(Part 2) Top products from r/netsecstudents

Jump to the top 20

We found 39 product mentions on r/netsecstudents. We ranked the 95 resulting products by number of redditors who mentioned them. Here are the products ranked 21-40. You can also go back to the previous section.

Next page

Top comments that mention products on r/netsecstudents:

u/sold_myfortune · 0 pointsr/netsecstudents

So if you actually want to be good at it, I vote for SOC > Pen

I've posted the following steps to this group a number of times before, but once more couldn't hurt:

You should be aiming to eventually get a position as a SOC analyst.

A SOC analyst position gives you some insight into a whole range of different security problems and practices. You'll see incoming recon and attacks, your org's defenses and responses, and the attacker's counter responses. You'll get experience using a SIEM. You'll become familiar with all of the tools in place and start to figure out what works and what doesn't. You'll learn the workflow of a security team and what the more senior engineers do to protect the enterprise. After a couple of years, you'll probably have a much better idea about your own interests and the path you want to pursue in your career. If your end goal really is to be a pentester what better way to prep for that then first learning the tactics of the team that defends the network?

​

Here's how you get to the SOC analyst job:

​

Step 1: Get the Network+ cert (Skip the A+, it's a waste of time for your purposes). You MUST understand IPv4 inside and out, I can't stress that enough. A used Network+ study guide on Amazon should be less than $10. Professor Messer videos are great and free: https://www.youtube.com/user/professormesser

​

Step 2: Get the Security+ cert.

​

Step 3: Get a job, probably in entry level tech support. You typically have to do a year or two here to get some practical experience.

​

Step 4: While in your tech support job try to do every security related task you can. IAM actually comes up a lot in these types of jobs, so that could be something to build on.

​

Step 5: Attend Bsides conferences (very cheap), and start professional networking. Pentesters are a bit cliqueish and knowing the right people can count for a lot.

​

Step 6: Watch Wireshark videos on youtube. Learn all the Wireshark you can.

​

Step 6: Join a local hackers group similar to NoVA Hackers or Dallas Hackers. Maybe try to join a regular CTF team as well.

​

Step 7: Network like crazy with everyone you can at security conferences and in your hackers group.

​

Step 8: After you get those certs and some experience, apply for every SOC position you can.

​

Step 10: Keep going until you get that SOC analyst job.

​

Step 11: When you feel the time is right, get the OSCP and convince one of your contacts to give you a pentesting tryout.

​

To get your feet wet with Linux , I'd highly recommend "Unix and Linux System Administration Handbook" by Evi Nemeth, et al. You can get a used copy of the fourth edition for about $15.00. The second edition got me through my first three jobs back in the day :) https://www.amazon.com/UNIX-Linux-System-Administration-Handbook/dp/0131480057/ref=sr_1_fkmrnull_1?keywords=evi+nemeth+4th+edition&qid=1551450119&s=gateway&sr=8-1-fkmrnull

u/DucBlangis · 20 pointsr/netsecstudents

Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:

  1. Programming. Definitely learn "C" first as all of the Exploitation and Assembly courses below assume you know C: The bible is pretty much Dennis Richie and Kernighan's "The C Programming Language", and here is the .pdf (this book is from 1988, I don't think anyone would mind). I actually prefer Kochan's book "Programming in C" which is very beginner freindly and was written in 2004 rather than 1988 making the language a little more "up to date" and accessible. There are plenty of "C Programming" tutorials on YouTube that you can use in conjunction with either of the aforementioned books as well. After learning C than you can try out some other languages. I personally suggest Python as it is very beginner friendly and is well documented. Ruby isn't a bad choice either.

  2. Architecture and Computer basics:
    Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
    Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".

  3. Operating Systems: Choose which you want to dig into: Linux or Windows, and put the effort into one of them, you can come back to the other later. I would probably suggest Linux unless you are planning on specializing in Malware Analysis, in which case I would suggest Windows. Linux: No Starch's "How Linux Works" is a great beginner resource as is their "Linux Command Line" book. I would also check out "Understanding the Linux Kernel" (that's a .pdf link). For Windows you can follow the Windows Programming wiki here or you can buy the book "Windows System Programming". The Windows Internals books are generally highly regarded, I didn't learn from them I use them more as a reference so I an't really speak to how well they would teach a "beginner".

  4. Assembly: You can't do much better than OpenSecurityTraining's "Introductory Intel x86: Architecture, Assembly, Applications, & Alliteration" class lectures from Xeno Kovah, found here. The book "Secrets of Reverse Engineering" has a very beginner friendly introduction to Assembly as does "Hacking: The Art of Exploitation".

  5. Exploitation: OpenSecurityTraining also has a great video series for Introduction to Exploits. "Hacking: The Art of Exploitation" is a really, really good book that is completely self-contained and will walk you through the basics of assembly. The author does introduce you to C and some basic principles of Linux but I would definitely suggest learning the basics of C and Linux command line first as his teaching style is pretty "hard and fast".

  6. Specialized fields such as Cryptology and Malware Analysis.


    Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)

    *edited a name out





u/GaijinKindred · 8 pointsr/netsecstudents

With money;

  • Offensive Security offers some good courses on netsec - Kali.org - they offer Kali Linux (a derivative of Debian - a distribution of Linux) too tbh.

  • College/University is a pretty decent source for info more often than not.

  • Also, start either with code or physical things. Windows has a lot of things to poke at actually. Usually good starter references (the “for dummies” books); https://www.amazon.com/Network-Security-Dummies-Chey-Cobb/dp/0764516795


    Without money;

  • Start learning python 3. Will significantly help the more serious you get.

  • Start with Wireshark and nmap - both are free applications that support most operating systems.

  • Also, look at penetration testing resources as a good “go-to”. Reddit, Hak5, and DEFCON are good places to look for information. Hak5 & Reddit first though, DEFCON the more you get into things. My Reddit reference:
    https://www.reddit.com/r/hacking/comments/1d9onz/how_do_i_start_getting_into_pentesting/
u/Metasploit-Ninja · 2 pointsr/netsecstudents

I honestly have no idea between the differences of the two without looking it up. I took my Net+ back in 2007. The new test and objectives should be fun because it covers all the new things out there to include SCADA. Pretty good stuff.

From my experience doing certs, I really love the "All-In-One" series books. Mike Myers has been authoring the Network+ (and other books) for a while now and he has a book on Amazon for the n10-006 version. I would highly recommend getting that!

https://www.amazon.com/CompTIA-Network-Guide-Sixth-N10-006/dp/0071848223

u/tomisnik · 1 pointr/netsecstudents

I agree with /u/Mxyzptlk_ about starting off with books and online material, as these will help you to get a feel for the topics you'll likely need to cover.

As a brief overview SANS provide a condensed handbook for IR - https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901 (PDF)

Although it's not everyone's cup of tea, and is certainly expensive, the SANS GIAC Certified Incident Handler certification is well worth pursuing in my opinion. I recently passed the exam after taking the training in July, and I've found lots of useful information during the process which has helped me out in my role.

Although this book may be for a bit further down the line, I would highly recommend the Blue Team Handbook: Incident Response Edition manual.

Hope this helps!

u/8lue · 2 pointsr/netsecstudents

I made a similar jump, IT to Security Analyst.

I spun up a home lab in vmware with Kali, metasploitable, splunk, pfsense and security onion (for snorby).

I read a couple books:

Network Intrusion Detection:

https://www.amazon.com/gp/aw/d/0735712654

Applied Cryptography:

https://www.amazon.com/gp/aw/d/0471117099

Between this and diving into security centered news sites I went from 0 to (what felt like 60) in about 3 months. I was picked up as a security analyst for a pretty solid tech company.

u/nightmare247 · 5 pointsr/netsecstudents

Part of that "80%" can be a sales tactic to get you to sign up and take the course. Although I am not in the UK so I am not sure if that stat holds true.

As for the equipment: Both the below links are good starting points. The top one is a bit older.

Build Your Own Security Lab: A Field Guide for Network Testing

[The Network Security Test Lab: A Step-by-Step Guide] (https://www.amazon.com/Network-Security-Test-Step-Step/dp/1118987055/ref=asap_bc?ie=UTF8)

Both will give you a good idea and a starting point.

But you never really answered a key question: What is it you want to do? In CyberSecurity, there are roughly 40 different types of emphasis that you can focus on. I know it is daunting, but understand your personality and goals can weigh heavily into that decision. Not everyone is cut out to be a WhiteHat, but that does not mean a blue team member or a purple team member are not for you.

There was a really good topic discussion on Reddit (unable to find it currently) that had quite a few jobs broken down and what they do/mean to the Security Community.

u/misconfig_exe · 24 pointsr/netsecstudents

Also I highly recommend THP2 (pentesting focused) (you can skip THP, its contents are all included and better organized in THP2) and THP3 (red teaming focused). Peter also hosts awesome trainings which I've leveraged into internships and jobs. more info at https://securepla.net/training

u/kimchi_station · 2 pointsr/netsecstudents

If you are looking for books, there are:

The Basics of Web Hacking by Mike Shema

Hacking Webapps by Mike Shema

and The Tangled Web by Michal Zalewski

Check around Udemy, edx, and all those other sites that offer free online courses. Also I know lots of schools, MIT included, put their full courses (lectures, assignments, syllabus, etc) online for anyone to access. Search around and work through the books. Find a good online community to go to if you ever have questions or need advice.

u/FiberOptik · 6 pointsr/netsecstudents

This is generally regarded as the best. It was suggested to me when I needed to re-certify from 004 to 006.

u/JWooferZ · 3 pointsr/netsecstudents

I don't get how you're in a masters program in cybersec without knowing how to code...

Anyway, if you are leaning towards pentesting/networks, https://www.amazon.ca/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441 as well as black hat python/violent python are what you want to start off, as well as a good book on networking book: https://www.amazon.ca/Computer-Networking-Top-Down-Approach-6th/dp/0132856204.

I'm actually confused about what the content of an msc program could be in cybersec if you don't already know how to code.

u/mauvehead · 1 pointr/netsecstudents


A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security https://www.amazon.com/dp/1593273851/ref=cm_sw_r_cp_apa_iWHXAb48X2078

u/markjx · 2 pointsr/netsecstudents

There's a new SANS class on Security Architecture: http://www.sans.org/sec530

I also suggest Richard Bejtlich's book, The Tao of Network Security Monitoring. It isn't specifically on "security architecture", but it does talk about how to architect your network, which is basically the same thing. https://smile.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/

u/-rd · 3 pointsr/netsecstudents

I would second Ghost in the wire, though that is more of a autobiography. Still goes over some interesting stuff he did back in the day. He also helped write The Art of Deception and the Art of Intrusion

u/Julznova · 4 pointsr/netsecstudents

One book my technical lead gave me when I first started in a junior position is https://www.amazon.com/Tao-Network-Security-Monitoring-Intrusion/dp/0321246772/ Essential reading.

u/_o7 · 1 pointr/netsecstudents

This book is also given out in the class.

Source: Multiple Co-workers took the course recently.