in this post i will try to cover beginner questions like “where do i start”. because i see a lot of posts like this in r/oscp and other subs so i wanted to answer with my style. people are not directly answering this question or giving wrong advices. i won’t give you a direct way, but not gonna tell bull like “learn cyber security in 10 hours!!!”. i also try to keep this post f-bomb safe.
your first objective is setting your own lab. unix distro is up to you but kali is the meta. windows xp for learning winx86 buffer overflows, windows server 2008-2012-2016 for learning active directory environment and a windows 10 machine would be good for adding it to domain. if you have set your lab up, start learning. your search queries would be: what is tcp/ip, what is osi, most useful system commands in linux, what is active directory, what is domain controller etc. just go to google and read what you find. but don’t forget to replicate what you read. your goals are; learning tcp/ip, learning osi and its layers, learning basic level active directory and most importantly learning unix.
it’s time to move on owasp top ten 2017. just read and do your research to learn them. causes, impacts, preventions. burp suite’s creator portswigger offers really good learning and practicing opportunity. go portswigger web security academy learning path and try to solve lab challenges. important thing is don’t ever skip the articles. yes, you’ve read these topics in owasp top ten but reading again is not gonna hurt you. you will learn new things by doing that. after finishing portswigger labs, download dvwa and bwapp then fully complete them. after than dvwa and bwapp, go to overthewire and solve natas challenge series.
you’re now ready to solve box ctfs. start with metasploitable2, but exploit it in every possible way. i was prepared an excel sheet for my friend at a time. sent it some people asked me to how to get started. now i’m publicly sharing it. get the excel document here. complete all tiers and take your notes. don’t hesitate to look up walkthroughs. the chain is try >>> fail >>> learn. you can also try tryhackme rooms. i can’t say something about it because i haven’t experienced it. i also designed a ctf series named driftingblues. in this series i tried to cover as much topic as i can. so give it a shot because i classified them as beginner-easy. after solving as much box ctfs as you can, it’s safe to move to hackthebox. get the vip and solve all easy and medium machines. by doing that, you’re ready to take pwk course.
did you notice that i didn’t give single tool name or what you’ll learn in ctfs? it’s the point, you’re on your own. search for tools in kali or external to create your own meta. ask questions on reddit, or some discord groups. search and read what you can find. again, take your notes. don’t get tired by searching or reading. after reading this post, you can say “ehh, is that all?”. yes, i pointed the way. all you can do is study a lot and success.
if you have questions: contact
tasiyanci
vulnhub
hackthebox
tryhackme
oscp
pwk
beginner
ctf
where
do
i
start
yoBSa623bnr
sSax241sty2
KlZa24gsd65
