• 520@kbin.social
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    With that kind of background you’ve got a good advantage. You probably know how people fuck up their implementations as rookies, the next step is learning to take advantage of it.

    Depending on the areas you want to get into (web, mobile, infrastructure, web3, etc) there are a lot of different training materials you can do. Most are free or very affordable.

    Basic infrastructure stuff is a must, but it’s really simple. Your main tool for this will be either Nmap or massscan, both are port-scanners. You need to learn some basic flags and understand why you might want to use some and not others depending on the scenario (you probably already know at least some of this already). This is usually the first technical step in any operation.

    Basic Linux and Windows command line is also a must. You don’t need to be able to do Linux From Scratch but you do need to be comfortable with Linux (and Windows) command line; if you manage to get a shell (illicit remote access) on a victim box, this is what you’ll be using to get around. An industry standard toolkit also comes in the form of a Linux distro, namely Kali Linux.

    For more advanced infrastructure stuff, check out the HackTricks gitbook, it’s really helpful.

    For web (not web3) based stuff, you can start with Damn Vulnerable Web App and OWASP Juice Shop. The former is far more tutorialy but the latter has all sorts of walkthroughs. Understanding why this works is important to understanding in future what kinds of stuff work, which is important when people actually put in (bypassable) protections.

    If you want to go through more of a web3 route, get familiar with the Remix IDE and check out Ethernauts.

    For mobiles, it’s important to have jailbroken or rooted devices, especially in the case of iOS. Check out Damn Insecure and Vulnerable App (Android) or Damn Vulnerable iOS App (iOS). The OWASP Mobile Testing Guide is also a really useful read.

    Once you get comfortable, you can also check out Capture The Flag challenges hosted by other people. CTFTime is a good aggregate for these and HackTheBox is a good training ground for them.

    I would generally recommend these tools before going onto certs; once you’re good at these, you’ll breeze through the certs with a light refresher on course details, however the certs are an expensive way to actually learn.

    As for which certs, CompTIA Pentest Plus is a good starter. Offensive Security Certified Practitioner (OSCP) is a good mid-level cert, and CTFs are a crazy good preparation (this exam is much more practical-based than your standard exam). Don’t listen to some LinkedIn lunatics that call this a starter exam, it absolutely is not, and they probably have never taken it. It is, however considered something of a gold standard in the industry; if it isn’t a minimum requirement, it is considered VERY helpful in most job applications.