Go Back   SOCNET: The Special Operations Community Network > Areas of Expertise > Technology and Communications

Reply
 
Thread Tools Display Modes
  #101  
Old 6 January 2018, 21:05
MountainBum's Avatar
MountainBum MountainBum is offline
Vivat Fraternitatis
 
Join Date: Apr 2004
Location: Australia
Posts: 790
Quote:
Originally Posted by Broadhead View Post
Has anyone here tried out any of the new online training sites? I've recently starting using Udemy's "ethical hacker" course. I got it for $10 and I can't really complain. Just wanted to know if more experienced folks have tried it and what they think
A few years back when I was studying for my Security+, I used a series of videos from a guy called Professor Messer. As a visual learner it helped me out a great deal. CBT Nuggets also has awesome tutorials on Kali Linux / etc.
Reply With Quote
  #102  
Old 7 January 2018, 16:28
Atrax's Avatar
Atrax Atrax is offline
Confirmed User
 
Join Date: Sep 2005
Location: CONUS
Posts: 351
Quote:
Originally Posted by CV View Post

CompTIA Security+: This is considered an entry-level certification, but it provides a really solid foundation that will build into other areas. If you are green to the field, start here. If you have no prior IT knowledge, look at their A+ and Network+ certifications (not required to pass Security+ though).
I would second this for others (like myself) who are very, very new to this stuff. I have no illusions about practical applications of this certification, but studying for/passing the test was a great learning experience for me.
Reply With Quote
  #103  
Old 8 January 2018, 15:21
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,415
Excellent. Congrats on starting down the path.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #104  
Old 8 January 2018, 16:53
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,415
Thumbs up

Quote:
Originally Posted by Atrax View Post
I would second this for others (like myself) who are very, very new to this stuff. I have no illusions about practical applications of this certification, but studying for/passing the test was a great learning experience for me.
To add, while you may not have gained practical experience, I know you can explain to me the difference between symmetric and asymmetric key cryptography, and network protocols that may be insecure. This is a solid start that will help on your journey. Even if you end up in a non-cyber related IT role, you now have a credential that shows you have an understanding of security.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #105  
Old 10 January 2018, 23:33
SVDuckman SVDuckman is offline
Confirmed User
 
Join Date: Jul 2007
Location: US
Posts: 115
I haven't posted in a long time. If I need to reintroduce myself then I can, just let me know.

I'm currently working as an Air Reserve Technician at my ANG base. I'm an IT asset manager and I'm trying to get into a more technical position. I plan on taking some of the advice in this thread and applying it to get a more technical position.

I also teach at a for-profit school part-time to keep my skills relevant. I talked the school into sponsoring a team for an upcoming CTF in our area. We teach to the Sec+ objectives in our Intro to Network Security Fundamentals course (my current class) and I'm wondering what advice you could give me to as to what to do to prepare these students for the event.

So far we have covered some of the stuff on overthewire.org. Any advice you could give me would be greatly appreciated. Thanks!
Reply With Quote
  #106  
Old 11 January 2018, 06:54
Paul85 Paul85 is offline
Confirmed User
 
Join Date: Aug 2013
Location: Gdynia, Poland
Posts: 872
Nice to read about how our IT security peers from across the pond are fighting with the usual dilemma of certificates, experience, landing a good gig etc. I'm a DLP/MDM/CF guy, BTW.
Reply With Quote
  #107  
Old 11 January 2018, 08:40
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,415
Quote:
Originally Posted by SVDuckman View Post
...I'm wondering what advice you could give me to as to what to do to prepare these students for the event.
Security+ won't help for a CTF. Pick up some resources for CEH if they are green to offensive-based exercises. They'll want to learn topics such as port scanning and vulnerability identification.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #108  
Old 11 January 2018, 21:05
SVDuckman SVDuckman is offline
Confirmed User
 
Join Date: Jul 2007
Location: US
Posts: 115
I absolutely agree that Sec+ won't help for a CTF. These students are just beginners and the CTF promises challenges for all levels so we decided to compete. I'm working on some stuff with them now so we'll see how it goes.

Thanks for the info CV!
Reply With Quote
  #109  
Old 11 January 2018, 21:51
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,415
Quote:
Originally Posted by SVDuckman View Post
I absolutely agree that Sec+ won't help for a CTF. These students are just beginners and the CTF promises challenges for all levels so we decided to compete. I'm working on some stuff with them now so we'll see how it goes.

Thanks for the info CV!
You're a great teacher. I learned more from CTFs than I ever did from a course!
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #110  
Old 29 January 2018, 19:40
SVDuckman SVDuckman is offline
Confirmed User
 
Join Date: Jul 2007
Location: US
Posts: 115
I just figured that I would update how the CTF went this past weekend. We didn't win and we didn't expect to. However, there was stuff that we did during the event that reinforced what I have taught in class (command injection, directory traversal, SQL injection). Then there was stuff that we had no idea what to do so we relied on google quite a bit.

There was quite a bit of collaboration between teams. For example, one of the teams that ended up in the top 10 asked for our help on solving a challenge to find a flag inside an mp3 file. One of my students solved it by remembering an article he read about running a game soundtrack through a spectrometer to unlock easter eggs. He did the same thing to the provided mp3 file and we found the flag that way. My student explained it to the other team and then the other team taught them how to do Linux command injection to solve a challenge.

It was great and it made them hungry to learn even more and that is probably the best thing they got out of the entire weekend!
Reply With Quote
  #111  
Old 29 January 2018, 20:16
CV's Avatar
CV CV is offline
Ungood
 
Join Date: Apr 2003
Location: US
Posts: 7,415
CTFs are just technical puzzles. They're great at learning the ropes, but also satisfying when you get something to pop. Folks with a background in investigation also find them satisfying. I know a person that has 15 years in Law Enforcement and really does nothing related to technology in the course of his day. He's a cybersecurity hobbyist and attends CTFs for fun.
__________________
It's a hipster filter. Keeps your kind out. -Jimbo
Reply With Quote
  #112  
Old 3 February 2018, 15:28
Atrax's Avatar
Atrax Atrax is offline
Confirmed User
 
Join Date: Sep 2005
Location: CONUS
Posts: 351
I'm enjoying OverTheWire so far, but definitely struggling even at Level 5. But it's been a good, kinetic learning experience.
Reply With Quote
  #113  
Old 3 February 2018, 23:50
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,209
Quote:
Originally Posted by Atrax View Post
I'm enjoying OverTheWire so far, but definitely struggling even at Level 5. But it's been a good, kinetic learning experience.
That's one of the first things I direct people to once they have the basic book knowledge and want to start putting hands on a keyboard.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
  #114  
Old 4 February 2018, 16:02
Atrax's Avatar
Atrax Atrax is offline
Confirmed User
 
Join Date: Sep 2005
Location: CONUS
Posts: 351
Quote:
Originally Posted by BOFH View Post
That's one of the first things I direct people to once they have the basic book knowledge and want to start putting hands on a keyboard.
As per usual, I seem to have gotten that order backwards haha.
Reply With Quote
  #115  
Old 5 February 2018, 23:35
BOFH's Avatar
BOFH BOFH is offline
I aim to misbehave
 
Join Date: Jul 2004
Location: \\Gibson\garbage
Posts: 4,209
Quote:
Originally Posted by Atrax View Post
As per usual, I seem to have gotten that order backwards haha.
Lol...don't take my words for gold, man...it's taken me a decade to get to where I am...so while I think my advice is good, other people's advice could well be far better.
__________________
"...for those who man the battle line, the bugle whispers low, and freedom has a taste and price the protected never know..."


While true:
Continue
Reply With Quote
  #116  
Old 13 February 2018, 19:13
Atrax's Avatar
Atrax Atrax is offline
Confirmed User
 
Join Date: Sep 2005
Location: CONUS
Posts: 351
On that note, any suggestions on a good "book knowledge" source to pair with OTW?
Reply With Quote
Reply

Thread Tools
Display Modes

Our new posting rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



All times are GMT -4. The time now is 05:08.
Powered by vBulletin® Version 3.8.3
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Socnet.com All Rights Reserved
SOCNET