I believe that the best way to get into a specific domain is by participating in various CTFs (beginner to intermediate level) to put yourself under pressure, maximize your learning, and start learning by doing.
π― What is a CTF?
Capture the flag or a CTF is simply a competition where you do some sort of tasks where you usually have to look for a flag that looks like : HTB={this-is-the-flag}, once you get that flag you simply have to submit it to the CTF platform, but what's important is what you learn during that journey while looking for the flag either on some sort of code or while diving into a machine or even attacking the other teams' server.. and that depends on the style of the CTF.
Jeopardy-Style CTF: Teams solve individual challenges from various categories to earn points. No interaction between teams. A Jeopardy CTF usually includes the following domains:
- Cryptography: Breaking or solving ciphers and encryption schemes.
- Forensics: Analyzing digital artifacts like files, memory dumps, or network traffic.
- Web Security: Exploiting vulnerabilities in web applications (e.g., SQL injection, XSS).
- Reverse Engineering: Analyzing compiled programs to understand their behavior or extract flags.
- Pwn: Exploiting vulnerabilities in binary executables or system processes.
- Steganography: Finding hidden messages in images, audio, or other media.
- Miscellaneous: Logic puzzles, math challenges, or any other non-technical tasks.
- Osint: challenges in CTFs involve gathering information from publicly available sources like websites and social media, testing skills in data extraction and analysis...
Attack-Defense CTF: Teams defend their own servers while attacking others to steal flags and earn points.
Mixed CTF: Combines Jeopardy-style challenges with attack-defense elements, requiring teams to solve challenges and protect/attack servers.
-> HTB (HackTheBox)
-> TryHackMe
-> learnCTF
-> OverTheWire
-> rootme
-> HackThisSite
-> Ringzer0team
-> Pwnable.kr
-> w3challs
-> learn2hack
-> netacad cybsec introduction course
-> linuxjourney
-> hacker101
-> picoctf
-> hacksplaining
-> ohmygit
-> Exercism
-> adventofcode
-> TheLinuxFoundation
-> Hackmyvm
-> OliCyber.it sponsored by the CyberSec National Lab && Cisco
-> hackthissite
-> also discord servers are very very veeeeery important!
-> ...
- C for Everyone: Programming Fundamentals
- Programming Languages, Part C
- Hands-on Introduction to Linux Commands and Shell Scripting
- TheLinuxFoundation learning path..
- ...
- https://blog.g0tmi1k.com/
- https://www.isss.io/resources.html
- https://github.com/utisss/
- ISSS official YT channel
- ISSS official website
- ISSS official github acc
- ...
-
kali Linux tools: This website includes all the tools that usually comes with the distro.
-
nmap: (Network Mapper)
Nmap is a free and open-source utility for network discovery and security auditing. It is used to discover hosts and services on a computer network by sending packets and analyzing the responses.
- ftp: (File Transfer Protocol)
FTP is a standard network protocol used to transfer files from one host to another over a TCP-based network, such as the Internet. FTP is built on a client-server model architecture and uses separate control and data connections between the client and the server.
- Wireshark: (Network Protocol Analyzer)
Wireshark is a widely-used network protocol analyzer that captures and analyzes network packets in real time. It helps in troubleshooting network issues, inspecting data traffic, and diagnosing security problems.
- Metasploit: (Penetration Testing Framework)
Metasploit is a powerful penetration testing framework that helps security professionals identify and exploit vulnerabilities in a system. It includes a variety of exploits, payloads, and auxiliary tools for testing security.
- curl: (Data Transfer Tool)
Curl is a command-line tool used for transferring data using various he websitm the terminal.
- ssh: (Secure Shell)
SSH is a cryptographic network protocol used to securely access remote systems over an insecure network. It enables secure communication, file transfers, and remote command execution.
- Burp Suite: (Web Vulnerabilhe websitilities in web apps, including an intercepting proxy, a web crawler, and a vulnerability scanner.