(Part 2) Top products from r/netsecstudents
We found 39 product mentions on r/netsecstudents. We ranked the 95 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.
21. Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder.
Sentiment score: 1
Number of reviews: 2
22. The Tao of Network Security Monitoring: Beyond Intrusion Detection
Sentiment score: 0
Number of reviews: 2
23. Incident Response & Computer Forensics, Third Edition
Sentiment score: 0
Number of reviews: 2
McGraw-Hill Osborne Media
24. CompTIA Network+ All-In-One Exam Guide, Sixth Edition (Exam N10-006)
Sentiment score: 2
Number of reviews: 2
25. Computer Networking: A Top-Down Approach (6th Edition)
Sentiment score: 1
Number of reviews: 2
Online Access
26. The Hacker Playbook 3: Practical Guide To Penetration Testing
Sentiment score: 1
Number of reviews: 2
27. Build Your Own Security Lab: A Field Guide for Network Testing
Sentiment score: 1
Number of reviews: 2
28. Attacking Network Protocols: A Hacker's Guide to Capture, Analysis, and Exploitation
Sentiment score: 1
Number of reviews: 2
29. A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
Sentiment score: 1
Number of reviews: 2
Used Book in Good Condition
30. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2)
Sentiment score: 1
Number of reviews: 1
31. Network Security For Dummies
Sentiment score: 1
Number of reviews: 1
ISBN13: 9780764516795Condition: NewNotes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
33. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Sentiment score: 0
Number of reviews: 1
John Wiley Sons
34. Computer Systems: A Programmer's Perspective (2nd Edition)
Sentiment score: 1
Number of reviews: 1
35. Windows System Programming, Paperback (4th Edition) (Addison-Wesley Microsoft Technology)
Sentiment score: 0
Number of reviews: 1
36. Load Balancing Servers, Firewalls, and Caches
Sentiment score: 0
Number of reviews: 1
37. UNIX and Linux System Administration Handbook, 4th Edition
Sentiment score: 6
Number of reviews: 1
NewMint ConditionDispatch same day for order received before 12 noonGuaranteed packagingNo quibbles returns
38. Breaking into Information Security: Crafting a Custom Career Path to Get the Job You Really Want
Sentiment score: 0
Number of reviews: 1
So if you actually want to be good at it, I vote for SOC > Pen
I've posted the following steps to this group a number of times before, but once more couldn't hurt:
You should be aiming to eventually get a position as a SOC analyst.
A SOC analyst position gives you some insight into a whole range of different security problems and practices. You'll see incoming recon and attacks, your org's defenses and responses, and the attacker's counter responses. You'll get experience using a SIEM. You'll become familiar with all of the tools in place and start to figure out what works and what doesn't. You'll learn the workflow of a security team and what the more senior engineers do to protect the enterprise. After a couple of years, you'll probably have a much better idea about your own interests and the path you want to pursue in your career. If your end goal really is to be a pentester what better way to prep for that then first learning the tactics of the team that defends the network?
​
Here's how you get to the SOC analyst job:
​
Step 1: Get the Network+ cert (Skip the A+, it's a waste of time for your purposes). You MUST understand IPv4 inside and out, I can't stress that enough. A used Network+ study guide on Amazon should be less than $10. Professor Messer videos are great and free: https://www.youtube.com/user/professormesser
​
Step 2: Get the Security+ cert.
​
Step 3: Get a job, probably in entry level tech support. You typically have to do a year or two here to get some practical experience.
​
Step 4: While in your tech support job try to do every security related task you can. IAM actually comes up a lot in these types of jobs, so that could be something to build on.
​
Step 5: Attend Bsides conferences (very cheap), and start professional networking. Pentesters are a bit cliqueish and knowing the right people can count for a lot.
​
Step 6: Watch Wireshark videos on youtube. Learn all the Wireshark you can.
​
Step 6: Join a local hackers group similar to NoVA Hackers or Dallas Hackers. Maybe try to join a regular CTF team as well.
​
Step 7: Network like crazy with everyone you can at security conferences and in your hackers group.
​
Step 8: After you get those certs and some experience, apply for every SOC position you can.
​
Step 10: Keep going until you get that SOC analyst job.
​
Step 11: When you feel the time is right, get the OSCP and convince one of your contacts to give you a pentesting tryout.
​
To get your feet wet with Linux , I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/ref=sr_1_fkmrnull_1?keywords=evi+nemeth+4th+edition&qid=1551450119&s=gateway&sr=8-1-fkmrnull
Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:
Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
*edited a name out
With money;
Without money;
https://www.reddit.com/r/hacking/comments/1d9onz/how_do_i_start_getting_into_pentesting/
I honestly have no idea between the differences of the two without looking it up. I took my Net+ back in 2007. The new test and objectives should be fun because it covers all the new things out there to include SCADA. Pretty good stuff.
From my experience doing certs, I really love the "All-In-One" series books. Mike Myers has been authoring the Network+ (and other books) for a while now and he has a book on Amazon for the n10-006 version. I would highly recommend getting that!
https://www.amazon.com/CompTIA-Network-Guide-Sixth-N10-006/dp/0071848223
I agree with /u/Mxyzptlk_ about starting off with books and online material, as these will help you to get a feel for the topics you'll likely need to cover.
As a brief overview SANS provide a condensed handbook for IR - https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 (PDF)
Although it's not everyone's cup of tea, and is certainly expensive, the SANS GIAC Certified Incident Handler certification is well worth pursuing in my opinion. I recently passed the exam after taking the training in July, and I've found lots of useful information during the process which has helped me out in my role.
Although this book may be for a bit further down the line, I would highly recommend the Blue Team Handbook: Incident Response Edition manual.
Hope this helps!
I made a similar jump, IT to Security Analyst.
I spun up a home lab in vmware with Kali, metasploitable, splunk, pfsense and security onion (for snorby).
I read a couple books:
Network Intrusion Detection:
https://www.amazon.com/gp/aw/d/0735712654
Applied Cryptography:
https://www.amazon.com/gp/aw/d/0471117099
Between this and diving into security centered news sites I went from 0 to (what felt like 60) in about 3 months. I was picked up as a security analyst for a pretty solid tech company.
Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.
As for the equipment: Both the below links are good starting points. The top one is a bit older.
Build Your Own Security Lab: A Field Guide for Network Testing
[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)
Both will give you a good idea and a starting point.
But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.
There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.
Also I highly recommend THP2 (pentesting focused) (you can skip THP, its contents are all included and better organized in THP2) and THP3 (red teaming focused). Peter also hosts awesome trainings which I've leveraged into internships and jobs. more info at https://securepla.net/training
Application Security:
Web Security:
Secure Systems
If you are looking for books, there are:
The Basics of Web Hacking by Mike Shema
Hacking Webapps by Mike Shema
and The Tangled Web by Michal Zalewski
Check around Udemy, edx, and all those other sites that offer free online courses. Also I know lots of schools, MIT included, put their full courses (lectures, assignments, syllabus, etc) online for anyone to access. Search around and work through the books. Find a good online community to go to if you ever have questions or need advice.
I can highly recommend this book which I also read myself - https://www.amazon.com/Attacking-Network-Protocols-Analysis-Exploitation/dp/1593277504
In addition this blogpost a good friend of mine made: https://jhalon.github.io/reverse-engineering-protocols/
This is generally regarded as the best. It was suggested to me when I needed to re-certify from 004 to 006.
I don't get how you're in a masters program in cybersec without knowing how to code...
Anyway, if you are leaning towards pentesting/networks, https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 as well as black hat python/violent python are what you want to start off, as well as a good book on networking book: https://www.amazon.ca/Computer-Networking-Top-Down-Approach-6th/dp/0132856204.
I'm actually confused about what the content of an msc program could be in cybersec if you don't already know how to code.
This little guy is amazing. And cheap.
Computer Networking: A Top Down Approach by Kurose and Ross is often highly recommended.
https://www.amazon.com/Build-Your-Own-Security-Lab/dp/0470179864
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://pen-testing.sans.org/blog/2014/02/27/building-a-pen-test-infrastructure-hacking-at-home-on-the-cheap
and because I like you:
https://www.cybrary.it/0p3n/tutorial-for-setting-up-a-virtual-penetration-testing-lab-at-your-home/
https://www.pentesterlab.com/
https://community.rapid7.com/docs/DOC-2196
A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security https://www.amazon.com/dp/1593273851/ref=cm_sw_r_cp_apa_iWHXAb48X2078
There's a new SANS class on Security Architecture: http://www.sans.org/sec530
I also suggest Richard Bejtlich's book, The Tao of Network Security Monitoring. It isn't specifically on "security architecture", but it does talk about how to architect your network, which is basically the same thing. https://smile.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/
I would second Ghost in the wire, though that is more of a autobiography. Still goes over some interesting stuff he did back in the day. He also helped write The Art of Deception and the Art of Intrusion
Penetration Testing: A Hands-On Introduction to Hacking
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
Offensive Computer Security Spring 2014 Homepage Florida State University
http://www.cs.fsu.edu/~redwood/OffensiveComputerSecurity
Offensive Security Certified Professional
https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional
The Hacker Playbook 3: Practical Guide To Penetration Testing
https://www.amazon.com/Hacker-Playbook-Practical-Penetration-Testing/dp/1980901759
MIT Course Number 6.858 :Computer Systems Security
https://ocw.mit.edu/courses/electrical-engineering-and-computer-science/6-858-computer-systems-security-fall-2014
Subreddits https://www.reddit.com/r/netsec+privacy+SocialEngineering+onions+ReverseEngineering+crypto+blackhat+security+Malware+pwned+netsecstudents+computerforensics+HackBloc+securityCTF+xss+vrd+rootkit+REMath
More at http://Learn.SharjeelSayed.com
One book my technical lead gave me when I first started in a junior position is https://www.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/ Essential reading.
I think you really need to learn how to program windows in C, not this new .net or sharp stuff.
https://www.amazon.com/Programming-Paperback-Addison-Wesley-Microsoft-Technology/dp/0134382250
https://www.amazon.com/Programming-Windows%C2%AE-Fifth-Developer-Reference/dp/157231995X
edit: oops, you wanted courses, not books.
Attacking Network Protocols
This
This book is also given out in the class.
Source: Multiple Co-workers took the course recently.
Learn Python The Hard Way