guide to Information Security Testing and Assessment

ISECOM - Open Source Security Testing Methodology Manual (OSSTMM)

PCI Security Standards Council - Penetration Testing Guidance

Penetration Testing Execution Standard

Penetration Testing Framework

SANS Penetration Testing Resources

Cybrary.it has many free videos and resources on many information technology topics from networking to linux and virtualization and lots more!

Cybrary.it - Penetration Testing and Ethical Hacking

Cybrary.it - Advanced Penetration Testing
Slides from Cybrary.it - Advanced Penetration Testing

SecurityTube.net - Like YouTube, but Information Security!

IronGeek.com - Adrian Crenshaw has been recording Information Security conferences forever and uploading the videos to his website and YouTube Channel. Thanks!

Open Security Training

Offensive Security Metasploit Unleashed

Open Web Application Security Project (OWASP) Testing Guide

Penetration Testing Resources that cost CashMoney
If you have the funds available, I recommend purchasing the following:

Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman. I purchased this book, because I had the pleasure of seeing Georgia Weidman present the SmartPhone Pentest Framework (SPF) at AtlSecCon 2013. She also teaches the Advanced Penetration Testing Course at Cybrary.it. She knows #infosec...

*** I'll keep adding things as I find them. Last Updated: October 13, 2015 ***