Articles

Hacking, Computer and Networking Security are all difficult topics to discuss due to the vast nature of the industry. The section below serves as loose framework on topics to begin learning. Eventually each of these will become links to tutorials, guides or learning products.

We recommend learning the following topics in order from top to bottom, as it is the way we learned. If you feel you can, learn in whichever order you feel most comfortable.

Methodologies
Operating Systems
  • Windows
  • Mac OS X/MacOS
  • Linux
  • Linux Commands
    • System
    • Hardware
    • Users
    • File
    • Process Related
    • File Permissions
    • Network
    • Compression/Archives
    • Install Packages
    • Install Sources
    • Search
    • Login
    • File Transfer
    • Directory Traversal
    • System
    • Hardware
    • Users
    • File
    • Process Related
    • File Permissions
    • Network
    • Compression/Archives
    • Install Packages
    • Install Sources
    • Search
    • Login
    • File Transfer
    • Directory Traversal
  • Windows Commands
    • System
    • Hardware
    • Users
    • File
    • Process Related
    • File Permissions
    • Network
    • Compression/Archives
    • Install Packages
    • Install Sources
    • Search
    • Login
    • File Transfer
    • Directory Traversal
Networking
  • OSI Model
    • Physical Layer
    • Data Link Layer
    • Network Layer
    • Transport Layer
    • Session Layer
    • Presentation Layer
    • Application Layer
  • Protocols
  • Subnetting
  • VLANS
  • Routing
Defense
Offense
Tool Development
  • Programming
  • Scripting
  • Reverse Engineering
    • Portable Executable (Windows PE)
    • Extensive Linking Format (Linux ELF)
  • Malware Types
Web Security
  • Web Languages
  • Data Bases
  • Security User Input
  • Cross Site Scripting (XSS)
  • Cookies
  • Injection

Miscellaneous

Challange Walkthroughs

Lab Development

Virtual Hack Lab

HomeLab – pfSense/ESXi

  • Intro
  • pfSense Build
  • ESXi Build
  • Conclusion/Comments

PRecommended Products

Note: These items are linked to an Amazon Associate account. These funds are simply to fund this site as well as future products for review/recommendation. These are products we have personally used and tried.

 

 

 

Gadgets

  • Alfa AWUS036NH 2000mW 2W 802.11g/n
    For those looking into doing some WIFI tinkering this is a greater little starter antenna. It’s very simple to install into Kali, Windows, OSX(Plug & Play) and it supports packet injection. This is the tool you would use to capture packets or inject traffic into an access point.
  • High Power USB-Yagi Plug and Play directional WiFi Antenna 802.11n 2200mW
    This is the big daddy version of the Alfa. The reason I like this antenna is due to its high gain (amplification). With this I can pick up a wifisignal from almost a mile away if I’m pointed right at it. I really like it when I’m in a hotel or in a place with spotty wifi because I can use it to boost a weak signal and give me a stronger connection. It’s also very simple to setup in OSX, Kali, Windows. When using Wifi make sure to encrypt your traffic through a solid VPN.
  • Alfa AWUS036ACH AC1200
    This is an wireless AC ALFA adapter that has driver support in the official Kali repository. You’ll need to run ‘apt install realtek-rtl88xxau-dkms’ to install the drivers to enable this hardware. https://www.kali.org/news/kali-linux-20171-release/ **Thank you to community member Eighties for the heads up!
  • Raspberry Pi 4 Starter Pro Kit
    The ever popular Raspberry Pi is a hackers delight. You can use your Raspberry Pi to tinker with a variety of things. You can set it up to be an Intrusion Detection System (IDS) and put Snort on it to monitor network traffic or set it up to be an Evil Twin wireless access point. If you’re hell bent on not using a Virtual Machine you can even use it to test out *nix builds or complete OvertheWire exercises from.

Books

  • Building Virtual Machine Labs: A Hands-On Guide – If you’re looking at building a home lab this is the the book for you. Its hot off the press (June 6, 2017) and so most of the versions should still match up with what you’re trying to do. It covers a wide range of different software and applications. I highly recommend this book to any beginner homelabbers trying to build their first virtual pentesting network.
  • RTFM: Red Team Field Manual – This a smattering of notes for various tools, commands and various references. It has a lot of blank space to make your own notes and is a great quick reference for commands you may have forgotten.  Bonus cool points for the name and graphic.
  • BTFM: Blue Team Field Manual – Blue Team Field Manual (BTFM) is a Cyber Security Incident Response Guide that aligns with the NIST Cybersecurity Framework consisting of the five core functions of Identify, Protect, Detect, Respond, and Recover by providing the tactical steps to follow and commands to use when preparing for, working through and recovering from a Cyber Security Incident.
  • BTFM: Purple Team Field Manual – Red teams can show flaws that exist in your network before they are compromised by malicious actors and blue teams traditionally assess current security measures and identify security flaws.  The purple team field manual is a manual for all security professionals and integrates red and blue team methodologies.
  • Blue Team Handbook: Incident Response Edition: A condensed field guide for the Cyber Security Incident Responder – If you’re looking at a career in Incident Handling or are thinking about completing the GIAC Certified Incident Handler certification this is a good quick reference guide. It covers defensive and forensic tools, methods and checklists. Its cheap, its sits on my desk at work right next to my Red Team Field Manual and I refer to both of them constantly.
  • Hacking: The Art of Exploitation, 2nd Edition – I highly recommend this book for those who are looking to get into malware development. Its learning curve does ramp up somewhat quickly but most importantly it tells you HOW malware works. Uses C and Assembly languages.
  • The C Programming Language, 2nd Edition – This book is recommended because of its depth. Its almost a reference and is not necessarily tailored for newbies. It has exercises but it’s not going to just hand you answers. It will make you work and challenge you. Its a great book if you’re interested in C programming and I recommend it AFTER the book above.
  • Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers – This is a great book for learning about tool development with python. It’s basic, easy to follow and requires no previous knowledge of python or programming.

 

Services

  • Digital Ocean Hosting is more than a web host, its a host for anything. You can spin up dedicated servers with SSD’s in 60 seconds for email servers, FTP, VPN etc. You only pay for what you use and spinning up a server to test something for an hour will cost you $.007 and cap out at $5/mo for the cheapest plan.  Using our referral link you can get $100 in credit over 60 days.

Extras

  • Aeropress Coffee and Espresso Maker You’re not a real hacker or sysadmin unless you have an undying love of caffeine.  My personal preference is coffee. This little guy will allow you to make some of the best coffee you’ve ever had in your life. Perfect for those late night coding sessions or OSCP attempts!