Suggested Resources for Learning IT Security
To Get Started:
1.) Build a home lab. Any PC or laptop with an i5 and 8GB of memory will be excellent, but you can get away with even 4GB for two Linux VMs.
2.) Try some exploits. Install VMware Player or Fusion then add a Kali VM for an attack platform and Metasploitable 3 as a victim. (Get help online.)
3.) If you have time, try some of the blogs or news feeds from the list below. Pick the one you like best, and keep up.
4.) If you like learning from books, choose one from the list below.
The Hacker Playbook 3
Linux for Hackers
Rtfm: Red Team Field Manual <– Older, but still useful.
Kali Linux <– Finally, a newer Kali book. 4.5 stars.
The Web Application Hacker’s Handbook <– Older than the dinosaurs, but it’s so well done that no one has even tried to do a better one – beginner and intermediate.
The Hacker News (website) <– Kinda a cheap/ripoff site, but does a good job of *pointing you* to latest news stories. Then go read the original stories.
risky.biz (podcast) <– Easy-listening weekly podcast. Way more professional and credible than any other.
Hack the Box <– Freemium
– Hack-the-Box Walk-Throughs <– Saved write-ups for HTB.
– Hack-the-Box Meetups <– Live monthly workshops to solve HTB with others.
TryHackMe <– Hack the Box alternative.
Virtual Hacking Labs <– Paid
Offensive Security (OSCP) <– Top of the line, but expensive!
Build a home lab:
– VMware Player is free. Run 3 full, or 10 small VM’s on a PC or nice laptop.
– VMware Workstation costs a few hundred $ and adds more networking support. Free for students.
– VMware ESXi is free, highly professional, and will help you in corporate IT Centers where real companies with massive installations use VMware all the time. You must be able to work in a VMware environment if you want to be a pentester. However, you need to dedicate a computer to build an ESXi server. HapiRat runs 32 VM’s and 20 virtual networks on ESXi using an i7 box with 16GB mem. http://hackingaway.org/small-esxi/ Any PC or laptop with an i5 (or i3 with multi-thread support) and 8GB of memory will be excellent, but you can get away with even 4GB for two Linux VMs.
Tools for your home lab:
https://www.kali.org/ <–Includes nmap, Metasploit, ncrack, john-the-ripper and many other important tools!
Add or import some vulnerabilities to your home lab:
And some favourites from Nancy:
https://www.blackhillsinfosec.com/blog/webcasts/ (free webcast & training)
https://portswigger.net/web-security (free training)