Skip to content

Latest commit

 

History

History
266 lines (236 loc) · 21.4 KB

README.md

File metadata and controls

266 lines (236 loc) · 21.4 KB

Security Ramp Up

Curated list of content to learn and practice some of the skills and knowledge required for Information Security

Table of Contents

InfoSec News, Blogs, etc

Recommended Twitter Accounts to Follow

Recommended Podcasts

Recommended Books

Recommended Certifications

Basic Networking

Knowledge of networking is a critical foundation for all InfoSec analysts and is used in several follow-on disciplines.

Cryptography

Knowledge of algorithms, ciphers, and security systems is useful to understand how it may be used to protect sensitive data or to conceal malicious activities.

Web and Network Attacks

Knowing the tactics, techniques, and procedures used by malicious actors to probe and exploit security holes, or vulnerabilities is essential for an analyst.

Vulnerabilities

Understanding security vulnerabilities and where to get more information on them is a necessary skill. Many well known breaches were due to exploitation of an unpatched vulnerability.

Network Traffic Analysis

Network traffic analysis is the process of recording, reviewing, and analyzing network traffic for the purpose of performance, security and/or general network operations and management. This is a primary skill for intrusion analysis and incident response.

Linux

Understanding the operating systems and internal tools better helps an analyst more effectively protect, diagnose, and triage systems.

Mac

MacAdmins Slack :

Mac Related Websites

Windows

An understanding of how to leverage the Windows OS's internal tools helps an analyst more effectively protect, diagnose, and triage systems.

Active Directory

For Windows systems, knowing how active directory works is necessary for effective analysis and response.

Security Infrastructure

Defense in depth is the implementation of layered devices (IDS, firewalls, AV, policy, DRP) and procedures working in unison to mitigate risk of malicious activity from both external and internal sources. Knowledge of the strengths and weaknesses of devices at each layer is key for understanding the overall security posture.

Regex and Programming

Many security and IT tools do not fully cover our needs as analysts and responders. Some of the key skills are being able to match, locate, and manage text through large amounts of data with REGEX or creating scripts/automations.

Malware

Malware analysis is the study or process of determining the functionality, origin and potential impact of a given malware sample such as a virus, worm, trojan horse, rootkit, or backdoor. Understanding how malware works is a key analytical skill.

Set up your home lab

Setting up and utilizing a home lab allows a learner to put into practice the lessons learned. Do not be afraid to setup, break, and teardown home labs. These experiences, both good and bad, are essential to the development of a well-rounded security professional.

Virtualization

Virtualization software allows you to run operating system images of your choice and to experiment without affecting your host operating system.

Base Images

Virtual Pen testing and Analysis Images

Vulnerable applications and OS Images

Security Tools

Hands on

Use the following scenarios and challenges to apply your knowledge. Some content will require analysis in a controlled environment.

Additional Resources

List of free and paid resource ideas to continue learning.

Expand