Articles

Hacking, Computer and Networking Security are all difficult topics to discuss due to the vast nature of the industry. The section below serves as loose framework on topics to begin learning. Eventually each of these will become links to tutorials, guides or learning products.

We recommend learning the following topics in order from top to bottom, as it is the way we learned. If you feel you can, learn in whichever order you feel most comfortable.

Methodologies
Operating Systems
  • Windows
  • Mac OS X/MacOS
  • Linux
  • Linux Commands
    • System
    • Hardware
    • Users
    • File
    • Process Related
    • File Permissions
    • Network
    • Compression/Archives
    • Install Packages
    • Install Sources
    • Search
    • Login
    • File Transfer
    • Directory Traversal
    • System
    • Hardware
    • Users
    • File
    • Process Related
    • File Permissions
    • Network
    • Compression/Archives
    • Install Packages
    • Install Sources
    • Search
    • Login
    • File Transfer
    • Directory Traversal
  • Windows Commands
    • System
    • Hardware
    • Users
    • File
    • Process Related
    • File Permissions
    • Network
    • Compression/Archives
    • Install Packages
    • Install Sources
    • Search
    • Login
    • File Transfer
    • Directory Traversal
Networking
  • OSI Model
    • Physical Layer
    • Data Link Layer
    • Network Layer
    • Transport Layer
    • Session Layer
    • Presentation Layer
    • Application Layer
  • Protocols
  • Subnetting
  • VLANS
  • Routing
Defense
Offense
Tool Development
  • Programming
  • Scripting
  • Reverse Engineering
    • Portable Executable (Windows PE)
    • Extensive Linking Format (Linux ELF)
  • Malware Types
Web Security
  • Web Languages
  • Data Bases
  • Security User Input
  • Cross Site Scripting (XSS)
  • Cookies
  • Injection

Miscellaneous

Challange Walkthroughs

Lab Development

Virtual Hack Lab

HomeLab – pfSense/ESXi

  • Intro
  • pfSense Build
  • ESXi Build
  • Conclusion/Comments

Recommended Products

Note: These items are linked to an Amazon Associate account. These funds are simply to fund this site as well as future products for review/recommendation. These are products we have personally used and tried.

 

Gadgets

  • Alfa AWUS036NH 2000mW 2W 802.11g/n
    For those looking into doing some WIFI tinkering this is a greater little starter antenna. It’s very simple to install into Kali, Windows, OSX(Plug & Play) and it supports packet injection. This is the tool you would use to capture packets or inject traffic into an access point.
  • High Power USB-Yagi Plug and Play directional WiFi Antenna 802.11n 2200mW
    This is the big daddy version of the Alfa. The reason I like this antenna is due to its high gain (amplification). With this I can pick up a wifisignal from almost a mile away if I’m pointed right at it. I really like it when I’m in a hotel or in a place with spotty wifi because I can use it to boost a weak signal and give me a stronger connection. It’s also very simple to setup in OSX, Kali, Windows. When using Wifi make sure to encrypt your traffic through a solid VPN.
  • Alfa AWUS036ACH AC1200
    This is an wireless AC ALFA adapter that has driver support in the official Kali repository. You’ll need to run ‘apt install realtek-rtl88xxau-dkms’ to install the drivers to enable this hardware. https://www.kali.org/news/kali-linux-20171-release/ **Thank you to community member Eighties for the heads up!
  • Raspberry Pi 3 B+
    The ever popular Raspberry Pi is a hackers delight. You can use your Raspberry Pi to tinker with a variety of things. You can set it up to be an Intrusion Detection System (IDS) and put Snort on it to monitor network traffic or set it up to be an Evil Twin wireless access point. If you’re hell bent on not using a Virtual Machine you can even use it to test out *nix builds or complete OvertheWire exercises from.

Books

  • Building Virtual Machine Labs: A Hands-On Guide If you’re looking at building a home lab this is the the book for you. Its hot off the press (June 6, 2017) and so most of the versions should still match up with what you’re trying to do. It covers a wide range of different software and applications. I highly recommend this book to any beginner homelabbers trying to build their first virtual pentesting network.
  • RTFM: Red Team Field Manual This a smattering of notes for various tools, commands and various references. It has a lot of blank space to make your own notes and is a great quick reference for commands you may have forgotten.  Bonus cool points for the name and graphic.
  • BTFM: Blue Team Field Manual The same thing as the Red Team Field Manual but from the blue (defenders) perspective. Lots of active directory and powershell snippets, important registry keys etc. A GREAT addition to system administration.
  • Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder. If you’re looking at a career in Incident Handling or are thinking about completing the GIAC Certified Incident Handler certification this is a good quick reference guide. It covers defensive and forensic tools, methods and checklists. Its cheap, its sits on my desk at work right next to my Red Team Field Manual and I refer to both of them constantly.
  • Hacking: The Art of Exploitation, 2nd Edition I highly recommend this book for those who are looking to get into malware development. Its learning curve does ramp up somewhat quickly but most importantly it tells you HOW malware works. Uses C and Assembly languages.
  • The C Programming Language, 2nd Edition This book is recommended because of its depth. Its almost a reference and is not necessarily tailored for newbies. It has exercises but it’s not going to just hand you answers. It will make you work and challenge you. Its a great book if you’re interested in C programming and I recommend it AFTER the book above.
  • Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers This is a great book for learning about tool development with python. It’s basic, easy to follow and requires no previous knowledge of python or programming.
  • CCNA Routing and Switching Study Guide: Exams 100-101, 200-101, and 200-120 I usually don’t find much value in the “Pass this Certification” type books that flood the IT industry. However I have found value in CCNA books. I recommend this book and it can serve two purposes. One to help you complete your CCNA, and another is you can of course learn networking principles from a beginner level.

Services

  • Digital Ocean Hosting is more than a webhost, its a host for anything. You can spin up dedicated servers with SSD’s in 60 seconds for email servers, FTP, VPN etc. You only pay for what you use and spinning up a server to test something for an hour will cost you $.007 and cap out at $5/mo for the cheapest plan.

Extras

  • Aeropress Coffee and Espresso Maker You’re not a real hacker or sysadmin unless you have an undying love of caffeine.  My personal preference is coffee. This little guy will allow you to make some of the best coffee you’ve ever had in your life. Perfect for those late night coding sessions or OSCP attempts!