Any advice for a cyber security major? -

Vlinny Chan

no child is safe from drugs and molestation
kiwifarms.net
Still doing basics, sucks at math, and knows almost nothing about programming, but not completely computer illiterate.

Any advice for me going foward?
 
  • Feels
Reactions: IAmNotAlpharius

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
Study everything on OWASP. You'll need to know programming to order to understand the mistakes programmers make that enable common security problems. You should also learn about being a linux sysadmin so you can understand the mistakes sysadmins make that enable common security problems.
 

Wingus Dongshire

kiwifarms.net
Study everything on OWASP. You'll need to know programming to order to understand the mistakes programmers make that enable common security problems. You should also learn about being a linux sysadmin so you can understand the mistakes sysadmins make that enable common security problems.
Setting up a metasploitable VM and learning to harden it against its myriad vulnerabilities is a decent practice for the linux sysadmin side of infosec. You can also use it to home-bake CVE exploit scripts to get your feet wet with network programming/scripting
 

dreamworks face

Model bugman
kiwifarms.net
People will tell you you don't need to learn programming to succeed in cyber security - and I imagine it's true for some cyber security roles - but just having a solid practical application / web development background will take you extremely far in those roles just in having the context to understand what's going on. The biggest consumer of cyber security employees are software companies, and if you know what the hell is going on with software dev you are going to be far more marketable.
 

Adolf Honkler

kiwifarms.net
I also +1 learning programming as it will enable you to understand the background of exploits and vulnerabilities better. Cyber Security is a very, very big field with a lot of specialties in it AFAICT. I do not work in the industry but have been interested in it. I would say learn the sysadmin stuff hand in hand with the programming, sysadmin work is often a little easier to wrap your head around.

If you're ever interested in trying Penetration Testing: https://www.hackthebox.eu/invite has VMs with exploits for you to find, you just have to reverse engineer their invite system to get into the site. Good luck!
 
  • Informative
Reactions: Vlinny Chan

a_lurker

kiwifarms.net
People will tell you you don't need to learn programming to succeed in cyber security - and I imagine it's true for some cyber security roles - but just having a solid practical application / web development background will take you extremely far in those roles just in having the context to understand what's going on. The biggest consumer of cyber security employees are software companies, and if you know what the hell is going on with software dev you are going to be far more marketable.
the 1-2 year security degrees that don't involve programming/advanced compsci courses can generally be summed up as "use a firewall/antivirus/vpn, don't use default configs/directories/passwords, encryption good, the majority of the time " deleting" a file doesn't delete shit except an MFT entry , and of course "does this REALLY need to be connected to the internet?""
 
  • Informative
Reactions: Vlinny Chan

Superman93

My Balls!
kiwifarms.net
If I were to make a list of things that are extremely useful skills to have in cyber security today is:
1. Know what the most commonly used/exploitable ports are. (I.E Port 20,22,80,443)
2. Cyber Security people do not need a lot of coding knowledge at least no where near as other CompSci professions. You really need to know how to read the common languages (C , Java, Python). However you might want to get accustom to making your own little scripts (Preferably in C or Python because they are quicker and less complicated to make) especially if you are thinking about entering Offensive Security.
3. Know linux. That is your bread and butter. Know how to use linux as well as you know how to use a Windows Machine. For Cyber Security specifically get accustom to using Kali especially if you plan to be doing any offensive security work.
4. Get accustom to using SIEM's. (Highly recommend getting adjusted to using Splunk since its a common one I see a lot in the industry and in Cyber Security Competitions.)
5. This website is your new best friend. Keep up with the latest exploits.
6. 4-Year College degree is a mandatory. Finding a job without one will be extremely difficult if not impossible.
7. CyberSec has good job security. (Depending where you live of course.) Most companies are always looking for CyberSec experts especially the glow in the dark government agencies.
8. In interviews they will ask you general questions such as "What type of Security would you implement to make sure only employees can use the dedicated work devices?" or something of that nature. Be prepare for hypotheical scenarios.


If you wanna go the extra mile I recommend getting CompTIA Network+ Certificate (preferably CISCO Network+ since CISCO is the gold standard now a days). It's moderate level of difficulty (at least for me). If you're extra serious follow through with getting CompTIA Security+ certificate if you can. This one is a little harder to get because there is a lot of terms you need to know and specific security scenarios they will ask you about. But having those two certs alone make you extremely valuable.

Windows is not important.
I've had to work on windows machines a couple of times mainly for firewall configurations but getting familiar with windows is good but not as important as linux though.
 

catpin

bjark
kiwifarms.net
If you work with windows: get symantec,
Its a good anti-virus.
If you work with linux: Kill urself lmao
 

CrunkLord420

not a financial adviser
Supervisor
True & Honest Fan
kiwifarms.net
If you don't have the ability to deal with the number 1 desktop OS, one which is used by users (aka security vulnerabilities) at work, there's a gap in your knowledge.
If you're not already competent enough with Windows to basically understand all the user-facing stuff, then you shouldn't even be looking into InfoSec. You should be starting out in a tier 1 helpdesk position.
 

SisterMichael

kiwifarms.net
I'd imagine like many Cybersecurity college students you will want to be a penetration tester when you graduate? If so, you've got a long road ahead but it is much easier these days.

Online resources:
Immersive Labs - With an academic (.edu/.ac.uk) you will get a free account. This site includes exercises on pretty much everything.
Hacker101 / Bugcrowd University - Bug Bounties are everywhere nowadays and are a good way to show an employer how good you are. Thankfully Hacker1, Bugcrowd and other services have free online resources. Abuse them, they are much better than what you will get in university.
Portswigger Web Academy - Tied to Bug Bounties, Web App testing is in demand. Portswigger, who made Burpsuite, the industry web app testing tool, have a free online resources too.

RE: Windows vs Linux:

Linux and Windows admins are v. important. I don't think any network in the world doesn't at least have a windows box somewhere. Linux and Windows CLI proficiency is necessary in Cybersecurity. However, increasingly Windows Active Directory is in demand. Using Bloodhound to own a windows network is in nearly every SME pentest I see.

I would recommend having a public Twitter (and LinkedIn) to allow you to network with the industry. Saving content for reading later and reaching out to people. Get along to conferences. local Bsides, BlackHat and DEFCON. A lot of conferences have student scholarships, allowing you to go for a free. Once there talk to people. You will be amazed how far knowing the right people will get you.

Finally, look at your university/college, do you have a cybersecurity society, DEFCON group, Linux user group, 2600 group, etc? Go to them, if not look to start one.
 

He Who Points And Laughs

Flavortown Refugee
kiwifarms.net
First, get a VIP membership to HackTheBox.eu. It's $12 USD each month, but it allows you to use the retired machines. Watch IppSec's YouTube videos on the boxes and hack through with him. Start with the absolute most simple (I think Lame might be the first box... 10.10.10.3), and learn. Go sequentially through the retired boxes. Lame then Legacy then Devel then Popcorn, etc. Repeat the steps on each box and read the material until you really understand what's going on. You will want to use a VM for the hacking, with Kali's being the most purely focused on that. There are a couple of reasons to use a VM, firstly many hacking tools require root privileges so using a VM as root is fine. Secondly, you will be in a vpn to HTB, and HTB is full of hackers. So, be smart, use a VM.

There are Kali images for VMplayer located Here, and VMplayer itself is free, just grab it from here.

For hackthebox, you'll need to hack an invite through the web portal. It's not difficult.

And to further clarify, any active boxes on HTB do not allow for write-ups or videos... so all of the HTB videos on IppSec's channel are for retired boxes.

Additional Links :

Hack The Box

IppSec's channel

{EDIT}

As for necessary skills, you'll definitely need to be comfortable with Linux and Bash. Python is probably the most useful "language" in infosec, but you'll need to be able to at least read some others. php & javascript are thingsyou will absolutely be dealing with, and get to understand how SQLi works for the various databases. Get comfortable with powershell... and stick to command line tools as much as possible. GUI tools aren't useful when you're on a target machine and only are in a shell.

Buffer Overflows are an interesting subject you'll be dealing with, so you will need to learn some Assembly, both 32 and 64 bit. For Windows you can use Immunity-Debugger (free), and on Linux gdb is fine.

As @Splendid said, you will need to understand Windows as well. Many times it won't necessarily be an exploit that will grant you root/System, but rather poorly configured services which you can use for privesc.
 
Last edited:

TerribleIdeas™

Master of Cunt-Puppets
kiwifarms.net
I'd like to congratulate OP on being a non-nigger with a clean penis.
Advice - get in contact with reputable dealer that has access to uncut uppers, and can do bulk deals at a discount.
 
Tags
None

About Us

The Kiwi Farms is about eccentric individuals and communities on the Internet. We call them lolcows because they can be milked for amusement or laughs. Our community is bizarrely diverse and spectators are encouraged to join the discussion.

We do not place intrusive ads, host malware, sell data, or run crypto miners with your browser. If you experience these things, you have a virus. If your malware system says otherwise, it is faulty.

Supporting the Forum

How to Help

The Kiwi Farms is constantly attacked by insane people and very expensive to run. It would not be here without community support.

BTC: 1DgS5RfHw7xA82Yxa5BtgZL65ngwSk6bmm
ETH: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
BAT: 0xc1071c60Ae27C8CC3c834E11289205f8F9C78CA5
LTC: LSZsFCLUreXAZ9oyc9JRUiRwbhkLCsFi4q
XMR: 438fUMciiahbYemDyww6afT1atgqK3tSTX25SEmYknpmenTR6wvXDMeco1ThX2E8gBQgm9eKd1KAtEQvKzNMFrmjJJpiino