/script>
How should I improve my cyber security skills?
I'm starting a junior level cyber security position soon, and was looking for some tips/pointers to improve my capabilities as much as possible before I do. I have strong web-based coding skills, and I'm now learning Python (amateur move, should have done that a long time ago).
I have no certificates/qualifications but have competed in several CTF competitions and know my stuff when it comes to anything web based. I'm able to pick new things up quickly and utilise them to do things they shouldn't do, but lack guidance.
My learning checklist is as follows:
- Web (done)
- Python (started)
- Assembly
But then there's a bunch of stuff like Metasploit that would be perfect for the competitions, but I'm not sure how relevant it is IRL?
Finally, where do I find resources to test these skills on? My biggest constraint is the lack of vulnerable setups/VM's to test and I would prefer not to try on live targets.
Join Anonymous and haxxor teh world
>>60799079
Please note I mentioned improving my cyber security skills, not making them worse
>>60799097
Just fuck shit up.
http://overthewire.org/wargames/
https://github.com/RPISEC/mbe
The best way to improve security is to attack it. Keep penetrating your own systems until wnd other smart people can't. Try lying through your teeth to people involved with company computers and see how much they believe. Hi, can you print something for me please? The document on this flash drive... And the network is yours.
As a programmer you can do your best. It doesn't really matter what language you use, it's pretty much certain you or a colleague will fuck it up eventually. When it comes to security, some code is more important than others. Focus on your input handling layers. The network stack, HTTP servers, file format parsers, regular expression engines, that kind of thing. When they say user input is untrusted, they mean it. It's because bugs in the code that decodes the input are exploitable. Until recently Microsoft's antimalware program, which runs privileged, intercepted all network data and evaluated all Javascript code coming from the network. JS supports regular expressions, which means a regular expression engine was running with full system privileges and was taking in arbitrary input from the network and possibly compiling it to machine code. Can you see where this is going?
First step to amass cyber powers is to wear a Tron suit.
there are many aspects to focus on, find one you enjoy and get good at it.
and that isnt even taking in account whether you are red or blue or even purple. if you dont have a lab environment (a shitty pi does not count), then you better pony up the cash to build one
>>60799666
Okay satan