(Part 3) Top products from r/netsecstudents
We found 23 product mentions on r/netsecstudents. We ranked the 95 resulting products by number of redditors who mentioned them. Here are the products ranked 41-60. You can also go back to the previous section.
41. Programming Windows®, Fifth Edition (Developer Reference)
Sentiment score: 0
Number of reviews: 1
42. Routing and Switching Essentials v6 Companion Guide
Sentiment score: 0
Number of reviews: 1
43. CCNA Cyber Ops SECFND #210-250 Official Cert Guide (Certification Guide)
Sentiment score: 0
Number of reviews: 1
Cisco Press
44. Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems
Sentiment score: 1
Number of reviews: 1
Used Book in Good Condition
46. Learn Python the Hard Way: A Very Simple Introduction to the Terrifyingly Beautiful World of Computers and Code (3rd Edition) (Zed Shaw's Hard Way Series)
Sentiment score: 0
Number of reviews: 1
Pearson P T R
47. The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities (Volume 1 of 2)
Sentiment score: 1
Number of reviews: 1
48. Load Balancing Servers, Firewalls, and Caches
Sentiment score: 0
Number of reviews: 1
49. The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers
Sentiment score: 0
Number of reviews: 1
John Wiley Sons
51. Network Security For Dummies
Sentiment score: 1
Number of reviews: 1
ISBN13: 9780764516795Condition: NewNotes: BRAND NEW FROM PUBLISHER! 100% Satisfaction Guarantee. Tracking provided on most orders. Buy with Confidence! Millions of books sold!
52. Principles of Computer Security: CompTIA Security+ and Beyond [With CDROM] (Official Comptia Guide)
Sentiment score: 0
Number of reviews: 1
53. Programming Interviews Exposed: Secrets to Landing Your Next Job
Sentiment score: 1
Number of reviews: 1
Wrox Press
54. Gray Hat Hacking: The Ethical Hacker's Handbook, Fifth Edition
Sentiment score: 1
Number of reviews: 1
55. Computer Systems: A Programmer's Perspective (2nd Edition)
Sentiment score: 1
Number of reviews: 1
56. Windows System Programming, Paperback (4th Edition) (Addison-Wesley Microsoft Technology)
Sentiment score: 0
Number of reviews: 1
57. CompTIA Security+ Study Guide: SY0-401
Sentiment score: 0
Number of reviews: 1
Sybex
Here is a "curriculum" of sorts I would suggest, as it's fairly close to how I learned:
Generally you'll probably want to look into IA-32 and the best starting point is the Intel Architecture manual itself, the .pdf can be found here (pdf link).
Because of the depth of that .pdf I would suggest using it mainly as a reference guide while studying "Computer Systems: A Programmers Perspective" and "Secrets of Reverse Engineering".
Of course if you just want to do "pentesting/vuln assessment" in which you rely more on toolsets (for example, Nmap>Nessus>Metasploit) structured around a methodology/framework than you may want to look into one of the PACKT books on Kali or backtrack, get familiar with the tools you will use such as Nmap and Wireshark, and learn basic Networking (a simple CompTIA Networking+ book will be a good enough start). I personally did not go this route nor would I recommend it as it generally shys away from the foundations and seems to me to be settling for becoming comfortable with tools that abstract you from the real "meat" of exploitation and all the things that make NetSec great, fun and challenging in the first place. But everyone is different and it's really more of a personal choice. (By the way, I'm not suggesting this is "lame" or anything, it was just not for me.)
*edited a name out
In my opinion; every book in this bundle is a bag of shit.
Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):
Web Hacking:
The Web Hackers Handbook (Link)
Infrastructure:
Network Security Assessment (Link)
Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.
General:
Hacking: The Art of Exploitation (Link)
Grey Hat Hacking (Link)
Linux:
Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)
Metasploit:
I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).
Nmap:
The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.
Malware Analysis:
Practical Malware Analysis (Link)
The book is old, but the methodology is rock solid.
Programming / Scripting:
Python: Automate the Boring Stuff (Link)
Hope that helps.
You don't really need much to get started. If you have a beefy laptop or desktop you can virtualize yourself a nice lab. Download VirtualBox and get yourself a kali iso and some vulnerable machines from Vulnhub. Lots of good training is also available over at OverTheWire. I can't speak for Cybrary but I've heard good things about it. Youtube and SecurityTube have endless tutorials as well.
There are lots of good books out there too - almost too many to mention. If you're just starting, check this one out: https://www.amazon.com/Penetration-Testing-Essentials-Oriyano/dp/1119235308
EDIT: Oh, also - head over to /r/howtohack and join the IRC there. Lots of knowledgeable guys who can help point you in the right direction. You can only teach yourself so much, so find communities and bounce ideas off of other professionals' heads. Like some of the others here said, you really need to have a foundational understanding of what you're trying to hack. Most people start in tier 1/desktop support work and slowly, through time and experience, specialize in infosec. Don't every expect to just wake up and be a cyber security professional... it's going to take a long time.
I would like to post another review of a certification for CEH version 10. I would like to say I am not a fan of dumps as it does not teach you anything and devalues the certification. I try to put in the time to really understand the information and be technically capable of doing the job.
I started off my process of doing my studying by taking an online based class of 40 hours that was lecture and labs. It was through the Army on something called Skill Port. It was fairly average and I would say that it was not that great a training aid. On a scale of 1-10 it was about a 5.
So I purchased the Sybex book for CEH (https://www.amazon.com/Certified-Ethical-Hacker-Study-Guide/dp/1119533198/ref=dp_ob_title_bk ) . I find that the Sybex book are very easy to read, convey the concept well and don’t drown people in a lot of fluff but they need a spell checker some times. I read through the book and took the practice tests. Anything that I felt weak on I would reread and do a little googling so I could make better sense out of it. Then I retook the practice tests again with a much better outcome.
The material is not super deep and from a hacking perspective it was not what I was expecting. Some areas I would concentrate on were basic ports and protocols, know how to look at a packet capture, ping vs ping sweep, scans, nmap commands and be able to know what it going on to be able to answer the question.
I got a lot of attack type question from cross site scripting attack to Buffer overflow and anything in-between. Some come in the form of questions and some were screen shots. I like the screen captures as I am much better at these because all the pertinent information is there as opposed to questions that a specific to a vendor and can be subjective if you don’t do a lot with EC-Council.
One thing I like to do is ensure I read the answers first and then I read the question. This way I am processing what is possible in the question verse total crap. Usually there are 4 answers and 2 are way out there and one is possible but usually has something that will not comply with the question. One thing I was able to do because I have a good base was even if I did not know the answer I was able to use some critical thinking and get the right answer.
I took about 87 minutes to do the test (they give you 240 mins) and I feel that the test really feels like an entry level exam for people getting into hacking (pen testing). I did well and I put in about 60 to 70 hours total of study time but again I have a good base to work from.
Use this as an nmap command reference. https://blogs.sans.org/pen-testing/files/2013/10/NmapCheatSheetv1.1.pdf
This site has some good reference material also: https://www.danielowen.com/2017/01/01/sans-cheat-sheets/
Know some snort, ids and firewall rules\commands: be able to look at the command and tell what it does.
With money;
Without money;
https://www.reddit.com/r/hacking/comments/1d9onz/how_do_i_start_getting_into_pentesting/
I made a similar jump, IT to Security Analyst.
I spun up a home lab in vmware with Kali, metasploitable, splunk, pfsense and security onion (for snorby).
I read a couple books:
Network Intrusion Detection:
https://www.amazon.com/gp/aw/d/0735712654
Applied Cryptography:
https://www.amazon.com/gp/aw/d/0471117099
Between this and diving into security centered news sites I went from 0 to (what felt like 60) in about 3 months. I was picked up as a security analyst for a pretty solid tech company.
Application Security:
Web Security:
Secure Systems
I recommend that you take a look at Programming Interviews Exposed. This book is a collection of quick/well written explanations of different Computer Science concepts (stacks, heaps, lists, and other data structures are covered). I read the first edition of this book years ago and I loved it for its brevity.
http://www.amazon.com/Programming-Interviews-Exposed-Secrets-Landing/dp/1118261364/ref=asap_bc?ie=UTF8
I'm assuming I can post links:
CompTIA Network+ Study Guide: Exam N10-006 (Comptia Network + Study Guide Authorized Courseware) https://www.amazon.com/dp/1119021243/ref=cm_sw_r_cp_api_457Fzb6X87J8P
I like the way that these guides are laid out. They have plenty of practice problems and I believe network+ has interactive labs. I am currently studying for CompTIA CASP from this publisher and it is very informative. This is just my reccomendation, I'm sure someone else will have a better recommendation.
Computer Security: Art & Science by Matt Bishop.
Covers security models, formal proofs of correctness, evaluations, etc.
I would second Ghost in the wire, though that is more of a autobiography. Still goes over some interesting stuff he did back in the day. He also helped write The Art of Deception and the Art of Intrusion
>That sounds really quick. Though I can try to achieve it.
>
>I'm not really good at interviewing though. Just another skill I need to learn.
I was just throwing out a somewhat aggressive, yet realistic timeframe, though it really depends on how much time you can devote outside of work, which is another part of security work. If you're not spending several hours per week outside of work reading news and studying the latest attacks or certing up, you are falling behind.
If you have 6 hours a week you can put into reading the cert guide, watching YouTube videos in more depth and then playing around in a lab or Wargames then it's a very realistic goal I believe. Consider scheduling the 1st of the 2 exams around March 1st
Here is the official cert guide for the first test
CCNA Cyber Ops SECFND #210-250 Official Cert Guide (Certification Guide) https://www.amazon.com/dp/1587147025/ref=cm_sw_r_cp_apa_o7D5Bb6X0ER30
Here's the cert blueprint
https://learningcontent.cisco.com/cln_storage/text/cln/marketing/exam-topics/210-250-secfnd.pdf
I think you really need to learn how to program windows in C, not this new .net or sharp stuff.
https://www.amazon.com/Programming-Paperback-Addison-Wesley-Microsoft-Technology/dp/0134382250
https://www.amazon.com/Programming-Windows%C2%AE-Fifth-Developer-Reference/dp/157231995X
edit: oops, you wanted courses, not books.
My school program uses the Cisco CCNA curriculum and we're currently on Routing and Switching (I).
I used this book and the CompTia Certmaster. I got the certmaster because I think I bought a second shot for exam retakes. I read the book and then did the certmaster for a month until I took the exam.
https://www.amazon.com/gp/product/1118875079/ref=oh_aui_detailpage_o05_s00?ie=UTF8&psc=1
http://www.amazon.com/Principles-Computer-Security-CompTIA-Official/dp/0071786198
Computer Networking: A Top-Down Approach (7th Edition)
https://www.amazon.com/Computer-Networking-Top-Down-Approach-7th/dp/0133594149
CS144 Introduction to Computer Networking Stanford University
https://suclass.stanford.edu/courses/course-v1:Engineering+CS144+Fall2016/courseware/ac9d1eef5aaa4bb5bcfe4d42f51f0f5b/c5c384e648cf404c837d05497c6e36b0
High Performance Browser Networking
https://hpbn.co
Beej's Guide to Network Programming
http://beej.us/guide/bgnet
Unix Network Programming, Volume 1: The Sockets Networking API (3rd Edition)
https://www.amazon.com/Unix-Network-Programming-Sockets-Networking/dp/0131411551
Eli The Computer Guy Youtube
https://www.youtube.com/playlist?list=PLF360ED1082F6F2A5
Load Balancing Servers, Firewalls, and Caches
http://www.amazon.com/Load-Balancing-Servers-Firewalls-Caches/dp/0471415502
More at http://Learn.SharjeelSayed.com
Learn Python The Hard Way