Basic Security Principles/Information
How to Suck at InfoSec
- Learning the Ropes 101: Introduction - zsec.uk
- InfoSec Newbie List by Mubix
- A collection of resources/documentation/links/etc to help people learn about Infosec and break into the field.
Salted Hash Ep 34: Red Team vs. Vulnerability Assessments - CSO Online
- Words matter. This week on Salted Hash, we talk to Phil Grimes about the differences between full Red Team engagements and vulnerability assessments
- Encoding vs. Encryption vs. Hashing vs. Obfuscation - Daniel Messler
- Ask Good Questions: Deep Dive - Yousef Kazerooni
- Security 101
General Good Stuff
- [Words Have Meanings - Dan Tentler - CircleCityCon 2017]
- (Deliberate) practice makes perfect: how to become an expert in anything - Aytekin Tank
Learning the Command Line
- explainshell is a tool (with a web interface) capable of parsing man pages, extracting options and explain a given command-line by matching each argument to the relevant help text in the man page.
Careers in Information Security
Navigating Career Choices in InfoSec - Fernando Montenegro - BSides Detroit2017
- Making career choices can be intimidating and stressful. Perhaps this presentation can help. The tidal forces affecting technology impact our careers as well. If we're not actively managing them, we're leaving decisions to chance (or to others), and may not like the outcomes. This presentation describes a framework I've used over the past few years to evaluate both ongoing job satisfaction as well as new opportunities as they appear. I'm happy with the outcomes I've obtained with it, and have used this same framework when providing advice to others, and it has been well received. Hopefully it can help others as well.
Infosec Tools of the Trade: Getting Your Hands Dirty
- In this presentation we'll will be going over introductions to the various focuses in information security and demoing the most common tools that are used in operational security, both offense and defense. You'll leave with an idea on how to freely obtain and use these tools so that you can have what you need for that first interview: experience and a passion for security. This is a green talk for people who don't have a clue on what offensive and defensive people do operationally, from a tool perspective.
- So You Want To Be A H6x0r Getting Started in Cybersecurity Doug White and Russ Beauchemin
- Navigating Career Choices in InfoSec - Fernando Montenegro - BSides Detroit2017
- Interview Preparation
NICE Cybersecurity Workforce Framework
- The NICE Framework, NIST Special Publication 800-181, establishes taxonomy and common lexicon that is to be used to describe all cybersecurity work and workers irrespective of where or for whom the work is performed. The NICE Framework is intended to be applied in the public, private, and academic sectors. (USA Focused)
- NICE Cybersecurity Workforce Framework
- Data Scientist
Articles & Writeups
- How to become a pentester - Corelan
- Attacking Big Business
- 10 common mistakes aspiring/new pentesters make - PentesterLab
- So You Want To Be a Pentester? - Jack Halon
- And THIS is Why Penetration Testing Sucks - Ronin Chang
- So You Want To Be a Pentester? - Jack Halon
- World's Worst Penetration Test Report - rant
- Make It Count: Progressing through Pentesting - Bálint Varga-Perke -Silent Signal
Talks & Presentations
So you think you want to be a penetration tester - Defcon24
- So, you think you want to be a penetration tester, or you already are and don't understand what the difference between you and all the other "so called" penetration testers out there. Think you know the difference between a Red Team, Penetration Test and a Vulnerability assessment? Know how to write a report your clients will actually read and understand? Can you leverage the strengths of your team mates to get through tough roadblocks, migrate, pivot, pwn and pillage? No? well this talk is probably for you then! We will go through the fascinating, intense and often crazily boring on-site assessment process. Talk about planning and performing Red Teams, how they are different, and why they can be super effective and have some fun along the way. I'll tell you stories that will melt your face, brain and everything in between. Give you the answers to all of your questions you never knew you had, and probably make you question your life choices. By the end of this session you will be ready to take your next steps into the job you've always wanted, or know deep inside that you should probably look for something else. There will be no judgment or shame, only information, laughter and fun.
- So you think you want to be a penetration tester - Defcon24
- Hold my Red Bull Undergraduate Red Teaming Jonathan Gaines
- Articles & Writeups
offensiveinterview - WebBreacher
- Interview questions to screen offensive (red team/pentest) candidates
- offensiveinterview - WebBreacher
- Non-Technical Skills
- A collection of *nix Sysadmin Test Questions with Answers for Interview/Exam (2018 Edition).
- Tools you should probably know exist
- Learning New Tools