Cyber sercurity

[MemeMaster]

Hi,

 

I'm interested by the prospect of Cyber Sercurity and want to learn something about it.0

 

Is there any guides/books about it out there?

 

 

 

Thanks in advance,

 

- Harry

 

 

 

P.S - I'm only 14

P.S 2 - Sorry if this is in the wrong thread

[S1lent_5am]

Are you looking forward more general overview of the subject or a specific area of cyber security?

[XDroidie626]

Entirely depends on what you want to do, Cyber security is not an easy subject, although one I personally enjoy a lot.

Books also will not teach you everything, Security requires a specific mind set, and out of the box approach, you need to be 2 steps in front of the hacker even though really your always 2 steps behind, but don't let this discourage you, I started thinking in a sort of logcial but yet out of the box in my daily life, its amazing how quickly I picked it up.

You also need to decide what branch you want to do, Forensics, Network Security, Ethical Hacking, Secure Programming, Incident handling and response to name a few.

Forensics - Working for private companies or law enforcement to discover items that can lead to a conviction (The general idea)

Network Security - Specialized security teams that work for companies hardening their systems, a good grasp on Linux as well as network hardware like CISCO, Juniper, Checkpoint etc is recommended.

Ethical Hacker - Defense by offense, these guys are called in to hack systems, reveal exploits and them advise the admins and help patch them.

Incident Handler - These people handle incidents after a crime may have taken place, such as fraud or network breach, they find the source of the exploit and attempt to patch.

Secure Programmer - Extremely advanced programmers, these write code for applications to help secure them against attacks, an area I find interesting but I doubt I could actually do.

 

These are a few positions around there are more around.

Security requires some rather advanced training and a lot of experience, you cant become a Network Security specialist by having a Security+ cert, you need to have the experience required to administer systems and maintain them, if you wish to follow this path, I suggest starting in help desk OR get a junior I.T position later in life, your only 14 and its good your taking interest so use the 2 years you have until you leave school to study networking, Start with N+ and then CISCO, become a pro at 16 get certified and a junior position and you should be perfectly fine

 

Also for books, depending on what area, books for Networking, Linux and of course the grand daddy, The Art of Exploitation, and maybe Violent Python.

http://www.amazon.co.uk/CompTIA-Network-Study-Guide-Authorized/dp/1119021243/ref=sr_1_2?s=books&ie=UTF8&qid=1439297958&sr=1-2&keywords=Network%2B

^ Network+ book I own

 

http://www.amazon.co.uk/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?s=books&ie=UTF8&qid=1439297992&sr=1-1&keywords=The+Art+of+Exploitation

^ The Art of Exploitation

 

http://www.amazon.co.uk/Linux-Bible-Christopher-Negus/dp/1118999878/ref=sr_1_1?s=books&ie=UTF8&qid=1439298015&sr=1-1&keywords=Linux+bible

Get a Linux distro of your choosing fired up in a VM and use this with it ^ The Linux Bible

 

http://www.amazon.co.uk/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?s=books&ie=UTF8&qid=1439298067&sr=1-1&keywords=violent+python

^ Violent Python 

[Stuff_]

-snip-

Do you work in info sec? 

 

I'm working at a university in their information security, and it's pretty similar to what you described. 

 

zdnet had a nice post on a few books that would be relevant to your interests:

http://www.zdnet.com/pictures/cybersecurity-reads-belonging-on-any-bookshelf/

[madknight3]

There's a 20 part course being developed currently on Pluralsight by Troy Hunt and Dale Meredith to cover the material for the Certified Ethical Hacker (CEH) certification exam. Even if you don't want to take the certification, the information may still be of interest to you. Five parts are currently out.

[MemeMaster]

Entirely depends on what you want to do, Cyber security is not an easy subject, although one I personally enjoy a lot.

Books also will not teach you everything, Security requires a specific mind set, and out of the box approach, you need to be 2 steps in front of the hacker even though really your always 2 steps behind, but don't let this discourage you, I started thinking in a sort of logcial but yet out of the box in my daily life, its amazing how quickly I picked it up.

You also need to decide what branch you want to do, Forensics, Network Security, Ethical Hacking, Secure Programming, Incident handling and response to name a few.

Forensics - Working for private companies or law enforcement to discover items that can lead to a conviction (The general idea)

Network Security - Specialized security teams that work for companies hardening their systems, a good grasp on Linux as well as network hardware like CISCO, Juniper, Checkpoint etc is recommended.

Ethical Hacker - Defense by offense, these guys are called in to hack systems, reveal exploits and them advise the admins and help patch them.

Incident Handler - These people handle incidents after a crime may have taken place, such as fraud or network breach, they find the source of the exploit and attempt to patch.

Secure Programmer - Extremely advanced programmers, these write code for applications to help secure them against attacks, an area I find interesting but I doubt I could actually do.

 

These are a few positions around there are more around.

Security requires some rather advanced training and a lot of experience, you cant become a Network Security specialist by having a Security+ cert, you need to have the experience required to administer systems and maintain them, if you wish to follow this path, I suggest starting in help desk OR get a junior I.T position later in life, your only 14 and its good your taking interest so use the 2 years you have until you leave school to study networking, Start with N+ and then CISCO, become a pro at 16 get certified and a junior position and you should be perfectly fine

 

Also for books, depending on what area, books for Networking, Linux and of course the grand daddy, The Art of Exploitation, and maybe Violent Python.

http://www.amazon.co.uk/CompTIA-Network-Study-Guide-Authorized/dp/1119021243/ref=sr_1_2?s=books&ie=UTF8&qid=1439297958&sr=1-2&keywords=Network%2B

^ Network+ book I own

 

http://www.amazon.co.uk/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=sr_1_1?s=books&ie=UTF8&qid=1439297992&sr=1-1&keywords=The+Art+of+Exploitation

^ The Art of Exploitation

 

http://www.amazon.co.uk/Linux-Bible-Christopher-Negus/dp/1118999878/ref=sr_1_1?s=books&ie=UTF8&qid=1439298015&sr=1-1&keywords=Linux+bible

Get a Linux distro of your choosing fired up in a VM and use this with it ^ The Linux Bible

 

http://www.amazon.co.uk/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?s=books&ie=UTF8&qid=1439298067&sr=1-1&keywords=violent+python

^ Violent Python 

Wow, thanks. Very well explained

 

I like the sound of Forensics and Ethical hacking. 

 

I'll look into it

 

Do you work in info sec? 

 

I'm working at a university in their information security, and it's pretty similar to what you described. 

 

zdnet had a nice post on a few books that would be relevant to your interests:

http://www.zdnet.com/pictures/cybersecurity-reads-belonging-on-any-bookshelf/

Thanks, ill check the books out now.

 

There's a 20 part course being developed currently on Pluralsight by Troy Hunt and Dale Meredith to cover the material for the Certified Ethical Hacker (CEH) certification exam. Even if you don't want to take the certification, the information may still be of interest to you. Five parts are currently out.

Thanks, i'll check it out in a bit

[MemeMaster]

Are you looking forward more general overview of the subject or a specific area of cyber security?

Forensics and ethical hacking

[espurritado]

in my opinion, this is a really interesting area.

i follow a forum (in spanish -sorry about that-)

http://www.elladodelmal.com/

 

and also, for the linux distro i recomend kali since it already carries most of the tools you might require while learning

you can find it here

https://www.kali.org/

 

for some open software  you can check this page

http://www.criptored.upm.es/paginas/software.htm

again, in spanish(sorry about that), you can find a lot of software for educational purposes

 

happy codding

[XDroidie626]

Do you work in info sec? 

 

I'm working at a university in their information security, and it's pretty similar to what you described. 

 

zdnet had a nice post on a few books that would be relevant to your interests:

http://www.zdnet.com/pictures/cybersecurity-reads-belonging-on-any-bookshelf/

 

No unfortunately I don't, I am doing a CS degree then going for masters to let me learn forensics and hacking, at a masters level.

I have been studying security for the last 2 years or so, although I have been so focused on theory I still haven't got around to actually building a lab for it.

I do plan to take ethical hacker OR incident handler, cant quite decide on what I want, although I expect the skills to be same overall.

[XDroidie626]

Forensics and ethical hacking

I must warn you also, learn the law before the actual theory stuff, this subject can land you into some serious trouble, also when you do finally learn to hack or forensically examine machines, keep it quiet, it isn't something you want people to hear about, where I work they found out I understood how hacking works, and tried reporting me to my manager for it as they had just had some trouble on the network, because I knew the back end so well I got away free, although I hadn't hacked anything anyway, not stupid enough to do it outside of my own network or contract.

 

Also forensics and hackers sometimes use entirely different skills, Forensics find information from deleted files, this may involve using UPS systems to keep live systems live so you can move the system to a lab.

From what I have learned, generally forensics teams clone the disk (If its a bare metal OS and not USB) and then examine it on their workstations which have tools that wont affect things like write date and HDD hash, all things that affect the outcome of a court case, so learn about hardware first I picked up some dam handy tricks that have helped me with drive recovery and repair before.

 

For hackers you learn more about operating systems over hardware, operating systems generally have the exploits so an extreme understanding is needed, if you plan this for this route get on Linux and learn how a OS really works, OSX/Windows hides to much for a hacker to learn effectively.

 

TL:DR Learn law first for both subjects.

Then decide what you want to do, stop criminals or help people secure their systems by hacking and breaking them,

if forensics learn hardware first, then OS and skills, forensics will teach you a bit about hardware but not much.

if hacking is your poison, then learn about Linux and other OSes first then hacking its self, also networking is required at a advanced level, beyond N+ and dare I say CISCO CCNA

[MemeMaster]

I must warn you also, learn the law before the actual theory stuff, this subject can land you into some serious trouble, also when you do finally learn to hack or forensically examine machines, keep it quiet, it isn't something you want people to hear about, where I work they found out I understood how hacking works, and tried reporting me to my manager for it as they had just had some trouble on the network, because I knew the back end so well I got away free, although I hadn't hacked anything anyway, not stupid enough to do it outside of my own network or contract.

 

Also forensics and hackers sometimes use entirely different skills, Forensics find information from deleted files, this may involve using UPS systems to keep live systems live so you can move the system to a lab.

From what I have learned, generally forensics teams clone the disk (If its a bare metal OS and not USB) and then examine it on their workstations which have tools that wont affect things like write date and HDD hash, all things that affect the outcome of a court case, so learn about hardware first I picked up some dam handy tricks that have helped me with drive recovery and repair before.

 

For hackers you learn more about operating systems over hardware, operating systems generally have the exploits so an extreme understanding is needed, if you plan this for this route get on Linux and learn how a OS really works, OSX/Windows hides to much for a hacker to learn effectively.

 

TL:DR Learn law first for both subjects.

Then decide what you want to do, stop criminals or help people secure their systems by hacking and breaking them,

if forensics learn hardware first, then OS and skills, forensics will teach you a bit about hardware but not much.

if hacking is your poison, then learn about Linux and other OSes first then hacking its self, also networking is required at a advanced level, beyond N+ and dare I say CISCO CCNA

Thanks

[Akolyte]

I'm a malware security researcher for AVG. 

 

I suck at math, alright at science and stuff.  Don't care about academic skills, in my opinion Cyber Security talent is about understanding computers and software. Before you really get into any advanced stuff like penetration testing or writing payloads and executing attacks (ethically).  Learn some programming languages, understanding software is crucial to being able to discover holes within it. 

Also, understanding how networks work and everything is very good too.  

 

PS.  I'm 15.  I got into AVG at 13, so don't even worry about age. 

 

I'm personally getting into Cryptography allot more, and highly recommend it as a start.  I probably would have loved it even more if I new about cryptography from the start. 

I don't attack cyphers myself or I guess, cryptographic algorithm's.   However, I've only pen tested twice. 

 

One was on a network engineer for Wells Fargo Bank.  In which I had to decrypt (lol, I mean brute force) passed several encrypted connections. 

 

My advice is learn about encryption, computer science and programming before more advanced cyber security.  But, do what you love.  That will get you further than anything else.

[MemeMaster]

I'm a malware security researcher for AVG. 

 

I suck at math, alright at science and stuff.  Don't care about academic skills, in my opinion Cyber Security talent is about understanding computers and software. Before you really get into any advanced stuff like penetration testing or writing payloads and executing attacks (ethically).  Learn some programming languages, understanding software is crucial to being able to discover holes within it. 

Also, understanding how networks work and everything is very good too.  

 

PS.  I'm 15.  I got into AVG at 13, so don't even worry about age. 

 

I'm personally getting into Cryptography allot more, and highly recommend it as a start.  I probably would have loved it even more if I new about cryptography from the start. 

I don't attack cyphers myself or I guess, cryptographic algorithm's.   However, I've only pen tested twice. 

 

One was on a network engineer for Wells Fargo Bank.  In which I had to decrypt (lol, I mean brute force) passed several encrypted connections. 

 

My advice is learn about encryption, computer science and programming before more advanced cyber security.  But, do what you love.  That will get you further than anything else.

Thanks, i'll take that into account.

 

Do you get paid for doing that AVG stuff?

[Art Vandelay]

I suck at math, alright at science and stuff. 

 

PS.  I'm 15

you can't say you're bad at math, you're not even learning real math yet. 

[mightytech]

I've recently sparked an interest in this as well, I actually got to go on a tour of a place called Binary Defense Systems, they do stuff in the cyber security field and it's really interesting!

https://www.binarydefense.com

I'm not actually sure how much about what they have done i can tell you, but i will say it's some awesome stuff!

I'll probably use some of the things other people posted for my own learning

[Sicarius]

I had an interest in this a few years ago and still do. Learn to code web applications before you even start. You're going to need to know all the different languages, frameworks etc inside out if you want to break them.

 

Start with HTML + CSS, PHP with JavaScript and obviously SQL.