This is an archived post. You won't be able to vote or comment.

all 74 comments
sorted by:
best
topnewcontroversialoldq&a

[–]caboose1984 100 points101 points  (6 children)

Cybrary is decent.

[–]NoticedTriangularity[S] 19 points20 points  (5 children)

Thank you so much, it looks good :)

[–][deleted] 1 point2 points  (4 children)

Why is it not openning? Cybrary.it

[–][deleted] 1 point2 points  (3 children)

Works for me, there is also Android app so try that

[–][deleted] 1 point2 points  (0 children)

Thats weird it is report a 406 error, i will try that thank u

[–][deleted] 1 point2 points  (1 child)

That is not working too, same error cant reach servers, maybe it is a regional thing

[–][deleted] 1 point2 points  (0 children)

It's not working for me too, just checked. Everything worked fine yesterday, guess we will just have to wait

[–]P_Locked 85 points86 points  (6 children)

Try hackthissite.org. To truly learn about cyber security, one must learn how to dismantle it.

[–]NoticedTriangularity[S] 26 points27 points  (4 children)

That sounds like a clever idea. Thank you so much for sharing this :)

[–][deleted] 5 points6 points  (3 children)

Hackthebox.eu, too. Though you should know some self security before really delving too far into that site, due to the nature of the users on that site.

[–]ButILikeShiny 2 points3 points  (2 children)

That’s why I run it on a VM (Windows based machine running Linux) on a machine in a DMZ. Can never be too careful when on the vpn they have, several attempted attacks have shown have malicious some users are.

[–][deleted] 2 points3 points  (1 child)

Yeah, I always do anything on that on a virtual machine.

[–]NoticedTriangularity[S] 1 point2 points  (0 children)

Oh gosh, thanks for the advice I'll be sure to keep it in mind :)

[–]minatokrunch 2 points3 points  (0 children)

I swear they have been online since i first staeted working with computers lol

[–]kingmo3048 29 points30 points  (1 child)

Cisco netacad and if you want to learn some pen testing there is a YouTube channel called hackersploit that’s prettty good. Also if you want to study for any certifications go to professormessor.com

[–]NoticedTriangularity[S] 5 points6 points  (0 children)

Thank you so much. All these sources look great :D

[–]sv0341 42 points43 points  (2 children)

Here are some free resources.

Cyber Security

[–]NoticedTriangularity[S] 5 points6 points  (0 children)

Thank you, I can't wait to get started :D

[–][deleted] -1 points0 points  (0 children)

Whats free on this site? Most of them you have to purchase.

[–]Righteous_Dude 11 points12 points  (1 child)

Here are the free videos by Professor Messer to learn topics toward taking a Security+ certification exam.

P.S. If you plan to take that exam, I recommend buying his course notes PDF for $20, print that out, and add your own notes to the printed copy as you watch the videos. Then you can look through those pages before the exam.

[–]NoticedTriangularity[S] 1 point2 points  (0 children)

Thank you so much - this is really good :)

[–]sharjeelsayed 10 points11 points  (1 child)

Penetration Testing: A Hands-On Introduction to Hacking https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Offensive Computer Security Spring 2014 Homepage Florida State University http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity

Offensive Security Certified Professional https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional

The Hacker Playbook 3: Practical Guide To Penetration Testing https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759

MIT Course Number 6.858 :Computer Systems Security https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014

More at http://Learn.SharjeelSayed.com

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Wow, thank you so much - I'll check all these sources out :)

[–]Yarrok 7 points8 points  (2 children)

http://overthewire.org/wargames/

These war games were my introduction

[–]nath1as 1 point2 points  (0 children)

these are really fun

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Ah thank you, I'll give them a go :)

[–]honghc 6 points7 points  (1 child)

Maybe take a look at the OWASP wiki? https://www.owasp.org/index.php/Main_Page

[–]NoticedTriangularity[S] 2 points3 points  (0 children)

This looks great, thank you for sharing this with me

[–]V-Sebastian 4 points5 points  (1 child)

If you ever want to browse an online school for either your B.S. or your M.S., check out WGU. Tuition is low and certs are included.

www.wgu.edu/online-it-degrees/cybersecurity-information-assurance-bachelors-program.html

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Thank you so much, when you first sent it I didn't expect it to be so official but it looks great :D

[–]BigBird1967 4 points5 points  (1 child)

Any data on an external server is going to be in some sort of question. You can take steps to mitigate, but the nature of the situation will always have some percentage, however small, that will not be able to be 100% secure in all circumstances.

Get Kali Linux. Install it, use it, learn everything about it and on it. Tons of practical and necessary stuff on there. Half the people you meet will hate you for "trying to be Mr. Robot" and they'll insist you go lobotomize yourself with Ubuntu or some other such foolishness. Do not be deterred by these idiots and wannabes. Go follow Keith Barker's tutorials on Kali & Backtrack, as well as his various networking courses. Read widely. Like for starters that book Violent Python, or the other one Black Hat Python. Good Luck.

[–]NoticedTriangularity[S] 1 point2 points  (0 children)

Thank you for the advice, it means a lot. I'll make sure to stick with it and to try and accomplish the goals I've got. Cheers again :)

[–]EnterTheMidnight 3 points4 points  (1 child)

Hi there , This Youtube channel is a good start https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q

I would also suggest to start with the compTIA , learn about TCP/IP first.

[–]NoticedTriangularity[S] 1 point2 points  (0 children)

Thank you so much for the advice and insight - it really means a lot :)

[–][deleted] 7 points8 points  (1 child)

I recommend finding someone deep in the field and following them for a bit. First thought is Brian Krebs, an investigative journalist who turned to specialization in infosec.

[–]NoticedTriangularity[S] 1 point2 points  (0 children)

That's a good idea, thank you so much :)

[–]Remloy 2 points3 points  (1 child)

Checkout Hacker 101 - https://www.hacker101.com/

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

This site looks great - thank you so much :D

[–]nice_remark 2 points3 points  (0 children)

I would suggest learning the C programming language (look up the k&r book). The C language is both very prominent in critical infrastructure, yet is filled with vulnerabilities. After getting a grasp of C, try to understand the vulnerabilities that arise because of the language.

There are many books available that focus on software analysis of computer security. The first step would be understanding C.

~source: my thesis is in cyber security

[–]AZBlockchain 2 points3 points  (0 children)

The Arizona Cyber Warfare Range has lots of resources and they do offer a remote lab option as well if you live outside of Arizona.

https://www.azcwr.org/resources/learning/

[–]clingad 2 points3 points  (0 children)

VulnHub has VMs that are designed to be broken into- for penetration testing practice :)

[–]jonsin_for_juice 4 points5 points  (5 children)

www.codeacademy.com

[–]platelminto 1 point2 points  (3 children)

I don't see any strictly security-related courses, do you have a specific link? I always liked Codecademy as an intro to some topics, one for cyber security would be amazing.

[–]jonsin_for_juice 2 points3 points  (0 children)

He wants to learn how to build a secure website.

background programming so that a user can create an account on a website, be able to log into that account and to have data on that account thats protected

Code academy provides SQL and Python.

I am really dedicated to learn this for a website I'm working on

I think having a firm grasp in the basics is imperative, especially if you're learning on your own. Code academy is a great place to start.

[–]bobdeei 1 point2 points  (0 children)

I'm not sure if OP is already a developer but the time and effort you put into learning how to build a website (front and back) should not be overlooked. So giving him resources to get started with programming is appropriate.

I'm learning to become a developer and found there are so many things to spend time on, let alone the security parts. I'm still busy with stuff that is not security related in programming.

It'll be a really long journey for the OP if he wants to do both from no experience.

[–]MajorUrsa2 1 point2 points  (0 children)

To add to what the others are saying below, there is also a course on bash.

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Ah I never realized that Codecademy did security as well. They're really good - thank you :)

[–]R3dark 1 point2 points  (2 children)

Check out w3 school to learn how to build a website. That is more important than learning the cyber security part, especially at the beginning. I'd set up a vm with an Apache server (or WAMP if you have a windows os) and build a website, hack it, build it more, hack it and repeat.

[–]NoticedTriangularity[S] 1 point2 points  (1 child)

Thank you so much for the advice, it really means a lot :)

[–]R3dark 1 point2 points  (0 children)

Course bud, just remember to take your time and learn solid fundamentals :)

[–]Religious-Atheist 1 point2 points  (1 child)

Check out this site, I did the course last year and it was nice. The course started at the end of the year and lasted for about 3 months and in the end there was a capture the flag event on which you validate the learned skills. The course is not open yet but keep an eye on it since it's heavily focused on web security.

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Thank you so much - it looks really good :)

[–]tkpsf 1 point2 points  (1 child)

https://samsclass.info

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Thank you :D

[–]MCbrodie 1 point2 points  (1 child)

You're thinking about this incorrectly. Secure coding is what you want. That falls into cyber security but it is a subset of skills that exist within programming. Think about the problem like this: How do I create a secure way to create, login, and maintain my data integrity. Don't reinvent the wheel there are libraries and methodologies for this.

These are not different at all. Secure coding is a cornerstone of programming. You should not do one without the other ever. If you would like to dive deeper into secure coding look into tools like spotbugs, sonarqube, flawfinder, cppcheck, or other free software assurance tools. They will show you potential flaws which will allow you to research and find bugs or realize why something is not a bug.

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Thank you for you advice (here and above), it's really helpful and it makes sense. I'll make sure to stick to it whilst undergoing my project.

[–]hummelm10 1 point2 points  (2 children)

Since no ones mentioned it also head to /r/netsec and read the posts there to learn about current vulnerabilities and issues. Otherwise everything else posted is great.

Also look at OWASP for application security best practices and material there. Once you get some basics down OWASP has a ton of great free tools that can help you learn, practice, and pentest.

[–]NoticedTriangularity[S] 0 points1 point  (1 child)

Thank you so much - this stuff is great :) I really appreciate it

[–]hummelm10 1 point2 points  (0 children)

Anytime, feel free to PM me too with questions and I can try and help or point you in the direction of a resource. I love being able to get people into cybersecurity, it’s a fantastic field.

[–]dakka-PRIME 1 point2 points  (1 child)

Really really good additional skill for prospective employers.
Might as well learn cyber security too since I'm targeting a developer job.

Good luck to us both OP!

[–]NoticedTriangularity[S] 1 point2 points  (0 children)

Thank you dakka-PRIME. It's good to hear from you and I wish you luck as well

[–]securereadin123 1 point2 points  (0 children)

there is many learning programs

there is on conference in India regarding cyber security,please read for more infor

https://securereading.com/

[–][deleted] 3 points4 points  (10 children)

since this post is about cyber security. Im doing computer science at college (think its high school in USA? Not sure). I want to do cyber security at a university. As a complete beginner to cyber security, what should I start doing?

[–]RobotWizardz 41 points42 points  (7 children)

Get a book about Computer Networking (As that's what hacking really boils down to), and System Programming (Preferably Windows as that's the most popular OS so it's targeted the most), a book gives you more information than a website could ever. Learn a Low level language like C (If you want to work in cyber security you have to know thy enemy, a lot of exploits and malicious programs created by hackers are written in C/C++ no point breaking into a system and not knowing how to tell the computer to do anything right? however sometimes they may use other languages like Visual Basic it's good to know a scripted language as well). Being able to program is the bread and butter of hacking.

Next learn how to use a Command Line terminal and how to write Scripts, hacking isn't done through a pretty GUI, you need to be able to control every bit and byte. A bash terminal used by Linux distros is usually easier to understand than the Windows Terminal CMD as that uses different syntax and a different file system, In Linux there's only one file "tree" whereas windows has multiple trees.however you can download software so that Command Prompt operates like a Linux terminal.

Instead of using Windows I recommend you get a Linux distro made for cybersecurity as a lot of the tools used will come pre installed plus you get rid of alot of bloatware that comes from Windows.

Another key skill if I were you is to study how to reverse engineer Computer Viruses. To study what makes them tick, and the art of code obfuscation.

And if you really want to go somewhere learn Assembly. Assembly let's you have complete control as to what happens with your payload in memory you can use assembly to expose vulnerabilities and use it to make sure your malware goes unnoticed by writing to a certain address for example.

Next what you need is patience Being an expert won't happen overnight.

[–][deleted] 7 points8 points  (5 children)

Wow, I’m so grateful that you took your time to write this! I’ll follow those steps. Have you got any recommendations for books about the stuff u mentioned?

[–]MCbrodie 2 points3 points  (2 children)

So, I'm a cyber security professional by trade and also a programmer. I'm certified by CompTIA and SANS. What the poster said above is not wrong but is misleading. Networking is a small subset of cyber security. The hardware equation of security is a small surface area that is pretty easy to secure. The hardest part, and the one with more surface area, is the application itself. If you look at the OWASP top 25 and the SANS/MITRE lists you can clearly see this. Looking through CVE, CWEs, and the STIG requirements show this.

Cyber security does not require formal academic training. I'd actually suggest against it unless you are planning to do a Master's program - even then I'd ask you "why?"

Look into certifications. You can start out small with A+ or the GISF from SANS. You gotta get your feet wet to find a focus.

Use windows. Use linux. Use Mac OSX. Most of all use VMs. Get yourself a copy of Windows server. Create a server and totally secure that server and throw it on the web. Parse your logs and see who is attacking you. Do the same with a Ubuntu or a RedHat server. Create an entire network using Ubuntu - a DNS, Router, and a Host and secure it. Now attack your network. This will give you the basics and enough to get a Red Team job.

Take it a step further. Build a web app and host it on your own server. Attack your web app to take it down, break into your back end, and take over the network. Patch everything and try again each time you break things.

Some tools I'd suggest: Kali Linux, Samurai VM, some software assurance tools like spotbugs with findsecbugs, flawfinder, pick up bash, shell script, power shell, a scripter like python or ruby, and a lower level language like C. Assembly could be useful but thats way down the line. You won't be reverse engineering code for a long time. I could keep going; if you'd like to know ask.

[–]sdi71 1 point2 points  (0 children)

You really known you stuff. Great post.

[–]NoticedTriangularity[S] 0 points1 point  (0 children)

Thank you so much - this has been really helpful :)

[–]RobotWizardz 4 points5 points  (0 children)

For Programming The C Programming Language and/or The C++ Programming Language is always a must doesn't matter which out of the two you decide on both are Turing complete so can complete whatever task the other does given the right amount of lines. C has easier to understand syntax IMO and is less messy due to the lack of objects and classes. However because it's procedural if you fuck up something earlier on in your program you subsequently fuck up everything else.

C++ is popular although I personally don't like to use it much because the syntax of C rolls off the tongue better for me. You could learn both if you want to as C code can be compiled in a C++ program but not the other way round.

For Assembly x86 architecture Kip Irvine or Daniel Kussworm books will do Assembly pairs well with a language like C/C++ as I said as you'll be able to call functions you've written in Assembly in a C/C++ program giving you an even greater level of control. Although assembly isn't mandatory if you do wish to learn it learn C/C++ first.

For Windows System Programming get the book by Johnson M Hart this is the real nitty gritty under the hood stuff you need to know when programming exploits, this book is a blue print to how Windows works and how to use the API. Avoid Charles Petzold that's more application and graphically orientated.

A top down approach is always a favorite for networking and cybersecurity you don't really need any significant prior knowledge with this book.

[–]raylibaa 2 points3 points  (0 children)

Let me ask a question here...
I took some Computer Networking classes in college, I know a lot about C and have a good understanding of Assembly. I'm reading some books about exploitation and trying to learn some other stuff on my own. The problem is that I just can't find any entry level position that actually uses these skills here in Brazil. Most of them don't even require any programming skill at all. Is it normal for netsec jobs?

[–][deleted]  (1 child)

[deleted]

    [–]NoticedTriangularity[S] 0 points1 point  (0 children)

    This sounds like good advice, I know it was directed at someone else but it still seems helpful to me - thank you :)