Top products from r/netsecstudents

It looks like you're moreso interested in blue team work. To tell you the truth, I'm more on the offensive side of things, but I'm sure I can still provide some help here. From what I can tell, it seems as though you already have a pretty solid base to work from based on the area you're looking at. Professor Messer provides some high quality videos that would serve as useful to you, as you would need to be pretty well rounded (although not quite expected to master all of these things) to get an infosec position. The network+ and security+ videos may be more useful in this context, but feel free to disregard the topics you know strongly and pursue the ones you're interested in. CompTIA also has the CSA+ which has a heavy focus on analyst concepts. While having certifications aren't a bad thing at all, it's not always necessary if you have the equivalent knowledge (I'd do a few job searches, and build out a "learning syllabus" from there, based on the responsibilities and requirements).

Speaking of which, in your case I would look for related entry level positions. I'm not quite sure where you are in terms of experience via internships / jobs, but assuming you didn't have infosec / IT experience yet, I would look into tier 1 SOC/NOC positions as I would imagine that it would provide the most carryover, considering your skillset and interests.

A few extra resources:

https://www.linkedin.com/pulse/breaking-cybersecurity-field-derek-carlin - Pretty solid career roadmap

https://www.cybrary.it/ - Several free courses, much higher quality than many of the udemy options (Also, don't worry about any of their certifications, they're not of high value compared to the knowledge you gain)

https://www.vulnhub.com/faq/#ptestnext - The most competent defenders that I've known, usually had a basic understanding of the offensive side of things as well. I noticed that you've done some offsec work during your courses, so this would be a good way to cultivate those skills a bit.

https://www.youtube.com/playlist?list=PLtGnc4I6s8dssa8hF4yMTAa4BrSJCSwux - Linux: again, just to show that you're well rounded

https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X - BTFM: A pretty solid usage of 15ish dollars in your situation

Also, almost forgot to mention that the sidebar on here, and /r/netsec has a pretty solid list of resources.

Best of luck, and feel free to message me if you have any more questions, or need clarification on anything.

If anyone has any trouble with something in the walk-through as far as needing clarification or they are attempting to do it themselves and find I messed up somewhere, please let me know! Thank you.

The binary can be found on my github: https://github.com/emtuls/ctf/tree/master/2018-hacktober.org/Binary_Analysis/binaries -> Larry.out


For anyone that needs resources for learning Reverse Engineering, I can provide you with a baseline that I would recommend starting with. Eventually, I plan on making my own set of tutorials...but that's in the works.

x86 Assembly:


If you don't know assembly language at all, this list of videos was where I picked up a decent amount of x86 assembly language.


A few good books would be:

• Hacking: The Art of Exploitation I am a huge advocate for this book. I learned a lot from this and have read it multiple times. It is written very well and teaches someone with no experience how to do C programming and assembly. This is mainly a book for learning exploitation/vulnerability research, but that can play hand and hand with Reverse Engineering. It will show you the assembly language break down of basic exploits and this can help you with RE.
  
  
• Practical Reverse Engineering I read through the beginning of this book and it gave me some good foundations of understanding memory and computer architecture for RE along with assembly of course
  
  
• Secrets of Reverse Engineering This book is a bit in depth, but the beginning gives another good foundation for Comp Architecture and assembly stuff.
  
  
• The IDA Pro Book Haven't personally read this book yet, but I have been told it is the defacto standard for learning IDA Pro, and it has examples you can learn from.
  
  Hands On:
  
  
  
• Legend of Random Very useful hands on with tutorials. Mainly based on cracking, but that requires reverse engineering. Highly recommend this!
  
  
• Lenas Tutorials Again, another awesome hands on tutorial, mostly based on cracking as well.
  
  
• Crackmes These are more of challenges once you start to have a little understanding down
  
  Courses:
  
  Tons of courses on youtube. I learn well from visual, so I recommend these youtube videos:
  
  
  
• Basic Dynamic Analysis
  
• Real World Decompilation There are a few videos to this series and he disassembles a game, definitely nice to learn from.
  
  
  Beyond that, Google will always be your friend, and /r/reverseengineering. I also have a bunch of material for Malware RE, but that's a bit different than Software RE, though it is relatable.

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.
   
   
2. Architecture and Computer basics:
   Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
   Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
   
   
3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".
   
   
4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".
   
   
5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".
   
   
6. Specialized fields such as Cryptology and Malware Analysis.
   
   
   Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
   
   *edited a name out
   
   
   
   
   
   

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

So this is aimed at people in a cyber security degree? What kind of knowledge do they have?

> using all the tools of kali

Pleaseeee no. There are hundreds of programs and scripts in Kali, it would not be feasible to learn and remember them all. Off the top of my head what I would do is:

• Have people do some of the starter wargames at overthewire so they are familiar with the linux command line. Maybe even make this a requirement to participate so you know that people are committed and have a base level of knowledge.
  
  
• Read write-ups on attacks and attackers, here is a good one by Mandiant<--(PDF link)
  
  
• Culture. I feel like this is one of the most neglected fields in cyber security. Read some phrack.
  
  
• Split people into teams to work on projects so that they have experience working together.
  
  
• Find some old CTFs or images on Vulnhub. See if you can register for some CTFs, looks great on a resume.
  
  
• Learn about sql and sql injection.
  
  
• Learn python, take a look at violent python or Grey Hat Python and Black Hat Python for more advanced stuff. There is also Hacking Secret Ciphers with Python for more of a crypto angle.
  
  
• linux, linux, linux. feel at home in the terminal and be able to script bash.
  
  
• Going over basic tools like nmap, aircrack-ng (airmon-ng, etc.), sqlmap, hydra, hashcat, metasploit, etc. Make whole day labs that use just one tool, You could maybe find an easy Vulnhub image or use Metasploitable to practice these.
  
  
• Make sure everyone has a github and populates it with stuff they create in this class. Incorporate it into your class so you got people forking and contributing to other members/teams projects.
  
  
• Look over books like The Hacker Playbook, Hacking, the Art of Exploitation, and so on for more ideas.
  
  
• Maybe most importantly, have the students teach. I'm sure there are people in there who specialize in one tool or subject. Have them design and lead a lesson/lab/activity. The best way to solidify and expand on what you know is to teach it.
  

I'd recommend learning to use Linux well first, since that is what you will need to use a lot of the tools for Pen Testing, after that you can choose an area to start with, most go with web app sec or net sec, since those are most in use right now - after that you can move into areas like cloud security, forensics or some other specialty.

As far as resources go there are a lot out there, i'll link some good ones that I use:

https://github.com/wtsxDev/Penetration-Testing

https://github.com/jivoi/offsec_pdfs

Those two should keep you going for a while at least.

As for coding, i'd recommend learning to use Bash first, then python. Bash is the Born Again SHell, a scripting language used in linux and is something that you will use a lot, and python is a language that is used a lot in offsec.

Here is a place where you can learn some Bash:
https://www.tldp.org/LDP/Bash-Beginners-Guide/html/Bash-Beginners-Guide.html

There are two books i'd recommend for python, ill link them here:
https://www.amazon.com/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579

https://www.amazon.com/Black-Hat-Python-Programming-Pentesters/dp/1593275900

the book in the second link is a bit easier to approach in my opinion, but both require some basic knowledge of python - so youtube or google some tutorials and im sure you'll do fine.

If you want to get into pen testing web apps, then you will want to learn some PHP and JavaScript, a lot of websites are written in PHP, and a lot of exploits are executed with JS: Cross site scripting in particular. You should also learn some SQL since that is another common one for manipulating databases, and can be attacked in a method known as SQL injection.

If you want a place to practice things you are learning then go here: http://overthewire.org/wargames/
They offer some pretty basic war games for things like linux commands and what not so you can really test your knowledge and learn a lot of the things you will have to do to progress through the games.

That's all I can think of atm, but i'm sure of the other people in here will be happy to give you some more suggestions

good luck!

Sure. The org I’m leaving purchased a budget SIEM (Solarwinds) for FISMA compliance (we get audited annually). But the network admin didn't have time to work on it. I was a bit of a utility player - web and software development, backup & recovery, a little database administration, some Linux administration, some scripting (mostly Powershell), etc. My boss knew I was interested in security, so he gave me ownership of it. I didn’t know anything about SIEM nor did anyone else on my team. So I had to set the whole thing up – getting agents installed on the machines we wanted to collect logs from, creating and tuning rules and alerts, setting up dashboards for real-time monitoring, creating incident reports, working with Solarwinds support when I couldn’t figure something out, etc. I also researched security events that I should be looking for and how to detect them. Ultimately, it led to me writing our security monitoring SOP and participating in our security audits. The most recent project I had was to recommend and implement a replacement for Solarwinds (the product had some bugs that were creating problems for us). I chose ELK and got it up and running with most, but not all, of the functionality of our previous SIEM. So that’s it for my professional security experience. Really not too much. My new gig heavily involves using QRadar. But that’s all I can really say about it at this point, as I haven’t started yet.

As for the non-professional stuff I did on my own, I took the eJPT course/certification, kept studying through books and online (Cybrary, Black Hat Python by Justin Seitz, Georgia Weidman’s book, some Udemy courses), built a security lab at home following the awesome lab guide by /u/667SlaysAyysForDays (its for sale now, not certain what its called but I think it may be this one: https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631), and kept listening to podcasts to keep myself interested and immersed.

I honestly have no idea between the differences of the two without looking it up. I took my Net+ back in 2007. The new test and objectives should be fun because it covers all the new things out there to include SCADA. Pretty good stuff.

From my experience doing certs, I really love the "All-In-One" series books. Mike Myers has been authoring the Network+ (and other books) for a while now and he has a book on Amazon for the n10-006 version. I would highly recommend getting that!

https://www.amazon.com/CompTIA-Network-Guide-Sixth-N10-006/dp/0071848223

I agree with /u/Mxyzptlk_ about starting off with books and online material, as these will help you to get a feel for the topics you'll likely need to cover.

As a brief overview SANS provide a condensed handbook for IR - https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 (PDF)

Although it's not everyone's cup of tea, and is certainly expensive, the SANS GIAC Certified Incident Handler certification is well worth pursuing in my opinion. I recently passed the exam after taking the training in July, and I've found lots of useful information during the process which has helped me out in my role.

Although this book may be for a bit further down the line, I would highly recommend the Blue Team Handbook: Incident Response Edition manual.

Hope this helps!

check out r/oscp Lots of blogs being posted over there almost on a weekly basis on what people did to get ready for the test and about the test.

> I have just set up simple virtual lab (Metaspolitable + Kali ) so where should I start ?! Is there any curriculum or learning path I need to follow to make my life easier ?!

What is your background when it comes to this stuff?

https://www.jpsecnetworks.com/week-1-oscp-preparation-lab-setup/

You need also learn about Windows exploitation

>Would you recommend specific course where you can get all what you need for OSCP in one place ?!

https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/

They already have a course to get you going. If you are totally new to this world, check out CEH, it will hold you hand and at least introduce you to the concepts of pentesting but the cert doesnt mean jack shit unless you are going for a 8750 requirement.

elearning has some basic pentesting courses to get you started and its a lot more hand holding that OSCPs material. However they seem to focus on relying on metasploit a lot more than you are allowed to use

https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2

Well, it mostly depends on what you’re trying to achieve. You definitely do not want to drop tools on the disk of the compromised machine if stealth is the main goal. You would load stuff into memory instead (reflective PE injection, reflective DLL injection (Powersploit toolkit) in case of Windows, /dev/shm in case of linux) and that way leave a minimal footprint for the blue team.


As to what would get picked up, that depends on the configurations. Process injection, process hollowing, outgoing connections, etc. can all be detected with the right (YARA) rules. Your best bet would be to use non-standard protocols such as DNS (look up dnscat2), ICMP and use the compromised host as sort of a pivot. Sending tool traffic through it instead of installing the needed tools on it.


Here are two writeups from the real world:

https://www.exploit-db.com/papers/41915

https://packetstormsecurity.com/files/155392/HackBack-A-DIY-Guide-To-Rob-Banks.html


Here are some other resources you may like (including DA compromise):

https://medium.com/@adam.toscher/top-five-ways-i-got-domain-admin-on-your-internal-network-before-lunch-2018-edition-82259ab73aaa

https://youtu.be/dKUS26BlKlc

https://youtu.be/q7DfaaUHXYE

https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing-ebook/dp/B07CSPFYZ2


PS: I do not condone malpractice. Provided links are purely educational... Also sorry for the formatting, on mobile. Feel free to DM with more questions, this is a wide topic.

I made a similar jump, IT to Security Analyst.

I spun up a home lab in vmware with Kali, metasploitable, splunk, pfsense and security onion (for snorby).

I read a couple books:

Network Intrusion Detection:

https://www.amazon.com/gp/aw/d/0735712654

Applied Cryptography:

https://www.amazon.com/gp/aw/d/0471117099

Between this and diving into security centered news sites I went from 0 to (what felt like 60) in about 3 months. I was picked up as a security analyst for a pretty solid tech company.

Super helpful! Thanks for the response. Might be dumb but what does CEH stand for? I'll avoid it as it sounds like I should.

I bought this book and this book I'll do all the excercises in them.

What are the CTF's you mention?

Thanks again though, very helpful.

I would check out https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631/ref=sr_1_2?ie=UTF8&qid=1496857119&sr=8-2&keywords=building+virtual+machine+labs.

Last week he was giving it away in pdf form for free, so you should be able to find it on the Internets pretty easily.

I used it to setup up a lab running on ESXi, with pfSense firewall, Splunk and Snort, Active Directory running on Server 2016 with about 30 user accounts, and a bunch of desktops running Win7 and Win10.

Backtrack is now Kali Linux, I believe they made the switchover 4 or 5 years ago. In general, the answer to if knowing a given area of technology will be applicable to security, the answer is "yeah, probably at some point." The better you understand a process or system, the more quickly and reliably you can sniff out what's misconfigured, or left as default, or vulnerable to poking with a metaphorical stick to see what comes out.

Kali has a lot of good tools, and I'm sure there are pentesters who use almost exclusively the tools in it for their day-to-day work. I would caution against relying too heavily on it though, or studying how to work the tools in Kali to the exclusion of other research.

If you haven't taken an intro to compsci class to understand how a computer processes instructions, how stacks and heaps work and the differences between them, etc, I would absolutely start there. Then look at basic networking, and work on setting up a virtual lab at home. You can do all of this for free through classes like edX, Khan Academy, etc. Even the process of getting your virtual lab operational will give you valuable hands-on experience, and then you'll be set up to safely practice when you're ready for it.

This book was hugely helpful to me, walked you through everything step-by-step along with pointers for further research. It was written by a Redditor, but I can't remember who. (If someone else recalls, mind replying to make sure they get a kudos?)

Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.

As for the equipment: Both the below links are good starting points. The top one is a bit older.

Build Your Own Security Lab: A Field Guide for Network Testing

[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)

Both will give you a good idea and a starting point.

But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.

There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.

eJPT is good but basic. I still learned a fair bit from it though!

One of the books I see come up time and again in recommendations for OSCP prep is Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman.

She has also done a video series along the same lines as the book that is available for free from Cybrary.

Do these courses:

https://www.cybrary.it/course/comptia-network-plus/

https://www.edx.org/course/introduction-computer-science-harvardx-cs50x

https://www.codecademy.com/learn/python

https://www.learn-c.org/

http://opensecuritytraining.info/IntroX86.html

https://www.cybrary.it/course/ethical-hacking/

https://www.cybrary.it/course/advanced-penetration-testing/

https://www.coursera.org/learn/build-a-computer Don't skip over that because you know how to 'build' a computer aka put a computer together from parts; it is a course about building a computer from literal scratch aka: starting with logic gates, not a course on how to 'build a sweet gaming rig' or something.

Read these books:

https://www.nostarch.com/pentesting

http://www.amazon.com/The-Shellcoders-Handbook-Discovering-Exploiting/dp/047008023X

https://www.nostarch.com/hacking2.htm

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Do these for practice:

http://overthewire.org/wargames/bandit/ (and others on there, that is just the best beginner wargame)

http://www.hackthebox.eu

http://www.root-me.org http://www.pwnable.kr/

https://www.codewars.com/

http://www.abatchy.com/2017/02/oscp-like-vulnhub-vms

https://pentesterlab.com/exercises/web_for_pentester (Lots more on there besides that as well)

This should get you well on your way to getting started!

Application Security:

• The Art of Software Security Assessment
  
• A Bug Hunter's Diary
  
  Web Security:
  
  
• The Tangled Web
  
  Secure Systems
  
  
• A Guide to Kernel Exploitation
  
• Rootkits
  

Are you referring to this book;

http://www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441

I see in the description that it says it's not a big deal if you don't know programming. Do you find this to be true?

I've also had

http://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Recommended to me. The description talks about html etc. do you need to know these languages before you dive into these book? Or is it more like they teach you just what you need to know about a specific language / vulnerability inside of a language/piece of code.

Thanks

This is a great list, thank you very much.
I also happened to decide to study networking but for a bit deeper, my choice was this book.

https://www.amazon.com/Computer-Networking-Top-Down-Approach-7th/dp/0133594149

This is a complete networking essentials, for grads, phDs, masters.

Is also has a helper site with video notes and animations

https://wps.pearsoned.com/ecs_kurose_compnetw_6/216/55463/14198700.cw/index.html

What kind of coding, and what are you interested in regarding security exactly? I would brush up on some python personally.

If you are inclined to read, I think the following are essential.

• Metasploit Unleashed
  
• Hacking: The Art of Exploitation
  
• The Web Application Hacker's Handbook

https://www.amazon.com/Computer-Networking-Top-Down-Approach-7th/dp/0133594149

This is the 7th edition, i have the 5th which is extremely valuable and precise in it's context. Built very good and easy to understand, but also VERY in-depth.

This is generally regarded as the best. It was suggested to me when I needed to re-certify from 004 to 006.

I don't get how you're in a masters program in cybersec without knowing how to code...

Anyway, if you are leaning towards pentesting/networks, https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 as well as black hat python/violent python are what you want to start off, as well as a good book on networking book: https://www.amazon.ca/Computer-Networking-Top-Down-Approach-6th/dp/0132856204.

I'm actually confused about what the content of an msc program could be in cybersec if you don't already know how to code.

The blue team field manual is a great book

Edit:
Here's the link
https://www.amazon.com/dp/154101636X/ref=cm_sw_r_cp_api_gz4-zbSCWC8E4

A principle in web app security: user input cannot be trusted.

With that in mind, the following are the kinds of user input you can mess around with: query parameters, post params, file uploads, cookies, http headers, even out-of-band inputs like emails (if they get processed) or all of the above but for a different but related service.

Sometimes user input can be crafted to exploit unexpected behavior. Causing a 500 error may give you interesting error messages. Maybe form input isn't sanitized and you can perform sql injections, XSS, and the like. File uploads - do the files appear to be uploaded to their server (and not something like S3)? Try dropping php files (if it's a php application), try XXE if Word or Excel documents are expected. All sorts of fun possibilities can be explored wherever there is any user input.

Another subject worth studying: attacking authentication. Is there no rate limiting? Usernames can be enumerated? How about a brute force attack? Take a look at the session token in the cookies - can you reuse them? Are they custom-made (does not appear to be generated by a known framework)? Try attacking the token-generation scheme itself. Discovered an XSS vuln and the cookie entry for the session token is not set to http only? Write a script to steal them cookies - that'll be your XSS payload - sit back and wait for someone to bite.

I think exploring these topics is a great start.

Recommended reading:

https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

Edit: to add, the tools you have listed are info gathering tools. That's the first thing you want to use to give you a nice idea about potential attack vectors. Sometimes dirbuster can yield nice results in itself. For example, I found a deployment script sitting on a prod server - with AWS keys!!! Tip for info gathering: you can use builtwith to see what tech the target is using, and tailor info gathering scripts (like dirbuster) for that.

This little guy is amazing. And cheap.

You're going to have a real rough go at it;

That said; 508 is largely derived from the following two sources:

Brian Carrier's File System Forensics (This book is actually given out in the course)

&

The Art of Memory Forensics by MHL, Andrew Case, Jamie Levy, and AAron Walters

That'll get you ~75% the way there. But it's a lot of material to cover and retain without a reference source. I don't know if SANS has an official policy on what specifically you can take in with you during the test outside of your personal notes and their material.

Outside of those two books; get very familiar with The Sleuth Kit and timelining.

Honestly; this would be advice for someone taking the course just as much as it would be for someone not taking the course.

You should pick up a copy of [The Tangled Web] (http://www.amazon.com/The-Tangled-Web-Securing-Applications/dp/1593273886) by Michal Zalewski. It really compliments OWASP.

Computer Networking: A Top Down Approach by Kurose and Ross is often highly recommended.

What he said, and this book will help with building a lab

http://www.amazon.com/gp/aw/d/1593275641/ref=mp_s_a_1_1?qid=1451915617&sr=8-1&pi=AC_SX220_SY330_FMwebp_QL65&keywords=georgia+weidman

https://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864

https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

https://pen-testing.sans.org/blog/2014/02/27/building-a-pen-test-infrastructure-hacking-at-home-on-the-cheap

and because I like you:

https://www.cybrary.it/0p3n/tutorial-for-setting-up-a-virtual-penetration-testing-lab-at-your-home/

https://www.pentesterlab.com/

https://community.rapid7.com/docs/DOC-2196

sure is. Go buy my book https://www.amazon.com/Building-Virtual-Machine-Labs-Hands/dp/1546932631

There's a new SANS class on Security Architecture: http://www.sans.org/sec530

I also suggest Richard Bejtlich's book, The Tao of Network Security Monitoring. It isn't specifically on "security architecture", but it does talk about how to architect your network, which is basically the same thing. https://smile.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/

Get a copy of Georgia Weidman's Penetration Testing and work through the exercises with the class. I think there's a way to order the book and get several PDF copies for classroom use; you could also contact Ms. Weidman on twitter and see if she'd let you do a bulk order at a discount.

Talk to the campus cyber-security rep and see if he or she would give your club access to the latest image file they're using on campus, so you can use that as a target in a VM. Vulnerability reporting should be a negotiated part of that deal -- you get the image, with the understanding that any vulns you find get reported internally.

Similarly, you could war-walk the campus and see how many unsecured or poorly secured WiFi networks you can find. If you can get on the network and then pivot to the access point you can change the SSID to "NETWORK_NAME (weak passwd)" or use your access to ID the network owner and notify them that their network's not secure. But make sure you have permission from whoever the campus ISP is before you do that -- the last thing you want is for some kid whose dad is a lawyer to sue you guys, or angrily demand that the school kick you out.

Also, if anyone in the club is planning to do work for the Federal government or other work requiring a security clearance, make sure that all of your work is strictly white-hat. Unauthorized access to any computer system, or access without consent of the owner, could potentially disqualify you from getting a clearance.

Once your team builds up a baseline set of skills you might want to see if you can start attending events for the CCDC.

Penetration Testing: A Hands-On Introduction to Hacking
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641

Offensive Computer Security Spring 2014 Homepage Florida State University
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity

Offensive Security Certified Professional
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional

The Hacker Playbook 3: Practical Guide To Penetration Testing
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759

MIT Course Number 6.858 :Computer Systems Security
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014

Subreddits https://www.reddit.com/r/netsec+privacy+SocialEngineering+onions+ReverseEngineering+crypto+blackhat+security+Malware+pwned+netsecstudents+computerforensics+HackBloc+securityCTF+xss+vrd+rootkit+REMath

More at http://Learn.SharjeelSayed.com

https://www.amazon.com/Blue-Team-Field-Manual-BTFM/dp/154101636X/ref=sr_1_1?ie=UTF8&qid=1506698119&sr=8-1&keywords=blue+team+field+manual

Reversing: Secrets of reverse engineering by Eldad Eilam by Eldad Eilam could be included in the reverse engineering section.

One book my technical lead gave me when I first started in a junior position is https://www.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/ Essential reading.

>Examples of projects I have completed: Coded a basic Linux kernel from the ground up for x86 machines, Working on a basic IRC botnet coded in Python, I have experience in Snort rules and have written Python scripts for log parsing. I have used Wire shark for packet sniffing etc, experience in using IDA for disassembling code for CTFs.

Why on earth would you pursue Sec+ and CISSP if you have experience in those things?

Build a Malware Lab, dude. Check out Practical Malware Analysis and The Art of Memory Forensics. With your experience you could probably wreck those over the summer.

If you want an old school, but relevant (more Red Teamer), you could check out Hacking: The Art of Exploitation and The Shellcoder's Handbook.

Practical Malware Analysis

The Art of Memory Forensics

Hacking

Shellcoder's Handbook


Malware Analyst's Cookbook

Violent Python:

https://www.amazon.ca/Violent-Python-Cookbook-Penetration-Engineers/dp/1597499579/ref=sr_1_1?ie=UTF8&qid=1505460411&sr=8-1&keywords=violent+python