Getting started in infosec· · ·
In this new article, we will deal with the famous question
“I’m interested in computer security, but where to start?”
Where to start, the question is vast but here is a small summary of the prerequisites necessary to start in Infosec :
To start in the world of cybersecurity, it is recommended to learn a scripting language such as Python (here is a very good course coming from the site of zeste de savoir (fr) ), the basics of web languages are also almost essential ( here (fr) or there (fr) you can find a course on html, css, js and php ) it is also important to learn the basics of how the most common network protocols work ( here (fr) is a course that can help you understand these protocols). Finally, I would recommend to switch to a Linux distribution like Ubuntu or Arch for the more adventurous and to familiarize yourself with this OS and the Linux terminal.
Once all these prerequisites are validated, you can train on Root-Me.
After having discovered the basics of this field, you will be able to specialize in certain specific areas.
The RE (Reverse Engineering) :
Reverse Engineering is the fact of studying the functioning of a program to understand its operation without having the source code of it. To start in this field, it is essential to know the C language ressource (fr) and assembler (preferably x86_64) ressource (fr) . You will then be able to train on crackme, if you want help or just discuss these topics, I invite you to join one of the discord servers listed below.
The CTFs consist in a machine made to be hacked , the goal is to become administrator (or root ) of the machine by using several computer flaws. To practice this, I invite you to go on HackTheBox and on Vulnhub . As in the field of reverse engineering, if you need help for CTF do not hesitate to join a discord server, sometimes platforms propose their own for haxors.
Bonus : Resources
Here is a non-exhaustive list of resources that might help you:
- https://github.com/wapiflapi/exrs (RE exercises)
- https://root-me.org/ (Challenges: all categories)
- https://www.newbiecontest.org/ (Challenges: all categories)
- https://www.hackthebox.eu/ (Rooms penetration test oriented)
- https://www.vulnhub.com/ (Vulnerable VMs, like hackthebox but locally)
- https://www.dailysecurity.fr/ (Geluchat’s blog)
- https://beta.hackndo.com/ (pixis’s blog)
- https://www.hacktion.be/ (Que20’s blog)
- https://inf0sec.fr/ (Unknow101’s blog about windows penetration testing)
- https://sideway.re/ (Blog of @SideWay’CSS )
- https://inshallhack.org/ (Blog of the french CTF team Inshall’hack )
- https://www.google.fr/ (RTFM, the base before any question)
- http://exploit.education/ (A site that will teach you the basics in pwn)
- https://cryptopals.com/ (A site that will teach you the basics in crypto)
- Rainbow (Discord server talking about infosec but also programming)
- inf0sec (Discord server from @inf0sec1 talking about cybersecurity)
- ret2school (Discord server from @nasm_re and the ret2school team )
Thanks to SoEasY for helping me with the RE definition.
Thanks to MorpheusH3x for the list of resources.
Translated by MorpheusH3x .