Career Path Security Basics

Most people starting a career in IT security have a huge interest in topics like hacking, programming, system administration, networking and so on. When you apply for a junior position, employers normally expect basic skills and huge motivation. In this article you can find some useful resources for learning the basic skills that are useful for all career paths in IT security. More specific articles for specialized career paths like penetration tester, DFIR expert, malware expert and so on, are about to follow.

If you have any ideas or suggestions for additional useful courses, please feel free to leave a reply in the comment section below or just add them to your personal training list.

I suggest to look for suitable courses or certifications, to set yourself a goal and make a plan how to reach your goal.

If you want to read how I started my career in IT security have a look here.

Programming

Depending on your career, you should have knowledge in various programming languages. As a penetration tester, these could be assembly, C, javascript, HTML, python and bash for the beginning. Programming skills are not only useful for penetration testers, but also for other career paths. For example in a blue team, programming skills are very useful for automatization.

In this section you can find some examples for learning basic programming, more specialized examples follow in the career path sections.

HTML

Html & JavaScript

Learn Basics by building your own Computer

Build a Modern Computer from First Principles: From Nand to Tetris
Content: Teaches the basics of computer sience by building a computer from ground up. There is also a great TED talk about the course.
Career: All
Level: Beginner
Price: Free or with certificate

Programming Python

Python might be the most important language to learn as a starter.

Programming for Everybody (Getting Started with Python)
Content: Python Basics
Career: All
Level: Beginner
Price: Free or with certificate

There is a ton of free resources on the web, this also looks useful:
https://www.python.org/about/gettingstarted/
https://www.learnpython.org/

More EDX courses: https://www.edx.org/learn/computer-programming

More coursera courses: https://www.coursera.org/browse/computer-science/software-development

Programming Bash, Learning Linux

For all career paths, you will need Linux skills.

https://www.bash.academy/
https://www.learnshell.org/
http://tldp.org/HOWTO/Bash-Prog-Intro-HOWTO.html

If you lack of basics in Hardware, OS and so on consider this one:
https://www.professormesser.com/free-a-plus-training/220-901/comptia-220-900-course/

Networking

Professor Messer’s CompTIA N10-007 Network+ Course
Content: Great and free video course for preparing the CompTIA Network+ exam, I recommend to add a book nevertheless.
Career: All 
Level: Beginner
Price: Videos are free

All in One CompTIA Network+
Author: Mike Meyers
Content: Coverage of the CompTIA Network+ certification exam objectives, goes into the topics in depth. I liked the questions after each chapter. Came with a CD with an exam simulator long ago, now the content is online. 
Career: All 
Level: Beginner
Buy at Amazon U.S.
Buy at Amazon Germany

You may consider to do the certification for the CV.

More Coursera courses: https://www.coursera.org/browse/computer-science/computer-security-and-networks

Learn about http:
https://developer.mozilla.org/en-US/docs/Web/HTTP
https://www.tutorialspoint.com/http/

Basis Security

The Cuckoo’s Egg Decompiled Course
Content: Highly recommended course by Chris Sanders, teaching the basics of attacking and defending networks through the lens of the famous “The cuckoos Egg” book by Clifford Stoll.
Career: All
Level: Beginner
Price: Free

Professor Messer’s CompTIA SY0-501 Security+ Course
Content: Same as the Network+ course for Security+, I also recommend to read a book additional for preparation.
Career: All 
Level: Beginner
Price: Videos are free

Mike Meyers’ CompTIA Security+ Certification Passport
Author: Dawn Dunkerley
Content: For preparing the CompTIA Security+ Certification this book is recommended. It covers every topic from the exam and also includes review questions as well as a practice exam.
Career: All
Level: Beginner
Buy at Amazon U.S.
Buy at Amazon Germany

You may consider to do the certification for the CV.

Introducion to Cybersecurity
Content: Short non technical introduction course for everyone who is curious about cybersecurity. Explains the basic concepts from a higher level.
Career: All
Level: Beginner
Price: Free or with certificate

More EDX courses: https://www.edx.org/learn/cybersecurity

More Coursera courses: https://www.coursera.org/browse/computer-science/computer-security-and-networks

Stay tuned, my next article will be about the career path for penetration testers.

Links

Thanks @SparkyS04 for proofreading.

Getting started with hackthebox

Career Path, Labs: Penetration Tester
Challenges: Penetration Tester, Forensics, Malware
Level: All

Until now I never realized that hackthebox also offers free accounts, so I decided to test it and write a short post. 

After a challenge here you can create your login. With the connection pack for openvpn it is possible to connect to the labs with a Kali machine (or any other Linux I guess), easy.

With the free account you can solve challenges and active machines.

Active machines
For owning systems and users there are flags that are stored in files on the machines, for example:

The labs remind me about the OSCP labs, and lots of people are using them for training before the OSCP certification (which might be a good idea, though I did not) or to get an impression about the labs and the exam.

For more information and getting an impression about owning boxes look here, lot’s of walkthoughs for retired boxes.

At the time of this writing 20 machines were online, with different OS versions (Linux, Windows, BSD) and different scenarios. I had a closer look at some boxes and solved one so far in a couple of hours. 

The lab looks really fun, and I would recommend it for everyone who wants to train and learn hacking.

Challenges
The challenges also look quite good, i had a look but honestly, I am much more into owning. Here are the categories for the challenges:

For solving for example the Stego challenges, you download a file with a hidden message and have to find it. I was surprised that there are also some Forensics challenges, I will defilnetly have a look into those too.

Conclusion
This is definetly a great playground for everyone who is into solving challenges and pwn boxes. I am not sure if hackthebox is good for total beginners, there are no big explanations or tutorials for the machines or what is to do. There are the official forums with hints and some websites offering more in depth explanations, although the rules say that this should not be done, and somehow as an OSCP taker (“Try harder”) this feels like cheating. With the VIP membership you also have the retired machines with walkthroughs.

For your career hands-on and solving challenges is a very important part, so I recommend: sign up.

Links:
https://www.secjuice.com/hack-the-box-starter-pack-edit/
https://veteransec.com/category/hack-the-box-write-ups/
https://resources.infosecinstitute.com/hack-the-box-htb-machines-walkthrough-series-jerry/#gref