Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,220 --> 00:00:04,560 foreign 2 00:00:04,560 --> 00:00:08,900 [Music] 3 00:00:09,260 --> 00:00:11,940 here back again with another video 4 00:00:11,940 --> 00:00:14,160 Welcome to the three-year cyber security 5 00:00:14,160 --> 00:00:17,460 roadmap uh this is an idea or a concept 6 00:00:17,460 --> 00:00:19,680 that I've been thinking of for probably 7 00:00:19,680 --> 00:00:22,320 one or two years now and I was 8 00:00:22,320 --> 00:00:25,019 originally inspired by a video or a 9 00:00:25,019 --> 00:00:27,779 guide that black hills infosec or Black 10 00:00:27,779 --> 00:00:30,539 Hills information security 11 00:00:30,539 --> 00:00:32,640 um had come up with maybe five or six 12 00:00:32,640 --> 00:00:33,719 years ago 13 00:00:33,719 --> 00:00:36,120 that essentially provided you with a 14 00:00:36,120 --> 00:00:39,600 five-year infosec uh plan if you will 15 00:00:39,600 --> 00:00:42,239 and that was a guide that I really liked 16 00:00:42,239 --> 00:00:43,800 and something that I forwarded to many 17 00:00:43,800 --> 00:00:46,260 people who asked me the question how do 18 00:00:46,260 --> 00:00:49,079 I get started in cyber security uh you 19 00:00:49,079 --> 00:00:50,820 know specifically red teaming or pen 20 00:00:50,820 --> 00:00:52,739 testing or rather the offensive side of 21 00:00:52,739 --> 00:00:54,840 things and while that guide is very 22 00:00:54,840 --> 00:00:56,100 useful 23 00:00:56,100 --> 00:00:59,640 um I still think that uh you know a lot 24 00:00:59,640 --> 00:01:02,219 of um the way I would set it out 25 00:01:02,219 --> 00:01:04,860 especially towards the latter end of the 26 00:01:04,860 --> 00:01:08,159 guide from year three to five is sort of 27 00:01:08,159 --> 00:01:11,460 convoluted and uh really provides no 28 00:01:11,460 --> 00:01:13,799 clear road map as to what what you 29 00:01:13,799 --> 00:01:15,600 should do now 30 00:01:15,600 --> 00:01:17,640 I've sort of taken that original 31 00:01:17,640 --> 00:01:19,799 inspiration and I'll link the original 32 00:01:19,799 --> 00:01:23,159 video in the description section and put 33 00:01:23,159 --> 00:01:25,439 my experience and my knowledge of the 34 00:01:25,439 --> 00:01:27,479 industry not just as a penetration test 35 00:01:27,479 --> 00:01:29,460 and red team but also someone who has 36 00:01:29,460 --> 00:01:31,560 developed a lot of educational material 37 00:01:31,560 --> 00:01:33,960 a lot of people you know as an 38 00:01:33,960 --> 00:01:35,759 individual who has coached and mentored 39 00:01:35,759 --> 00:01:37,619 a lot of people to get into the career 40 00:01:37,619 --> 00:01:39,479 successfully I think you know if you 41 00:01:39,479 --> 00:01:41,040 head over to my LinkedIn page you'll be 42 00:01:41,040 --> 00:01:43,020 able to see that all of the testimonials 43 00:01:43,020 --> 00:01:45,119 have actually helped people get jobs in 44 00:01:45,119 --> 00:01:47,100 this industry not that I'm bragging or 45 00:01:47,100 --> 00:01:49,200 anything that's sort of why I think I 46 00:01:49,200 --> 00:01:52,259 have the uh necessary experience to 47 00:01:52,259 --> 00:01:56,460 guide you here so again the the idea 48 00:01:56,460 --> 00:01:58,619 sort of came about uh primarily because 49 00:01:58,619 --> 00:02:00,479 firstly 50 00:02:00,479 --> 00:02:02,280 um you know I was looking to see whether 51 00:02:02,280 --> 00:02:03,780 there was sort of a road map because 52 00:02:03,780 --> 00:02:06,360 when you look at it realistically when 53 00:02:06,360 --> 00:02:07,619 you talk when you come down when it 54 00:02:07,619 --> 00:02:09,780 comes down to technology there's no real 55 00:02:09,780 --> 00:02:11,580 clear-cut roadmap and that's perfectly 56 00:02:11,580 --> 00:02:13,500 fine you know we can be expected to drop 57 00:02:13,500 --> 00:02:16,459 an exact plan that works 100 of the time 58 00:02:16,459 --> 00:02:19,400 however you see a lot of students 59 00:02:19,400 --> 00:02:21,180 specifically you know either leaving 60 00:02:21,180 --> 00:02:24,360 high school or students in college were 61 00:02:24,360 --> 00:02:25,860 very fascinated by cyber security 62 00:02:25,860 --> 00:02:27,480 they're very passionate about it and 63 00:02:27,480 --> 00:02:29,879 they would like to get into a career or 64 00:02:29,879 --> 00:02:32,280 get a career in cyber security and the 65 00:02:32,280 --> 00:02:35,040 problem with it as I've extrapolated uh 66 00:02:35,040 --> 00:02:37,920 over many many times is firstly the 67 00:02:37,920 --> 00:02:40,319 trivialization which I won't go into 68 00:02:40,319 --> 00:02:43,080 uh secondly there's a lot of knowledge a 69 00:02:43,080 --> 00:02:45,000 lot of platforms a lot of content out 70 00:02:45,000 --> 00:02:47,340 there and it can be difficult uh 71 00:02:47,340 --> 00:02:48,780 especially because of all of this 72 00:02:48,780 --> 00:02:51,239 information to stay focused and to stay 73 00:02:51,239 --> 00:02:54,300 on a consistent track right and so the 74 00:02:54,300 --> 00:02:57,180 the primary objective of this guide is 75 00:02:57,180 --> 00:02:59,040 not to tell you what you can and cannot 76 00:02:59,040 --> 00:03:01,140 do is to give you a guide that if you 77 00:03:01,140 --> 00:03:03,180 are there by or if you essentially 78 00:03:03,180 --> 00:03:05,819 follow roughly speaking you don't have 79 00:03:05,819 --> 00:03:08,280 to follow it exactly I can almost 80 00:03:08,280 --> 00:03:10,680 guarantee that you'll get a job now one 81 00:03:10,680 --> 00:03:12,659 other thing that I've done is I've also 82 00:03:12,659 --> 00:03:14,519 excluded any mention of certificates 83 00:03:14,519 --> 00:03:16,739 because certificates are sort of thought 84 00:03:16,739 --> 00:03:19,440 as the uh you know the only way to get a 85 00:03:19,440 --> 00:03:22,140 job they aren't and I'm going to explain 86 00:03:22,140 --> 00:03:25,260 why on my LinkedIn profile uh if you 87 00:03:25,260 --> 00:03:27,780 take a very close look I've never even 88 00:03:27,780 --> 00:03:30,239 posted most of my certifications though 89 00:03:30,239 --> 00:03:31,920 that was sort of a social experiment 90 00:03:31,920 --> 00:03:34,680 that I had to see firstly how the 91 00:03:34,680 --> 00:03:36,480 industry treats me whether they 92 00:03:36,480 --> 00:03:38,879 appreciate who I am without certificates 93 00:03:38,879 --> 00:03:40,799 so on and so forth and I know for a fact 94 00:03:40,799 --> 00:03:43,260 that now more than ever certificates 95 00:03:43,260 --> 00:03:44,580 really don't 96 00:03:44,580 --> 00:03:46,680 tell anyone anything they are still 97 00:03:46,680 --> 00:03:47,940 important remember they're still 98 00:03:47,940 --> 00:03:49,440 important especially the really good 99 00:03:49,440 --> 00:03:52,620 certifications but they're not a 100 00:03:52,620 --> 00:03:55,260 valuable uh instrument to essentially 101 00:03:55,260 --> 00:03:58,140 assess a person's or an individual's 102 00:03:58,140 --> 00:04:01,260 knowledge skills and abilities and I'll 103 00:04:01,260 --> 00:04:04,200 get into that later so again coming back 104 00:04:04,200 --> 00:04:06,360 to the video I apologize if I get 105 00:04:06,360 --> 00:04:09,120 carried away this is sort of a guide or 106 00:04:09,120 --> 00:04:10,799 a way to get you know on how to get 107 00:04:10,799 --> 00:04:12,420 started with a Korean cyber security 108 00:04:12,420 --> 00:04:15,420 just again as a caveat I'll be filling 109 00:04:15,420 --> 00:04:17,100 in the blanks this is specifically 110 00:04:17,100 --> 00:04:19,199 designed for people who want to get a 111 00:04:19,199 --> 00:04:21,120 job in the offensive side of cyber 112 00:04:21,120 --> 00:04:23,040 security I'll probably I'll probably 113 00:04:23,040 --> 00:04:25,500 cover or make a guide on The Blue Team 114 00:04:25,500 --> 00:04:27,240 side because I do have a bit of 115 00:04:27,240 --> 00:04:30,240 experience in incident response Etc so 116 00:04:30,240 --> 00:04:32,699 to get started you know coming back to 117 00:04:32,699 --> 00:04:35,520 the question why am I making this guide 118 00:04:35,520 --> 00:04:37,440 why am I making this video firstly 119 00:04:37,440 --> 00:04:39,060 there's a lack of structure there's a 120 00:04:39,060 --> 00:04:40,440 lack of a structured approach to 121 00:04:40,440 --> 00:04:42,240 learning Core Concepts and the 122 00:04:42,240 --> 00:04:43,680 fundamentals required to operate 123 00:04:43,680 --> 00:04:45,120 successfully in the cyber security 124 00:04:45,120 --> 00:04:48,000 industry and you know as a direct 125 00:04:48,000 --> 00:04:49,740 consequence of that it can be very 126 00:04:49,740 --> 00:04:52,680 daunting to get or to find a starting 127 00:04:52,680 --> 00:04:54,660 point and you know essentially a point 128 00:04:54,660 --> 00:04:57,300 where you can get started right and the 129 00:04:57,300 --> 00:04:59,820 other reason and this comes to some of 130 00:04:59,820 --> 00:05:01,680 the skills that you'll need to learn in 131 00:05:01,680 --> 00:05:04,139 this industry uh and that is the ability 132 00:05:04,139 --> 00:05:07,560 to be disciplined and the ability to set 133 00:05:07,560 --> 00:05:10,800 time defined goals so you say that in 134 00:05:10,800 --> 00:05:12,960 one month I'm going to learn this and by 135 00:05:12,960 --> 00:05:14,880 the end of that month you should you 136 00:05:14,880 --> 00:05:16,860 should have been able to learn that so 137 00:05:16,860 --> 00:05:19,680 again it's about applying uh positive 138 00:05:19,680 --> 00:05:21,600 pressure on yourself and setting 139 00:05:21,600 --> 00:05:24,360 timelines and setting goals and once you 140 00:05:24,360 --> 00:05:26,280 do that you'll actually see a change in 141 00:05:26,280 --> 00:05:29,580 your career in your life Etc and finally 142 00:05:29,580 --> 00:05:31,680 the final reason or motivation is to 143 00:05:31,680 --> 00:05:34,139 demystify cyber security as a career now 144 00:05:34,139 --> 00:05:36,060 just taking a look at this I think one 145 00:05:36,060 --> 00:05:38,460 of the main things that I want to do is 146 00:05:38,460 --> 00:05:39,660 to highlight the importance of 147 00:05:39,660 --> 00:05:41,820 fundamentals why do I keep highlighting 148 00:05:41,820 --> 00:05:43,139 this why do I keep telling people 149 00:05:43,139 --> 00:05:45,360 fundamentals fundamentals fundamentals 150 00:05:45,360 --> 00:05:47,580 the reason I say this is because cyber 151 00:05:47,580 --> 00:05:50,280 security is a Synergy or it is an 152 00:05:50,280 --> 00:05:53,220 intersection point of a plethora of 153 00:05:53,220 --> 00:05:56,759 other technology or technological skills 154 00:05:56,759 --> 00:05:58,199 or 155 00:05:58,199 --> 00:06:00,780 it requires a lot of uh 156 00:06:00,780 --> 00:06:03,120 a lot of knowledge not a lot but it 157 00:06:03,120 --> 00:06:05,220 requires knowledge in various Fields 158 00:06:05,220 --> 00:06:07,979 like networking operating systems a 159 00:06:07,979 --> 00:06:10,259 little bit of scripting so on and so 160 00:06:10,259 --> 00:06:13,139 forth and as a result if you get into 161 00:06:13,139 --> 00:06:15,240 cyber security and you're lacking in 162 00:06:15,240 --> 00:06:16,740 those three that I've just mentioned 163 00:06:16,740 --> 00:06:18,720 it's going to be difficult and that's 164 00:06:18,720 --> 00:06:20,759 why I get questions all the time when I 165 00:06:20,759 --> 00:06:22,680 make a video on nmap and I cover 166 00:06:22,680 --> 00:06:24,419 something and I always use this example 167 00:06:24,419 --> 00:06:27,060 and I cover maybe you know performing a 168 00:06:27,060 --> 00:06:29,520 syn scan and I say that's a half open 169 00:06:29,520 --> 00:06:31,979 scan we're not completing the TCP 170 00:06:31,979 --> 00:06:34,199 three-way handshake I get questions 171 00:06:34,199 --> 00:06:36,240 saying what's the TCP three-way 172 00:06:36,240 --> 00:06:38,880 handshake and why is it important when 173 00:06:38,880 --> 00:06:41,280 we're performing a stealth scan why do 174 00:06:41,280 --> 00:06:43,380 we essentially you know perform a half 175 00:06:43,380 --> 00:06:45,780 open scan and how does that that affect 176 00:06:45,780 --> 00:06:48,900 or how does that look from a network 177 00:06:48,900 --> 00:06:50,880 traffic analysis perspective how does 178 00:06:50,880 --> 00:06:53,580 the scan look uh you know in why shock 179 00:06:53,580 --> 00:06:55,500 if I was too if false generalize the 180 00:06:55,500 --> 00:06:57,900 traffic and how would that compare to a 181 00:06:57,900 --> 00:07:00,300 you know a standard connect scan 182 00:07:00,300 --> 00:07:02,039 um you know so that's one example if you 183 00:07:02,039 --> 00:07:03,900 don't know these fundamentals it becomes 184 00:07:03,900 --> 00:07:06,360 very difficult to fully utilize the 185 00:07:06,360 --> 00:07:08,699 tools that are right in front of you 186 00:07:08,699 --> 00:07:11,520 and you have a much 187 00:07:11,520 --> 00:07:15,000 um much steeper initial uh slope to 188 00:07:15,000 --> 00:07:17,580 climb if that makes any sense 189 00:07:17,580 --> 00:07:20,039 so the second that I would like to focus 190 00:07:20,039 --> 00:07:22,380 on a lot is the demystification of cyber 191 00:07:22,380 --> 00:07:23,940 security as a career which we'll get 192 00:07:23,940 --> 00:07:24,780 into 193 00:07:24,780 --> 00:07:27,120 so who is the target audience as I said 194 00:07:27,120 --> 00:07:29,280 earlier high school and college or 195 00:07:29,280 --> 00:07:30,840 university students interested in 196 00:07:30,840 --> 00:07:32,460 getting into the cyber security field 197 00:07:32,460 --> 00:07:34,680 this is obviously going to be the main 198 00:07:34,680 --> 00:07:36,599 demographic however there's also another 199 00:07:36,599 --> 00:07:39,240 core demographic that I've seen Rising 200 00:07:39,240 --> 00:07:41,819 uh or increasing in number and that's 201 00:07:41,819 --> 00:07:44,400 technology professionals are looking to 202 00:07:44,400 --> 00:07:46,139 Pivot into cyber security for whatever 203 00:07:46,139 --> 00:07:47,880 reason you could you know just be 204 00:07:47,880 --> 00:07:49,620 interested in security you may have an 205 00:07:49,620 --> 00:07:52,199 aptitude for it or a hunger for it or 206 00:07:52,199 --> 00:07:53,819 you just may want to switch careers and 207 00:07:53,819 --> 00:07:55,380 you find that you know cyber security is 208 00:07:55,380 --> 00:07:57,840 something that fits you uh or you know 209 00:07:57,840 --> 00:08:01,139 is something that you actually are very 210 00:08:01,139 --> 00:08:02,340 um 211 00:08:02,340 --> 00:08:04,919 you're very comfortable with thirdly 212 00:08:04,919 --> 00:08:07,080 cyber Security Professionals looking to 213 00:08:07,080 --> 00:08:08,759 identify knowledge gaps and level up 214 00:08:08,759 --> 00:08:10,080 their skills so again if you're a 215 00:08:10,080 --> 00:08:11,880 seasoned penetration tester or blue 216 00:08:11,880 --> 00:08:14,880 teamer Etc this could be helpful for you 217 00:08:14,880 --> 00:08:16,319 in identifying areas where you can 218 00:08:16,319 --> 00:08:18,000 improve right and that's something that 219 00:08:18,000 --> 00:08:20,400 I do regularly I always analyze my 220 00:08:20,400 --> 00:08:22,020 knowledge gaps and I still find areas 221 00:08:22,020 --> 00:08:25,560 where I'm uh I'm lacking severely 222 00:08:25,560 --> 00:08:27,300 and finally anyone looking to get 223 00:08:27,300 --> 00:08:28,979 started in the cyber security so you 224 00:08:28,979 --> 00:08:30,840 know you could be at a completely 225 00:08:30,840 --> 00:08:33,240 different job maybe a uh you know you 226 00:08:33,240 --> 00:08:35,820 may be working as a contractor or maybe 227 00:08:35,820 --> 00:08:37,559 someone in finance I've seen this happen 228 00:08:37,559 --> 00:08:38,940 a lot and 229 00:08:38,940 --> 00:08:41,580 these individuals are actually the most 230 00:08:41,580 --> 00:08:44,520 successful because they treat it as a 231 00:08:44,520 --> 00:08:46,500 proper career as opposed to the 232 00:08:46,500 --> 00:08:48,480 trivialization that I talked about so if 233 00:08:48,480 --> 00:08:50,519 I tell a contractor let's say he wants 234 00:08:50,519 --> 00:08:53,040 to switch his jobs into technology and 235 00:08:53,040 --> 00:08:55,019 he wants to get into cyber security for 236 00:08:55,019 --> 00:08:56,640 whatever reason he could like it maybe 237 00:08:56,640 --> 00:08:58,320 he likes the money 238 00:08:58,320 --> 00:09:00,540 there's a plethora of motivations for 239 00:09:00,540 --> 00:09:02,640 him wanting to him or her wanting to 240 00:09:02,640 --> 00:09:06,180 switch uh his or her career however if I 241 00:09:06,180 --> 00:09:08,220 give them a guide and I say this will 242 00:09:08,220 --> 00:09:11,519 take three or five years when I revisit 243 00:09:11,519 --> 00:09:13,500 them three or five years later they 244 00:09:13,500 --> 00:09:15,480 already some of them and this is true I 245 00:09:15,480 --> 00:09:17,399 already senior pen testers 246 00:09:17,399 --> 00:09:19,700 because they follow it they understand 247 00:09:19,700 --> 00:09:22,080 that this is a career it should be 248 00:09:22,080 --> 00:09:24,839 treated with respect and if I follow or 249 00:09:24,839 --> 00:09:27,000 adhere to this guide very closely or not 250 00:09:27,000 --> 00:09:28,620 you know it could be roughly speaking 251 00:09:28,620 --> 00:09:31,140 and I'm persistent and I want this is 252 00:09:31,140 --> 00:09:33,240 something that I want and I set goals 253 00:09:33,240 --> 00:09:34,560 and I say five years I'm going to be 254 00:09:34,560 --> 00:09:37,200 working as a red team or a pen tester 255 00:09:37,200 --> 00:09:40,620 they end up achieving that it's the 256 00:09:40,620 --> 00:09:42,720 Dilly dallying and the constant hopping 257 00:09:42,720 --> 00:09:45,120 from one position to the other that 258 00:09:45,120 --> 00:09:46,980 waste a lot of time and this is 259 00:09:46,980 --> 00:09:48,600 something that I have done so I'm 260 00:09:48,600 --> 00:09:50,640 speaking from experience here 261 00:09:50,640 --> 00:09:53,160 so let's start off with year one all 262 00:09:53,160 --> 00:09:56,160 right what's the focus with Year One 263 00:09:56,160 --> 00:09:58,260 this is what I would recommend start off 264 00:09:58,260 --> 00:10:01,260 with operating systems in the context of 265 00:10:01,260 --> 00:10:03,779 Windows learn how to install configure 266 00:10:03,779 --> 00:10:05,820 and administer windows so learn about 267 00:10:05,820 --> 00:10:08,580 Windows take a look at this internals 268 00:10:08,580 --> 00:10:10,560 book learn about the various components 269 00:10:10,560 --> 00:10:12,360 that make up Windows you know like the 270 00:10:12,360 --> 00:10:15,779 kernel the NT kernel the registry how 271 00:10:15,779 --> 00:10:17,880 passwords are stored Etc so essentially 272 00:10:17,880 --> 00:10:20,580 learn how Windows works and the various 273 00:10:20,580 --> 00:10:22,320 components that make up the operating 274 00:10:22,320 --> 00:10:23,820 system 275 00:10:23,820 --> 00:10:25,740 I would then recommend learning how to 276 00:10:25,740 --> 00:10:28,440 secure and Harden windows so sort of 277 00:10:28,440 --> 00:10:31,440 getting an understanding as to some of 278 00:10:31,440 --> 00:10:32,480 the most common security 279 00:10:32,480 --> 00:10:36,120 misconfigurations like setting the user 280 00:10:36,120 --> 00:10:38,220 account control level to low as an 281 00:10:38,220 --> 00:10:41,220 example so on and so forth and a great 282 00:10:41,220 --> 00:10:43,800 um a great utility or guide that you can 283 00:10:43,800 --> 00:10:45,959 utilize here the CIS benchmarks for 284 00:10:45,959 --> 00:10:48,480 Windows which you can take a look at 285 00:10:48,480 --> 00:10:50,760 uh and then I would also recommend 286 00:10:50,760 --> 00:10:52,740 getting an understanding of how Windows 287 00:10:52,740 --> 00:10:55,800 password hashes are how Windows 288 00:10:55,800 --> 00:10:57,779 passwords are hashed and how they're 289 00:10:57,779 --> 00:11:00,120 stored you know the Sam database how 290 00:11:00,120 --> 00:11:01,920 authentication operates how 291 00:11:01,920 --> 00:11:04,920 authentication Works rather and getting 292 00:11:04,920 --> 00:11:06,720 to grips with understanding the 293 00:11:06,720 --> 00:11:08,579 operating system that you could be using 294 00:11:08,579 --> 00:11:10,320 you know just understanding how it works 295 00:11:10,320 --> 00:11:13,019 and not being biased and saying Windows 296 00:11:13,019 --> 00:11:15,600 is bad or Windows is the best operating 297 00:11:15,600 --> 00:11:19,260 system just focus on learning it keep 298 00:11:19,260 --> 00:11:22,500 the biases and the ideologies out of 299 00:11:22,500 --> 00:11:24,600 your learning experience trust me this 300 00:11:24,600 --> 00:11:26,760 is this is a very important tip don't 301 00:11:26,760 --> 00:11:28,620 get stuck up with the oh I'm only going 302 00:11:28,620 --> 00:11:31,320 to use Linux because Windows sends uh 303 00:11:31,320 --> 00:11:33,959 you know Telemetry or you know as is 304 00:11:33,959 --> 00:11:35,760 essentially a Telemetry operating system 305 00:11:35,760 --> 00:11:37,800 that sends a lot of my data back to 306 00:11:37,800 --> 00:11:39,959 Microsoft that's a very pessimistic view 307 00:11:39,959 --> 00:11:41,760 of looking at things and if you're a 308 00:11:41,760 --> 00:11:44,459 pessimist and you're not uh if you if 309 00:11:44,459 --> 00:11:47,459 you're not open to learning things you 310 00:11:47,459 --> 00:11:48,120 know 311 00:11:48,120 --> 00:11:49,980 almost every day 312 00:11:49,980 --> 00:11:51,540 you're going to be in trouble and you'll 313 00:11:51,540 --> 00:11:53,459 see a while later 314 00:11:53,459 --> 00:11:55,320 I would also recommend becoming 315 00:11:55,320 --> 00:11:56,579 comfortable with the Windows command 316 00:11:56,579 --> 00:11:58,200 line that's fairly simple learn the 317 00:11:58,200 --> 00:12:00,180 commands learn how you know how 318 00:12:00,180 --> 00:12:01,740 everything works learn about the common 319 00:12:01,740 --> 00:12:04,740 utilities don't get into Powershell yet 320 00:12:04,740 --> 00:12:07,019 Powershell is something that you'll get 321 00:12:07,019 --> 00:12:08,760 into a bit later because you know it 322 00:12:08,760 --> 00:12:10,200 requires you to have a certain 323 00:12:10,200 --> 00:12:12,959 background and then finally and this is 324 00:12:12,959 --> 00:12:15,180 very important because I see this a lot 325 00:12:15,180 --> 00:12:17,519 learn how to set up and config an active 326 00:12:17,519 --> 00:12:18,959 directory environment which I'll be 327 00:12:18,959 --> 00:12:21,300 doing in another video that'll be 328 00:12:21,300 --> 00:12:23,420 releasing this weekend probably 329 00:12:23,420 --> 00:12:25,560 I'll show you how to set up an active 330 00:12:25,560 --> 00:12:27,060 directory environment how to set up a 331 00:12:27,060 --> 00:12:28,680 domain and configure it to be vulnerable 332 00:12:28,680 --> 00:12:30,240 for your own practice so learn about 333 00:12:30,240 --> 00:12:33,240 active directory the concept of you know 334 00:12:33,240 --> 00:12:37,380 domains trusts forests trees so on and 335 00:12:37,380 --> 00:12:39,120 so forth learn how 336 00:12:39,120 --> 00:12:42,600 learn what active directory is and learn 337 00:12:42,600 --> 00:12:44,760 the importance of active directory and 338 00:12:44,760 --> 00:12:46,560 why companies utilize it because you 339 00:12:46,560 --> 00:12:48,300 will be dealing with active directory a 340 00:12:48,300 --> 00:12:49,560 lot especially if you're a penetration 341 00:12:49,560 --> 00:12:50,639 tester 342 00:12:50,639 --> 00:12:52,740 in the case of Linux the same thing 343 00:12:52,740 --> 00:12:54,540 applies learn how to install config and 344 00:12:54,540 --> 00:12:57,180 administer Linux learn how the Linux 345 00:12:57,180 --> 00:12:59,880 operating systems are the Linux kernel 346 00:12:59,880 --> 00:13:02,220 rather and you know the the collective 347 00:13:02,220 --> 00:13:04,320 operating systems or Linux or gnu plus 348 00:13:04,320 --> 00:13:06,540 Linux learn how this works and the 349 00:13:06,540 --> 00:13:07,920 various components that make up the 350 00:13:07,920 --> 00:13:10,260 operating system learn how to secure and 351 00:13:10,260 --> 00:13:12,839 Harden Linux again the CIS benchmarks 352 00:13:12,839 --> 00:13:15,420 are you know great guideline become 353 00:13:15,420 --> 00:13:17,519 comfortable with the terminal this is a 354 00:13:17,519 --> 00:13:19,980 very very important so I'll be making 355 00:13:19,980 --> 00:13:21,540 follow-up videos regarding these 356 00:13:21,540 --> 00:13:23,220 individual skills but learn how to use 357 00:13:23,220 --> 00:13:24,959 the terminal learn about the common 358 00:13:24,959 --> 00:13:27,959 commands you know Basics admin stuff 359 00:13:27,959 --> 00:13:30,480 learn how to copy files how to you know 360 00:13:30,480 --> 00:13:32,399 set up Chrome jobs 361 00:13:32,399 --> 00:13:36,240 how to automate a lot of your you know 362 00:13:36,240 --> 00:13:39,240 mundane or manual work with bash scripts 363 00:13:39,240 --> 00:13:42,600 learn about environment variables learn 364 00:13:42,600 --> 00:13:44,700 about other terminal emulators about 365 00:13:44,700 --> 00:13:46,440 various shells 366 00:13:46,440 --> 00:13:48,779 learn how to install various Linux 367 00:13:48,779 --> 00:13:50,459 distributions again you don't have to 368 00:13:50,459 --> 00:13:52,740 use them just fire up a VM try out Red 369 00:13:52,740 --> 00:13:55,139 Hat try out Centos tryout Fedora get an 370 00:13:55,139 --> 00:13:57,360 understanding of what makes these 371 00:13:57,360 --> 00:13:59,220 distributions different because you'll 372 00:13:59,220 --> 00:14:01,620 typically be seeing Centos Red Hat 373 00:14:01,620 --> 00:14:05,399 Fedora Ubuntu on production systems so 374 00:14:05,399 --> 00:14:08,399 learn about what makes them 375 00:14:08,399 --> 00:14:10,440 you know that specific distribution 376 00:14:10,440 --> 00:14:13,380 learn about what makes Santos Santos and 377 00:14:13,380 --> 00:14:15,000 learn about the various features that 378 00:14:15,000 --> 00:14:16,680 come packaged with you know security 379 00:14:16,680 --> 00:14:18,480 focused 380 00:14:18,480 --> 00:14:20,519 um distributions like uh you know red 381 00:14:20,519 --> 00:14:21,839 hat for example 382 00:14:21,839 --> 00:14:23,700 and this is very very important the last 383 00:14:23,700 --> 00:14:25,740 two arguably the most important learn 384 00:14:25,740 --> 00:14:28,500 about Vim said orc and rejects so 385 00:14:28,500 --> 00:14:30,600 regular Expressions why do I say Vim 386 00:14:30,600 --> 00:14:33,420 trust me a lot of people say this but 387 00:14:33,420 --> 00:14:37,139 I'll explain why a text editor is Never 388 00:14:37,139 --> 00:14:38,279 As Good 389 00:14:38,279 --> 00:14:43,019 as Vim or a terminal editor even Nano is 390 00:14:43,019 --> 00:14:45,959 like once you start using Vim when I've 391 00:14:45,959 --> 00:14:48,420 gone to Nano just for a few seconds I I 392 00:14:48,420 --> 00:14:51,000 can't comprehend it I really can't I 393 00:14:51,000 --> 00:14:53,220 mean I can't imagine myself 394 00:14:53,220 --> 00:14:55,800 using the control and ok to save 395 00:14:55,800 --> 00:14:57,660 whatever I've typed in 396 00:14:57,660 --> 00:15:00,420 I'm automatically hardwired to you know 397 00:15:00,420 --> 00:15:02,820 use the the actual colon write or write 398 00:15:02,820 --> 00:15:04,740 and quit or exit 399 00:15:04,740 --> 00:15:07,500 Etc once you learn these key bindings or 400 00:15:07,500 --> 00:15:10,620 these key binds that's it you'll never 401 00:15:10,620 --> 00:15:12,720 forget them it's like riding a bicycle 402 00:15:12,720 --> 00:15:14,639 or learning how to ride a bicycle once 403 00:15:14,639 --> 00:15:16,380 you learn them you can wake up after a 404 00:15:16,380 --> 00:15:19,980 coma you know of course without damaging 405 00:15:19,980 --> 00:15:21,420 your brain if you can wake up from a 406 00:15:21,420 --> 00:15:23,519 coma and you'd still be comfortable with 407 00:15:23,519 --> 00:15:24,600 your keyboard 408 00:15:24,600 --> 00:15:27,420 and then finally learn about git git is 409 00:15:27,420 --> 00:15:29,639 of course Source control set up your own 410 00:15:29,639 --> 00:15:32,639 GitHub repo learn how to you know 411 00:15:32,639 --> 00:15:34,440 how to set up your own GitHub repo 412 00:15:34,440 --> 00:15:37,019 locally with the get a terminal client 413 00:15:37,019 --> 00:15:39,899 learn how to you know pull push 414 00:15:39,899 --> 00:15:42,600 so on and so forth how to Fork all of 415 00:15:42,600 --> 00:15:44,100 that good stuff and I've made an entire 416 00:15:44,100 --> 00:15:45,899 video on that actually which I'll link 417 00:15:45,899 --> 00:15:47,399 in the description 418 00:15:47,399 --> 00:15:49,680 and then you can once you've covered 419 00:15:49,680 --> 00:15:51,420 operating systems in the entirety you 420 00:15:51,420 --> 00:15:53,100 can now say okay I've learned operating 421 00:15:53,100 --> 00:15:54,720 systems now learn how to perform 422 00:15:54,720 --> 00:15:56,699 scripting or how to write very basic 423 00:15:56,699 --> 00:15:59,459 scripts starting off with Windows learn 424 00:15:59,459 --> 00:16:01,019 how to utilize Powershell and write 425 00:16:01,019 --> 00:16:04,079 Powershell scripts all right and that 426 00:16:04,079 --> 00:16:06,180 will actually open up a huge Pandora's 427 00:16:06,180 --> 00:16:08,399 Box especially in cyber security because 428 00:16:08,399 --> 00:16:11,220 you learn a lot about what you can and 429 00:16:11,220 --> 00:16:13,740 can do what antivirus signature based 430 00:16:13,740 --> 00:16:16,380 antivirus systems pick up and this is 431 00:16:16,380 --> 00:16:18,060 where you'll start going off the rails a 432 00:16:18,060 --> 00:16:19,440 little bit and experimenting that's 433 00:16:19,440 --> 00:16:21,180 perfectly fine again this is just a 434 00:16:21,180 --> 00:16:23,579 guideline this is just a standardized 435 00:16:23,579 --> 00:16:25,380 path that you can follow 436 00:16:25,380 --> 00:16:27,540 next I would recommend learning again as 437 00:16:27,540 --> 00:16:29,579 I said how to automate tasks on Linux by 438 00:16:29,579 --> 00:16:31,620 leveraging shell scripts just focus on 439 00:16:31,620 --> 00:16:34,680 Bash that's it and finally python now 440 00:16:34,680 --> 00:16:36,540 the other languages you can focus but 441 00:16:36,540 --> 00:16:38,339 please if you are going to learn a 442 00:16:38,339 --> 00:16:40,320 programming or scripting language just 443 00:16:40,320 --> 00:16:43,800 Learn Python we're already up to up to 444 00:16:43,800 --> 00:16:45,480 speed with on you know on Python 3 445 00:16:45,480 --> 00:16:46,980 there's tons of scripts that have been 446 00:16:46,980 --> 00:16:49,079 developed look at them learn from them 447 00:16:49,079 --> 00:16:51,300 write your own scripts whatever crazy 448 00:16:51,300 --> 00:16:53,639 ideas you have just take that as a 449 00:16:53,639 --> 00:16:55,740 project and say okay for one week I'm 450 00:16:55,740 --> 00:16:58,199 going to try and build this with python 451 00:16:58,199 --> 00:17:01,380 and during that week when you run into 452 00:17:01,380 --> 00:17:03,120 issues when you perform your own 453 00:17:03,120 --> 00:17:04,260 research 454 00:17:04,260 --> 00:17:07,919 you will improve so much as a programmer 455 00:17:07,919 --> 00:17:09,959 just by trying to build something 456 00:17:09,959 --> 00:17:11,520 because that's what programmers do 457 00:17:11,520 --> 00:17:13,020 programmers are building things they're 458 00:17:13,020 --> 00:17:15,480 not watching how-to tutorials which is 459 00:17:15,480 --> 00:17:17,160 why I switched up my entire scripting 460 00:17:17,160 --> 00:17:19,319 series to focus on building stuff and 461 00:17:19,319 --> 00:17:20,939 then I know once I do that once you 462 00:17:20,939 --> 00:17:22,500 watch one or two of those videos that's 463 00:17:22,500 --> 00:17:24,660 it you're on your way you don't have to 464 00:17:24,660 --> 00:17:26,640 come back and watch stuff because you've 465 00:17:26,640 --> 00:17:28,860 already got it you've got to tacit 466 00:17:28,860 --> 00:17:30,360 understanding of what this is all about 467 00:17:30,360 --> 00:17:32,840 you're supposed to use these languages 468 00:17:32,840 --> 00:17:35,940 to develop things to automate stuff 469 00:17:35,940 --> 00:17:37,980 that's what you're to solve problems 470 00:17:37,980 --> 00:17:39,720 that's what these languages are about 471 00:17:39,720 --> 00:17:41,700 people have convoluted programming into 472 00:17:41,700 --> 00:17:44,460 this dark arts and you know all of this 473 00:17:44,460 --> 00:17:46,320 stuff and again I've programmed for a 474 00:17:46,320 --> 00:17:48,960 very long time I mean I've done Java 475 00:17:48,960 --> 00:17:50,580 professionally I've developed Android 476 00:17:50,580 --> 00:17:52,440 applications that are still on the 477 00:17:52,440 --> 00:17:54,179 Google Play Store 478 00:17:54,179 --> 00:17:56,700 I have done.net I have done C plus plus 479 00:17:56,700 --> 00:17:59,340 I've done C I've done C sharp I've 480 00:17:59,340 --> 00:18:00,660 delivered developed quite a lot of 481 00:18:00,660 --> 00:18:01,919 programs for Windows I'm actually 482 00:18:01,919 --> 00:18:03,720 developing a solution now for Windows 483 00:18:03,720 --> 00:18:05,880 that I'll be sharing later on but 484 00:18:05,880 --> 00:18:08,700 I know what programming is all about and 485 00:18:08,700 --> 00:18:10,679 when I was learning programming 486 00:18:10,679 --> 00:18:13,679 I followed very briefly the tutorial 487 00:18:13,679 --> 00:18:15,720 Series where they you know they talk to 488 00:18:15,720 --> 00:18:17,820 you about functions and Loops well they 489 00:18:17,820 --> 00:18:20,940 are helpful they are very helpful these 490 00:18:20,940 --> 00:18:23,460 are reference this is reference material 491 00:18:23,460 --> 00:18:25,320 all right those how-to tutorial videos 492 00:18:25,320 --> 00:18:27,299 that's reference material what does that 493 00:18:27,299 --> 00:18:29,280 mean it means when you don't understand 494 00:18:29,280 --> 00:18:31,740 something like how to write a function 495 00:18:31,740 --> 00:18:34,140 or how to write a loop or if you don't 496 00:18:34,140 --> 00:18:35,520 know if you don't understand about 497 00:18:35,520 --> 00:18:38,220 arrays anything about arrays that's when 498 00:18:38,220 --> 00:18:40,440 you switch to those reference videos 499 00:18:40,440 --> 00:18:42,360 that's when you search on you know in 500 00:18:42,360 --> 00:18:43,980 Google but that's when you try and find 501 00:18:43,980 --> 00:18:47,220 help online if it isn't if it hasn't 502 00:18:47,220 --> 00:18:49,200 already been answered but that's when 503 00:18:49,200 --> 00:18:50,820 you start using these videos you don't 504 00:18:50,820 --> 00:18:52,740 start off with these videos there's tons 505 00:18:52,740 --> 00:18:56,160 of resources free code academy 506 00:18:56,160 --> 00:18:58,679 what I'd recommend just say Okay I want 507 00:18:58,679 --> 00:19:00,600 to learn how to do this I want to learn 508 00:19:00,600 --> 00:19:02,880 how to automate an nmap scan with python 509 00:19:02,880 --> 00:19:05,640 perform a Google search take a look at 510 00:19:05,640 --> 00:19:06,840 the script 511 00:19:06,840 --> 00:19:09,299 clone it download it run it understand 512 00:19:09,299 --> 00:19:10,620 what's going on start making 513 00:19:10,620 --> 00:19:12,720 modifications and then when you don't 514 00:19:12,720 --> 00:19:15,299 understand some a segment within that 515 00:19:15,299 --> 00:19:17,280 code that's when you start your research 516 00:19:17,280 --> 00:19:18,840 or just start from scratch take a look 517 00:19:18,840 --> 00:19:21,059 at a few tutorials on how to write a 518 00:19:21,059 --> 00:19:25,140 basic very basic program do that once 519 00:19:25,140 --> 00:19:26,700 you've got a hang of it say I want to 520 00:19:26,700 --> 00:19:27,960 develop something else again it doesn't 521 00:19:27,960 --> 00:19:29,580 matter whether it's been done before you 522 00:19:29,580 --> 00:19:32,400 can do it your way so again just think 523 00:19:32,400 --> 00:19:34,620 of it in that perspective don't get too 524 00:19:34,620 --> 00:19:36,299 crazy with oh I'm going to build this 525 00:19:36,299 --> 00:19:39,360 and just stuff that's important to you 526 00:19:39,360 --> 00:19:41,460 doesn't matter Nothing Else Matters 527 00:19:41,460 --> 00:19:43,980 what's important to you 528 00:19:43,980 --> 00:19:46,620 finally of course here one focus on 529 00:19:46,620 --> 00:19:49,140 networking all right this is this is so 530 00:19:49,140 --> 00:19:52,740 important I mean I I cannot stress the 531 00:19:52,740 --> 00:19:56,580 importance of a topic like networking 532 00:19:56,580 --> 00:20:00,059 networking is so so important in cyber 533 00:20:00,059 --> 00:20:03,120 security or in technology in general so 534 00:20:03,120 --> 00:20:05,580 what's my recommendation start off by 535 00:20:05,580 --> 00:20:07,980 understanding The OSI model this is very 536 00:20:07,980 --> 00:20:09,679 easy to understand 537 00:20:09,679 --> 00:20:12,240 and uh understanding the different 538 00:20:12,240 --> 00:20:14,760 layers again very very easy it's very 539 00:20:14,760 --> 00:20:16,679 intuitive you understand it you know 540 00:20:16,679 --> 00:20:19,140 from the data link layer 541 00:20:19,140 --> 00:20:21,480 to the network layer to the transport 542 00:20:21,480 --> 00:20:22,500 layer 543 00:20:22,500 --> 00:20:24,960 to the you know session layer 544 00:20:24,960 --> 00:20:26,700 application layer 545 00:20:26,700 --> 00:20:29,100 to the presentation layer just 546 00:20:29,100 --> 00:20:32,520 understand what that abstraction means 547 00:20:32,520 --> 00:20:35,280 and how that categorization 548 00:20:35,280 --> 00:20:37,740 uh is used and why it's important and 549 00:20:37,740 --> 00:20:39,360 you'll start to understand hey this 550 00:20:39,360 --> 00:20:40,860 makes a lot of sense you know you start 551 00:20:40,860 --> 00:20:42,600 over the data link layer all the way to 552 00:20:42,600 --> 00:20:45,840 you know various protocols Etc then 553 00:20:45,840 --> 00:20:48,620 learn about the primary 554 00:20:48,620 --> 00:20:52,919 the primary protocols like TCP IP the 555 00:20:52,919 --> 00:20:54,679 transport protocols to be more specific 556 00:20:54,679 --> 00:20:57,780 so TCP and UDP learn how they work 557 00:20:57,780 --> 00:21:00,900 specifically in the case of TCP 558 00:21:00,900 --> 00:21:03,600 what the three-way handshake is 559 00:21:03,600 --> 00:21:06,120 uh what that looks like open up 560 00:21:06,120 --> 00:21:09,419 Wireshark open up Wireshark why shark is 561 00:21:09,419 --> 00:21:11,100 your friend learn about what traffic 562 00:21:11,100 --> 00:21:13,620 looks like take a look at packets try 563 00:21:13,620 --> 00:21:15,840 and perform some packet you know try and 564 00:21:15,840 --> 00:21:18,059 dissect packets perform packet analysis 565 00:21:18,059 --> 00:21:19,320 see what 566 00:21:19,320 --> 00:21:21,539 each packet is made up of and when you 567 00:21:21,539 --> 00:21:23,460 do that after understanding The OSI 568 00:21:23,460 --> 00:21:25,200 model you can actually see it play out 569 00:21:25,200 --> 00:21:28,020 you actually can see okay this is the 570 00:21:28,020 --> 00:21:30,780 ethernet address and then you have the 571 00:21:30,780 --> 00:21:34,140 actual uh let's say you can actually see 572 00:21:34,140 --> 00:21:36,120 the the transport layer you can see it's 573 00:21:36,120 --> 00:21:38,520 TCP okay you then move a layer up and 574 00:21:38,520 --> 00:21:40,200 you can understand just from a packet 575 00:21:40,200 --> 00:21:43,080 everything starts making sense all right 576 00:21:43,080 --> 00:21:45,539 and then understand the common ports and 577 00:21:45,539 --> 00:21:47,820 the common ports used by various 578 00:21:47,820 --> 00:21:52,080 important services so there's 65 535 TCP 579 00:21:52,080 --> 00:21:54,780 ports I'm not saying remember what each 580 00:21:54,780 --> 00:21:56,340 of those ports is used for because none 581 00:21:56,340 --> 00:21:58,860 of them are not all of them are 582 00:21:58,860 --> 00:22:00,480 typically utilized by services but learn 583 00:22:00,480 --> 00:22:04,460 about you know FTP SSH 584 00:22:04,460 --> 00:22:08,880 telnet SMTP uh let's see let's see if I 585 00:22:08,880 --> 00:22:12,720 can think of DNS uh Port 80 port 8080 586 00:22:12,720 --> 00:22:16,559 Port 443 SMB these are very important 587 00:22:16,559 --> 00:22:19,200 you'll you'll run across them 588 00:22:19,200 --> 00:22:21,659 a ton of times there's no other way of 589 00:22:21,659 --> 00:22:24,900 uh of putting it so 590 00:22:24,900 --> 00:22:26,880 again I've mentioned Wireshark already 591 00:22:26,880 --> 00:22:28,799 but that's very important now some 592 00:22:28,799 --> 00:22:31,500 additional stuff that you can do is get 593 00:22:31,500 --> 00:22:33,539 some gear you know uh and this is 594 00:22:33,539 --> 00:22:35,280 something that black hills infosecond 595 00:22:35,280 --> 00:22:37,980 pointed out which again to me when I 596 00:22:37,980 --> 00:22:40,740 look back at it I didn't realize that I 597 00:22:40,740 --> 00:22:43,020 had already done this because you know I 598 00:22:43,020 --> 00:22:45,720 set up my own home network I have a you 599 00:22:45,720 --> 00:22:48,179 know a very very well set up Network you 600 00:22:48,179 --> 00:22:50,820 know with a firewall a real firewall PF 601 00:22:50,820 --> 00:22:52,980 sense to be more specific so learn about 602 00:22:52,980 --> 00:22:56,880 routing learn about subnets learn about 603 00:22:56,880 --> 00:22:59,159 switches and how to set up imagine just 604 00:22:59,159 --> 00:23:00,840 setting up your own home network again 605 00:23:00,840 --> 00:23:02,580 you don't need crazy devices or crazy 606 00:23:02,580 --> 00:23:04,620 crazy Hardware you can use whatever 607 00:23:04,620 --> 00:23:06,539 routers you can get on the cheap I know 608 00:23:06,539 --> 00:23:08,880 most of your students I did the same I 609 00:23:08,880 --> 00:23:10,980 started off with some very very cheap uh 610 00:23:10,980 --> 00:23:13,500 you know routers nothing too crazy but 611 00:23:13,500 --> 00:23:15,960 understand how that network works you 612 00:23:15,960 --> 00:23:18,000 know set up your network play around 613 00:23:18,000 --> 00:23:20,220 with it Tinker with it and then learn 614 00:23:20,220 --> 00:23:21,960 how firewalls work in auto configure 615 00:23:21,960 --> 00:23:23,460 your own firewall and then see how that 616 00:23:23,460 --> 00:23:25,559 plays out you know just 617 00:23:25,559 --> 00:23:28,320 please this is the most important I mean 618 00:23:28,320 --> 00:23:29,940 I can't stress it enough networking is 619 00:23:29,940 --> 00:23:31,320 crazy important 620 00:23:31,320 --> 00:23:32,940 and then finally 621 00:23:32,940 --> 00:23:34,620 um this this is something that you can 622 00:23:34,620 --> 00:23:36,600 get started with but not really if 623 00:23:36,600 --> 00:23:38,400 you're not yeah I know this is where the 624 00:23:38,400 --> 00:23:40,140 old theoretical aspect of it comes into 625 00:23:40,140 --> 00:23:41,700 play but 626 00:23:41,700 --> 00:23:43,559 security fundamentals are very very 627 00:23:43,559 --> 00:23:46,200 important what do I mean by this basic 628 00:23:46,200 --> 00:23:48,299 security Concepts like what an attack is 629 00:23:48,299 --> 00:23:49,919 what a threat is what vulnerabilities 630 00:23:49,919 --> 00:23:52,799 are what risk is how to calculate risk 631 00:23:52,799 --> 00:23:55,860 uh the CIA Triads or confidentiality 632 00:23:55,860 --> 00:23:57,780 integrity and availability you know the 633 00:23:57,780 --> 00:23:59,400 three pillars that hold up cyber 634 00:23:59,400 --> 00:24:01,919 security conceptually speaking then 635 00:24:01,919 --> 00:24:03,720 about governance risk and compliance 636 00:24:03,720 --> 00:24:06,539 which is GRC some Court infosec 637 00:24:06,539 --> 00:24:08,280 terminology this is stuff that you can 638 00:24:08,280 --> 00:24:10,620 pick up you know along the way but for 639 00:24:10,620 --> 00:24:13,620 anyone that's looking for a guide that's 640 00:24:13,620 --> 00:24:15,240 what I recommend and then take a look at 641 00:24:15,240 --> 00:24:18,419 security standards like CIS or nist uh 642 00:24:18,419 --> 00:24:21,179 which you know are obviously at least at 643 00:24:21,179 --> 00:24:22,260 the moment 644 00:24:22,260 --> 00:24:24,960 are pretty much the Benchmark when it 645 00:24:24,960 --> 00:24:26,280 comes down to security standards 646 00:24:26,280 --> 00:24:28,320 remember not pen testing standards not 647 00:24:28,320 --> 00:24:31,440 yet security standards 648 00:24:31,440 --> 00:24:33,659 so that's year one in a nutshell now 649 00:24:33,659 --> 00:24:35,280 year two is when things start getting 650 00:24:35,280 --> 00:24:38,760 crazy or not crazy but uh exciting I 651 00:24:38,760 --> 00:24:41,039 should say exciting 652 00:24:41,039 --> 00:24:42,960 so the first thing you should start off 653 00:24:42,960 --> 00:24:45,360 and never ignore this trust me I've seen 654 00:24:45,360 --> 00:24:46,980 a lot of people ignore this until it's 655 00:24:46,980 --> 00:24:48,659 too late until they're told to write a 656 00:24:48,659 --> 00:24:52,020 report and then you know we get a bit uh 657 00:24:52,020 --> 00:24:54,780 you know things get a bit iffy so if 658 00:24:54,780 --> 00:24:56,159 you're going into pen testing and red 659 00:24:56,159 --> 00:24:58,320 teaming learn about the pen testing 660 00:24:58,320 --> 00:25:00,240 execution standard this is sort of a 661 00:25:00,240 --> 00:25:01,919 methodology or framework that you can 662 00:25:01,919 --> 00:25:04,799 use that'll give you an idea as to what 663 00:25:04,799 --> 00:25:07,020 an ideal assessment would look like the 664 00:25:07,020 --> 00:25:09,780 phases that make up the assessment then 665 00:25:09,780 --> 00:25:11,760 take a look at some methodologies like 666 00:25:11,760 --> 00:25:13,799 the mighty attack framework the Cyber 667 00:25:13,799 --> 00:25:17,520 kill chain uh the unified kill chain OS 668 00:25:17,520 --> 00:25:19,500 top 10 as a guide for web application 669 00:25:19,500 --> 00:25:22,260 pen testing and this is insanely 670 00:25:22,260 --> 00:25:24,900 important the oasp security testing 671 00:25:24,900 --> 00:25:26,880 guide this will sort of give you a 672 00:25:26,880 --> 00:25:28,799 methodological approach to testing web 673 00:25:28,799 --> 00:25:31,140 applications is something that I use a 674 00:25:31,140 --> 00:25:33,059 lot now I have the PDF on my desktop at 675 00:25:33,059 --> 00:25:35,039 all times when I'm testing a web app 676 00:25:35,039 --> 00:25:38,220 and uh you know I sort of want to 677 00:25:38,220 --> 00:25:40,500 you know perform not really for bug 678 00:25:40,500 --> 00:25:42,179 bounty hunting but when I'm performing 679 00:25:42,179 --> 00:25:44,580 an assessment on a web application this 680 00:25:44,580 --> 00:25:46,500 is usually a very good way of ensuring 681 00:25:46,500 --> 00:25:49,500 that I'm I'm very rigorous with my 682 00:25:49,500 --> 00:25:52,080 Approach so the key thing here is 683 00:25:52,080 --> 00:25:53,520 understand the industry standard 684 00:25:53,520 --> 00:25:55,320 methodologies used for pen tests or 685 00:25:55,320 --> 00:25:58,320 assessments and analyze open source pen 686 00:25:58,320 --> 00:25:59,940 testing reports so take a look at pen 687 00:25:59,940 --> 00:26:01,919 testing reports see what they're all 688 00:26:01,919 --> 00:26:04,080 about demystify them because the problem 689 00:26:04,080 --> 00:26:06,000 is be that people put it off for too 690 00:26:06,000 --> 00:26:07,679 long they say I'll look at that later 691 00:26:07,679 --> 00:26:10,140 it's not that important no just look at 692 00:26:10,140 --> 00:26:11,640 a pen test report you don't have to do 693 00:26:11,640 --> 00:26:14,400 anything else just open up a PDF just 694 00:26:14,400 --> 00:26:17,159 read through it as if you are you are an 695 00:26:17,159 --> 00:26:18,779 executive try and see if you can 696 00:26:18,779 --> 00:26:20,279 understand what's going on and that'll 697 00:26:20,279 --> 00:26:21,960 give you you know very good insight as 698 00:26:21,960 --> 00:26:24,120 to how you can write good reports 699 00:26:24,120 --> 00:26:26,159 yourself all right and we'll get back to 700 00:26:26,159 --> 00:26:28,200 report writing shortly 701 00:26:28,200 --> 00:26:30,179 uh another thing that you should start 702 00:26:30,179 --> 00:26:32,820 focusing on in year two is setting up 703 00:26:32,820 --> 00:26:35,100 your home lab so setting up a good home 704 00:26:35,100 --> 00:26:38,520 lab now step one virtualization so 705 00:26:38,520 --> 00:26:41,220 you know um this is something I think 706 00:26:41,220 --> 00:26:42,779 I've heard a lot of people say in the 707 00:26:42,779 --> 00:26:44,580 industry but uh 708 00:26:44,580 --> 00:26:46,020 pretty much one of the first few 709 00:26:46,020 --> 00:26:49,080 programs that any hacker secure cyber 710 00:26:49,080 --> 00:26:51,600 security expert or infosec professional 711 00:26:51,600 --> 00:26:53,880 you know will set up 712 00:26:53,880 --> 00:26:57,000 on the assistant is a hypervisor 713 00:26:57,000 --> 00:26:58,980 virtualization software so think of 714 00:26:58,980 --> 00:27:01,080 virtualbox VMware again they're all free 715 00:27:01,080 --> 00:27:02,880 versions virtual boxes would be my 716 00:27:02,880 --> 00:27:04,860 preferred learn about how to use them 717 00:27:04,860 --> 00:27:07,799 how to set up networks the various types 718 00:27:07,799 --> 00:27:10,080 of networking options 719 00:27:10,080 --> 00:27:11,820 so on and so forth learn about how to 720 00:27:11,820 --> 00:27:14,159 take snapshots you know set up a Windows 721 00:27:14,159 --> 00:27:17,700 box set up a Kali Linux system set up an 722 00:27:17,700 --> 00:27:19,260 active directory environment whatever 723 00:27:19,260 --> 00:27:21,059 you want just learn how to set up your 724 00:27:21,059 --> 00:27:22,679 own home lab for testing because you'll 725 00:27:22,679 --> 00:27:24,840 be doing a lot of testing and then also 726 00:27:24,840 --> 00:27:26,520 take a look at devops this is something 727 00:27:26,520 --> 00:27:28,679 that I did I'm very glad that I did it 728 00:27:28,679 --> 00:27:31,140 early on and sort of exploring 729 00:27:31,140 --> 00:27:34,140 containers when I started out I was 730 00:27:34,140 --> 00:27:36,419 typically you know experimenting with uh 731 00:27:36,419 --> 00:27:39,480 lxc but Docker came along in kubernetes 732 00:27:39,480 --> 00:27:42,179 and that was just insane what you could 733 00:27:42,179 --> 00:27:44,700 do on the cheap uh you know with Docker 734 00:27:44,700 --> 00:27:47,640 containers Etc so set up your own Cali 735 00:27:47,640 --> 00:27:49,980 parrot box or install your own tools 736 00:27:49,980 --> 00:27:53,760 just set up your own home lab and get 737 00:27:53,760 --> 00:27:56,039 start get your hands dirty with vulnerab 738 00:27:56,039 --> 00:27:57,539 boxes they're free you can go to 739 00:27:57,539 --> 00:27:59,640 vulnerab download some hacking 740 00:27:59,640 --> 00:28:00,840 challenges 741 00:28:00,840 --> 00:28:03,900 Try It Out start hacking start learning 742 00:28:03,900 --> 00:28:05,760 about where you know you have gaps 743 00:28:05,760 --> 00:28:09,240 improve on those gaps you know you 744 00:28:09,240 --> 00:28:11,760 really really very very very simple in 745 00:28:11,760 --> 00:28:13,799 terms of what you should do 746 00:28:13,799 --> 00:28:14,520 um 747 00:28:14,520 --> 00:28:17,279 then I would recommend moving on to sort 748 00:28:17,279 --> 00:28:19,679 of your pen testing fundamentals so what 749 00:28:19,679 --> 00:28:21,419 do I mean by this well if you're using 750 00:28:21,419 --> 00:28:23,039 Cali or parrot 751 00:28:23,039 --> 00:28:24,720 I would recommend taking a look at the 752 00:28:24,720 --> 00:28:28,559 Kali Linux revealed PDF it's a free pdf 753 00:28:28,559 --> 00:28:31,220 that essentially guides you in how to 754 00:28:31,220 --> 00:28:33,120 operationalize the Kali Linux 755 00:28:33,120 --> 00:28:34,980 distribution so what all the tools are 756 00:28:34,980 --> 00:28:37,860 used for how to configure Kali you know 757 00:28:37,860 --> 00:28:40,799 the various uh ways you can install Kali 758 00:28:40,799 --> 00:28:42,720 or Cali packages if you're looking for a 759 00:28:42,720 --> 00:28:44,580 minimal installation Etc 760 00:28:44,580 --> 00:28:46,320 then I would recommend learning netcat 761 00:28:46,320 --> 00:28:48,659 and socat now specifically learn about 762 00:28:48,659 --> 00:28:51,380 reverse shells learn about bind shells 763 00:28:51,380 --> 00:28:54,240 learn how to utilize netgat is very very 764 00:28:54,240 --> 00:28:56,279 important and then learn about file 765 00:28:56,279 --> 00:28:58,440 transfers with Linux and windows so 766 00:28:58,440 --> 00:29:00,720 learn how to transfer files from a Linux 767 00:29:00,720 --> 00:29:02,279 system to a Windows system and vice 768 00:29:02,279 --> 00:29:05,159 versa and the different ways you can do 769 00:29:05,159 --> 00:29:07,320 that you know there's tons of ways uh 770 00:29:07,320 --> 00:29:09,600 through SMB through the web you know 771 00:29:09,600 --> 00:29:12,000 through a web server Etc and then you 772 00:29:12,000 --> 00:29:13,260 can move on to passive information 773 00:29:13,260 --> 00:29:15,539 gathering and osen now this is going to 774 00:29:15,539 --> 00:29:17,520 be a lot you know there's a lot of stuff 775 00:29:17,520 --> 00:29:19,620 to cover here but learn about how to 776 00:29:19,620 --> 00:29:21,960 utilize what's publicly available to 777 00:29:21,960 --> 00:29:24,059 gather information on Target and then 778 00:29:24,059 --> 00:29:25,860 when it comes down to active information 779 00:29:25,860 --> 00:29:28,500 again return to vaal Knob return to hack 780 00:29:28,500 --> 00:29:30,539 the box return to triac me any other lab 781 00:29:30,539 --> 00:29:32,820 platforms that you may want to use 782 00:29:32,820 --> 00:29:35,159 you know move on to network and board 783 00:29:35,159 --> 00:29:38,460 scanning nmap is your friend learn about 784 00:29:38,460 --> 00:29:40,860 nmap Mass scan whatever tools you want 785 00:29:40,860 --> 00:29:43,799 to use learn about and also rust scan I 786 00:29:43,799 --> 00:29:45,539 should mention very very fast very very 787 00:29:45,539 --> 00:29:48,360 cool uh learn about how to identify 788 00:29:48,360 --> 00:29:50,580 active hosts on a network how to perform 789 00:29:50,580 --> 00:29:52,679 board scans what to do if the things are 790 00:29:52,679 --> 00:29:54,299 being blocked by a firewall how to speed 791 00:29:54,299 --> 00:29:56,460 up and slow down your scans how to 792 00:29:56,460 --> 00:29:58,200 utilize the nmap scripting engine which 793 00:29:58,200 --> 00:30:01,140 brings me now to enumeration so once 794 00:30:01,140 --> 00:30:02,820 you've identified open ports on a Target 795 00:30:02,820 --> 00:30:04,380 system and the services that are running 796 00:30:04,380 --> 00:30:06,419 on them your next step is to enumerate 797 00:30:06,419 --> 00:30:08,279 as much information as possible from 798 00:30:08,279 --> 00:30:10,080 these open ports that's where 799 00:30:10,080 --> 00:30:11,760 enumeration comes into play there's tons 800 00:30:11,760 --> 00:30:14,279 of tools that you can utilize based on 801 00:30:14,279 --> 00:30:15,899 the protocol you're trying to enumerate 802 00:30:15,899 --> 00:30:18,179 information from so learn about web 803 00:30:18,179 --> 00:30:22,320 enumeration SMB enumeration SSH so on 804 00:30:22,320 --> 00:30:23,940 and so forth and also take a look at 805 00:30:23,940 --> 00:30:26,340 vulnerability scanning with tools like 806 00:30:26,340 --> 00:30:29,039 openvas or nessus anything that you can 807 00:30:29,039 --> 00:30:31,020 get your hands on learn about what that 808 00:30:31,020 --> 00:30:31,980 looks like 809 00:30:31,980 --> 00:30:33,779 uh take a look at vulnerability 810 00:30:33,779 --> 00:30:35,700 assessment reports 811 00:30:35,700 --> 00:30:37,500 understand that because in certain cases 812 00:30:37,500 --> 00:30:39,179 you may be asked to do that instead of a 813 00:30:39,179 --> 00:30:41,640 pen test not always the best of days but 814 00:30:41,640 --> 00:30:43,140 hey 815 00:30:43,140 --> 00:30:46,200 uh once that is done the next phase 816 00:30:46,200 --> 00:30:47,760 which I always separate is the 817 00:30:47,760 --> 00:30:49,740 exploitation and post exploitation phase 818 00:30:49,740 --> 00:30:52,440 so learn about exploitation and post 819 00:30:52,440 --> 00:30:54,539 exploitation Frameworks like Metasploit 820 00:30:54,539 --> 00:30:56,279 and Powershell Empire so learn how to 821 00:30:56,279 --> 00:30:57,679 use them by the way I'll be making 822 00:30:57,679 --> 00:31:00,840 entirely new series on both of these and 823 00:31:00,840 --> 00:31:03,299 showing you how to use them which you 824 00:31:03,299 --> 00:31:05,640 know will be quite important but learn 825 00:31:05,640 --> 00:31:08,340 how to use them use them to run exploits 826 00:31:08,340 --> 00:31:09,779 again don't worry if anyone calls you a 827 00:31:09,779 --> 00:31:12,960 skid or anything like that or noob yeah 828 00:31:12,960 --> 00:31:15,240 again remember you're here to learn take 829 00:31:15,240 --> 00:31:17,700 a look at Metasploit modules hell write 830 00:31:17,700 --> 00:31:19,559 your own Metasploit module automate 831 00:31:19,559 --> 00:31:21,720 whatever you want to automate I'll then 832 00:31:21,720 --> 00:31:23,580 recommend searching for and modifying 833 00:31:23,580 --> 00:31:25,919 exploits on exploitdb so once you've 834 00:31:25,919 --> 00:31:27,179 taken a look at how the automated 835 00:31:27,179 --> 00:31:29,640 exploitation Frameworks work you can 836 00:31:29,640 --> 00:31:31,320 then say Okay I want to exploit the same 837 00:31:31,320 --> 00:31:33,480 vulnerability but manually it could be a 838 00:31:33,480 --> 00:31:36,840 python script it could be you know a A C 839 00:31:36,840 --> 00:31:40,380 C plus plus C shop uh piece of code that 840 00:31:40,380 --> 00:31:41,760 you need to compile learn about that 841 00:31:41,760 --> 00:31:44,520 learn about how to compile exploits you 842 00:31:44,520 --> 00:31:45,659 can then take a look at client-side 843 00:31:45,659 --> 00:31:48,539 attacks like phishing browser exploits 844 00:31:48,539 --> 00:31:49,799 you know 845 00:31:49,799 --> 00:31:51,659 tons of stuff you can explore there 846 00:31:51,659 --> 00:31:54,299 which I'll not go over right now and 847 00:31:54,299 --> 00:31:56,520 very importantly you don't need to be an 848 00:31:56,520 --> 00:31:59,159 expert in buff overflows but just learn 849 00:31:59,159 --> 00:32:02,520 about what causes them and how they 850 00:32:02,520 --> 00:32:04,620 exploit it you can take an example of a 851 00:32:04,620 --> 00:32:06,840 Metasploit module and understand what 852 00:32:06,840 --> 00:32:08,940 it's doing in order for the exploit to 853 00:32:08,940 --> 00:32:10,679 work right 854 00:32:10,679 --> 00:32:11,279 um 855 00:32:11,279 --> 00:32:13,140 and then of course you know you can take 856 00:32:13,140 --> 00:32:15,179 a look at explodb is a great place to 857 00:32:15,179 --> 00:32:17,220 learn about this stuff take a look at 858 00:32:17,220 --> 00:32:21,320 some exploit DB buffer overflow exploits 859 00:32:21,320 --> 00:32:23,880 on exploit DB you can actually download 860 00:32:23,880 --> 00:32:25,740 the vulnerable piece of software set it 861 00:32:25,740 --> 00:32:27,299 up in your home lab whether it's running 862 00:32:27,299 --> 00:32:30,059 on Windows and Linux and then try and 863 00:32:30,059 --> 00:32:32,520 understand most of the exploit DB code 864 00:32:32,520 --> 00:32:34,320 is very well documented so try and 865 00:32:34,320 --> 00:32:35,940 understand what's going on the various 866 00:32:35,940 --> 00:32:38,279 types of overflow attacks or overflow 867 00:32:38,279 --> 00:32:40,140 exploits you know there's a lot of stuff 868 00:32:40,140 --> 00:32:41,760 you can get into there 869 00:32:41,760 --> 00:32:44,159 and then of course the classic which I 870 00:32:44,159 --> 00:32:45,720 always recommend learn about the common 871 00:32:45,720 --> 00:32:48,720 vulnerabilities and the the common CVS 872 00:32:48,720 --> 00:32:51,659 that have have affected windows in the 873 00:32:51,659 --> 00:32:54,179 past like you know Eternal blue blue 874 00:32:54,179 --> 00:32:58,320 Cape uh and then you know on um on 875 00:32:58,320 --> 00:33:02,539 linux's Samba cry shell shock 876 00:33:02,640 --> 00:33:05,100 um hot blade you know some of the most 877 00:33:05,100 --> 00:33:06,480 popular ones take a look at them 878 00:33:06,480 --> 00:33:08,820 understand what caused them it's always 879 00:33:08,820 --> 00:33:11,100 good to have that historical uh you know 880 00:33:11,100 --> 00:33:12,659 perspective and while you're doing that 881 00:33:12,659 --> 00:33:15,000 when you're taking a look at CVS take a 882 00:33:15,000 --> 00:33:16,919 look at the common vulnerability scoring 883 00:33:16,919 --> 00:33:20,159 systems or CVSs learn about you know the 884 00:33:20,159 --> 00:33:23,100 structure of a cve and how that relates 885 00:33:23,100 --> 00:33:25,080 to when it was publicly released or made 886 00:33:25,080 --> 00:33:27,480 publicly available run about responsible 887 00:33:27,480 --> 00:33:30,179 learn about responsible disclosure 888 00:33:30,179 --> 00:33:32,100 Etc and then you can move on to post 889 00:33:32,100 --> 00:33:33,899 exploitation techniques so this is where 890 00:33:33,899 --> 00:33:36,240 you have you know your standard local 891 00:33:36,240 --> 00:33:39,480 enumeration so living uh living on the 892 00:33:39,480 --> 00:33:41,760 land uh then you can take a look at 893 00:33:41,760 --> 00:33:44,279 automation scripts like win pays or lint 894 00:33:44,279 --> 00:33:47,460 piece to automate local in uh you know 895 00:33:47,460 --> 00:33:49,740 to automate the process of Performing 896 00:33:49,740 --> 00:33:52,080 local enumeration on both operating 897 00:33:52,080 --> 00:33:54,179 systems learn about privilege escalation 898 00:33:54,179 --> 00:33:56,460 techniques again I know this is a lot 899 00:33:56,460 --> 00:33:58,740 but I have reviewed or gone over this 900 00:33:58,740 --> 00:34:00,960 you don't have to stick to three years 901 00:34:00,960 --> 00:34:03,260 I know that this is a lot trust me 902 00:34:03,260 --> 00:34:06,000 so this can spill over into the third 903 00:34:06,000 --> 00:34:08,219 fourth or fifth year but this is sort of 904 00:34:08,219 --> 00:34:10,139 giving you a guide as to what you should 905 00:34:10,139 --> 00:34:12,179 know and what I would look for in a 906 00:34:12,179 --> 00:34:14,339 junior pen test or someone who's looking 907 00:34:14,339 --> 00:34:16,619 to get into pen testing was you know got 908 00:34:16,619 --> 00:34:18,119 the certs Etc 909 00:34:18,119 --> 00:34:21,300 and then of course password cracking 910 00:34:21,300 --> 00:34:23,639 um which is quite important so learning 911 00:34:23,639 --> 00:34:26,399 about uh you know various hashes uh what 912 00:34:26,399 --> 00:34:28,859 that means about you know utilizing 913 00:34:28,859 --> 00:34:32,580 tools like hashcat and John the Ripper 914 00:34:32,580 --> 00:34:34,619 and finally how do you put all of this 915 00:34:34,619 --> 00:34:36,800 into context well practice like hell 916 00:34:36,800 --> 00:34:40,080 take participate in ctfs don't focus on 917 00:34:40,080 --> 00:34:42,000 your performance you're just here to 918 00:34:42,000 --> 00:34:43,560 learn that's what you are you're a 919 00:34:43,560 --> 00:34:46,379 sponge again you just take a look at 920 00:34:46,379 --> 00:34:49,199 walkthroughs write-ups participate in 921 00:34:49,199 --> 00:34:51,239 ctfs join a team if you're in University 922 00:34:51,239 --> 00:34:53,760 form a team it doesn't matter how bad 923 00:34:53,760 --> 00:34:56,159 you perform you trust me the first time 924 00:34:56,159 --> 00:34:58,320 you participate in a CTF 925 00:34:58,320 --> 00:35:01,200 the date ends you will be a different 926 00:35:01,200 --> 00:35:03,300 person than the day you actually got 927 00:35:03,300 --> 00:35:05,220 started you you trust me you'll you 928 00:35:05,220 --> 00:35:07,920 would have learned a lot a lot 929 00:35:07,920 --> 00:35:10,680 so again research videos books blogs 930 00:35:10,680 --> 00:35:13,619 write-ups courses certifications just 931 00:35:13,619 --> 00:35:16,140 look for information and again you could 932 00:35:16,140 --> 00:35:18,599 be looking for a very specific you know 933 00:35:18,599 --> 00:35:21,060 piece of information that's fine 934 00:35:21,060 --> 00:35:24,119 just uh you know utilize whatever is on 935 00:35:24,119 --> 00:35:25,740 the internet if you know again if you're 936 00:35:25,740 --> 00:35:28,079 on a budget I understand 937 00:35:28,079 --> 00:35:28,680 um 938 00:35:28,680 --> 00:35:31,140 but yeah also utilize platforms like 939 00:35:31,140 --> 00:35:33,000 hack the Box try hack me to identify 940 00:35:33,000 --> 00:35:36,359 your uh your the the areas 941 00:35:36,359 --> 00:35:38,760 um where you have gaps so where you can 942 00:35:38,760 --> 00:35:39,720 improve 943 00:35:39,720 --> 00:35:41,640 uh learn now and then this is very 944 00:35:41,640 --> 00:35:44,700 important based on the boxes that you do 945 00:35:44,700 --> 00:35:46,500 or the boxes that you Pawn on hack the 946 00:35:46,500 --> 00:35:48,780 Box vulnerable to try Acme 947 00:35:48,780 --> 00:35:51,540 take a pen testing report template and 948 00:35:51,540 --> 00:35:54,000 just write write a report just write a 949 00:35:54,000 --> 00:35:56,940 report or better yet use that same 950 00:35:56,940 --> 00:36:00,839 uh that same model and start a blog 951 00:36:00,839 --> 00:36:03,000 start a YouTube channel 952 00:36:03,000 --> 00:36:05,400 you know start putting out whatever 953 00:36:05,400 --> 00:36:08,400 you're doing into the public space and 954 00:36:08,400 --> 00:36:10,320 the blogs are the best way if you want 955 00:36:10,320 --> 00:36:11,579 to start a YouTube channel let's find 956 00:36:11,579 --> 00:36:13,859 that the great thing with blogs is that 957 00:36:13,859 --> 00:36:15,720 it's immediately accessible I don't have 958 00:36:15,720 --> 00:36:17,339 to watch a video I can just go through 959 00:36:17,339 --> 00:36:20,700 it uh and uh people immediately know 960 00:36:20,700 --> 00:36:22,380 your name they immediately know you are 961 00:36:22,380 --> 00:36:24,720 linked you link your social profiles if 962 00:36:24,720 --> 00:36:25,980 you're doing great work if you're doing 963 00:36:25,980 --> 00:36:27,740 research on a particular vulnerability 964 00:36:27,740 --> 00:36:31,200 whatever you want to do just do it and 965 00:36:31,200 --> 00:36:32,700 then 966 00:36:32,700 --> 00:36:34,380 just write a blog post doesn't matter 967 00:36:34,380 --> 00:36:36,540 how simple it is that's your work treat 968 00:36:36,540 --> 00:36:38,400 this remember this is your career this 969 00:36:38,400 --> 00:36:41,160 is your craft so be proud of what you're 970 00:36:41,160 --> 00:36:44,160 doing and take pride in your work and 971 00:36:44,160 --> 00:36:47,460 very nicely publish a very detailed blog 972 00:36:47,460 --> 00:36:49,079 post about what you're doing what you've 973 00:36:49,079 --> 00:36:51,839 done Etc it'll be useful to someone 974 00:36:51,839 --> 00:36:53,940 and that's how you sort of pass it along 975 00:36:53,940 --> 00:36:56,460 which is what I which is what I did I 976 00:36:56,460 --> 00:36:57,900 took all the stuff that I had learned 977 00:36:57,900 --> 00:36:59,339 and I you know started making videos 978 00:36:59,339 --> 00:37:02,040 about it again I had no big dreams about 979 00:37:02,040 --> 00:37:04,920 being a superstar YouTuber no it was 980 00:37:04,920 --> 00:37:07,500 just me sitting down every evening after 981 00:37:07,500 --> 00:37:09,839 work or whatever I was doing on the 982 00:37:09,839 --> 00:37:11,940 weekends and saying yeah this I you know 983 00:37:11,940 --> 00:37:14,579 I can make a video on this because I can 984 00:37:14,579 --> 00:37:16,320 answer a lot of questions so 985 00:37:16,320 --> 00:37:19,200 have the right mentality in mind and of 986 00:37:19,200 --> 00:37:21,300 course this is something that I do a lot 987 00:37:21,300 --> 00:37:24,000 I've done and I'm so grateful I am so 988 00:37:24,000 --> 00:37:25,740 grateful that I took notes and on 989 00:37:25,740 --> 00:37:27,480 everything I was doing looking back at 990 00:37:27,480 --> 00:37:28,859 some of the notes I took seven years ago 991 00:37:28,859 --> 00:37:31,800 I mean I was an idiot but it's so cool 992 00:37:31,800 --> 00:37:34,200 to say that that growth you know because 993 00:37:34,200 --> 00:37:36,359 I was taking notes and I was making 994 00:37:36,359 --> 00:37:38,880 mistakes I didn't understand Concepts if 995 00:37:38,880 --> 00:37:40,740 you read some of my notes from earlier 996 00:37:40,740 --> 00:37:42,960 on when I tried to explain stuff like a 997 00:37:42,960 --> 00:37:44,640 buffer overflow 998 00:37:44,640 --> 00:37:46,260 and Concepts like that I mean it was 999 00:37:46,260 --> 00:37:48,780 really bad but again I was ironing out 1000 00:37:48,780 --> 00:37:51,119 my thoughts you know if you write and 1001 00:37:51,119 --> 00:37:53,940 writing is very important or typing 1002 00:37:53,940 --> 00:37:56,099 just document what you're doing it's 1003 00:37:56,099 --> 00:37:58,079 important to you don't think about other 1004 00:37:58,079 --> 00:38:00,119 people it this is this is your stuff 1005 00:38:00,119 --> 00:38:01,980 this is you so 1006 00:38:01,980 --> 00:38:04,560 all right so your next step and this is 1007 00:38:04,560 --> 00:38:06,540 something that is optional at least in 1008 00:38:06,540 --> 00:38:08,700 my mind but something that I recommend 1009 00:38:08,700 --> 00:38:10,619 you don't skip over and that is web app 1010 00:38:10,619 --> 00:38:12,839 and testing and or bug bounties and I'll 1011 00:38:12,839 --> 00:38:15,300 sort of explain how these two uh play 1012 00:38:15,300 --> 00:38:17,400 into each other right 1013 00:38:17,400 --> 00:38:20,099 um so why is this important well you'll 1014 00:38:20,099 --> 00:38:22,800 come across web apps uh web app pen 1015 00:38:22,800 --> 00:38:24,540 testing quite a lot of your pen test or 1016 00:38:24,540 --> 00:38:26,280 red email this is this is something that 1017 00:38:26,280 --> 00:38:29,160 you can opt out of specializing in but 1018 00:38:29,160 --> 00:38:31,140 it's good to know how to do it again you 1019 00:38:31,140 --> 00:38:33,660 don't have to specialize in web app and 1020 00:38:33,660 --> 00:38:35,579 testing because again it is an entire 1021 00:38:35,579 --> 00:38:37,740 field of its own really especially now 1022 00:38:37,740 --> 00:38:39,780 but I would recommend you know just 1023 00:38:39,780 --> 00:38:42,060 starting off with the with pawning or 1024 00:38:42,060 --> 00:38:44,640 hacking vulnerable web applications you 1025 00:38:44,640 --> 00:38:47,040 know that could be stuff like the damn 1026 00:38:47,040 --> 00:38:48,960 vulnerable web application it could be 1027 00:38:48,960 --> 00:38:51,720 OS motility stuff like that just getting 1028 00:38:51,720 --> 00:38:54,660 on you know getting into grips with what 1029 00:38:54,660 --> 00:38:56,820 web app and testing is and now I know 1030 00:38:56,820 --> 00:38:58,440 that there's a lot that falls on under 1031 00:38:58,440 --> 00:39:01,140 here but learning the fundamentals of 1032 00:39:01,140 --> 00:39:05,280 http of Recon Etc right and learning 1033 00:39:05,280 --> 00:39:07,140 about how the web works 1034 00:39:07,140 --> 00:39:10,740 and the best way that I've seen this you 1035 00:39:10,740 --> 00:39:11,760 know work 1036 00:39:11,760 --> 00:39:14,220 for me and one thing that I need to also 1037 00:39:14,220 --> 00:39:16,079 point out is that I've seen this a lot 1038 00:39:16,079 --> 00:39:18,359 in my career is that even with pen 1039 00:39:18,359 --> 00:39:21,000 testers or red teamers this is an area 1040 00:39:21,000 --> 00:39:23,339 or a topic that they either like or they 1041 00:39:23,339 --> 00:39:25,020 don't like I've seen those two types of 1042 00:39:25,020 --> 00:39:26,400 pen testers they either really 1043 00:39:26,400 --> 00:39:28,560 passionate about web apps and the web in 1044 00:39:28,560 --> 00:39:31,320 general or they're not they know how to 1045 00:39:31,320 --> 00:39:33,420 you know how to perform a pen test on a 1046 00:39:33,420 --> 00:39:34,680 web app but it's not something they 1047 00:39:34,680 --> 00:39:36,240 enjoy doing as a result they don't get 1048 00:39:36,240 --> 00:39:39,240 into bug Bounty so that's one uh One 1049 00:39:39,240 --> 00:39:42,060 path but I would recommend you getting 1050 00:39:42,060 --> 00:39:43,740 your hands dirty with web app and 1051 00:39:43,740 --> 00:39:46,740 testing before you come to that to that 1052 00:39:46,740 --> 00:39:48,420 assessment or to that judgment you know 1053 00:39:48,420 --> 00:39:50,040 before you actually make up a decision 1054 00:39:50,040 --> 00:39:53,339 on what you want to do so one of the 1055 00:39:53,339 --> 00:39:55,260 things I recommend doing is developing a 1056 00:39:55,260 --> 00:39:59,220 web app and more specifically PHP MySQL 1057 00:39:59,220 --> 00:40:01,619 the example or the application I can 1058 00:40:01,619 --> 00:40:03,359 give you an idea for is a very simple 1059 00:40:03,359 --> 00:40:05,400 content management system there's plenty 1060 00:40:05,400 --> 00:40:07,619 of guides out there already written code 1061 00:40:07,619 --> 00:40:09,540 but write it you know for yourself learn 1062 00:40:09,540 --> 00:40:12,780 about PHP as a server-side language 1063 00:40:12,780 --> 00:40:14,700 um you know the front end that's stuff 1064 00:40:14,700 --> 00:40:16,560 that you can pick up easily but 1065 00:40:16,560 --> 00:40:18,480 obviously JavaScript is going to be a 1066 00:40:18,480 --> 00:40:21,720 huge factor in that but develop your own 1067 00:40:21,720 --> 00:40:23,579 content management system very simple 1068 00:40:23,579 --> 00:40:25,680 one where you know you have a login page 1069 00:40:25,680 --> 00:40:28,200 and then once you log in you can write a 1070 00:40:28,200 --> 00:40:30,300 simple blog post and that's rendered uh 1071 00:40:30,300 --> 00:40:32,040 properly or the way you want it rendered 1072 00:40:32,040 --> 00:40:34,740 on the front end and the reason I say 1073 00:40:34,740 --> 00:40:36,180 this is this will teach you a lot about 1074 00:40:36,180 --> 00:40:38,220 where mistakes are made with regards to 1075 00:40:38,220 --> 00:40:39,720 developing web apps even if it's 1076 00:40:39,720 --> 00:40:41,940 extremely trivial it just gives you that 1077 00:40:41,940 --> 00:40:45,240 tacit understanding as to where 1078 00:40:45,240 --> 00:40:47,040 developers make mistakes even if they 1079 00:40:47,040 --> 00:40:48,359 don't make them anymore you'll still 1080 00:40:48,359 --> 00:40:50,040 find web apps with some very common 1081 00:40:50,040 --> 00:40:52,079 vulnerabilities but learn about you know 1082 00:40:52,079 --> 00:40:54,839 input sanitization you know upload 1083 00:40:54,839 --> 00:40:57,859 filters stuff like that and of course 1084 00:40:57,859 --> 00:41:01,200 code execution which is not that common 1085 00:41:01,200 --> 00:41:03,780 nowadays but you know you still may run 1086 00:41:03,780 --> 00:41:07,020 you still may come across it so develop 1087 00:41:07,020 --> 00:41:08,760 that content management system without 1088 00:41:08,760 --> 00:41:12,500 any security uh any uh secure code 1089 00:41:12,500 --> 00:41:15,180 process integrated into it and then try 1090 00:41:15,180 --> 00:41:16,680 and hack it and you'll actually see 1091 00:41:16,680 --> 00:41:19,140 where the where mistakes are made you 1092 00:41:19,140 --> 00:41:21,240 learn how to assess web applications how 1093 00:41:21,240 --> 00:41:22,500 to test them for specific 1094 00:41:22,500 --> 00:41:24,720 vulnerabilities and do this in tandem 1095 00:41:24,720 --> 00:41:26,579 with the vulnerable web apps and the OS 1096 00:41:26,579 --> 00:41:29,760 top 10 and the OS security testing guide 1097 00:41:29,760 --> 00:41:31,440 they'll sort of give you an 1098 00:41:31,440 --> 00:41:33,180 understanding as to the types of 1099 00:41:33,180 --> 00:41:34,500 vulnerabilities you'll come across 1100 00:41:34,500 --> 00:41:38,520 nowadays on Modern web apps uh 1101 00:41:38,520 --> 00:41:40,800 what causes the vulnerabilities which 1102 00:41:40,800 --> 00:41:42,359 you can then re-implement within your 1103 00:41:42,359 --> 00:41:44,400 own web app or within your own lab and 1104 00:41:44,400 --> 00:41:46,380 then test you know it's a it's 1105 00:41:46,380 --> 00:41:48,480 essentially a cyclic process but learn 1106 00:41:48,480 --> 00:41:50,099 about that and then if you want to get 1107 00:41:50,099 --> 00:41:52,200 into bug bounties you know learn Recon 1108 00:41:52,200 --> 00:41:54,000 and watch everything from Jason Haddix 1109 00:41:54,000 --> 00:41:57,180 and namsec I mean these two guys have 1110 00:41:57,180 --> 00:41:59,160 you know really really 1111 00:41:59,160 --> 00:41:59,700 um 1112 00:41:59,700 --> 00:42:01,619 contributed a lot and of course I've not 1113 00:42:01,619 --> 00:42:03,180 mentioned other creators not because 1114 00:42:03,180 --> 00:42:05,460 they're not good or anything just not 1115 00:42:05,460 --> 00:42:07,380 enough space here there's a ton of other 1116 00:42:07,380 --> 00:42:09,900 creators that do bug Bounty stuff like 1117 00:42:09,900 --> 00:42:11,700 uh you know for example right off the 1118 00:42:11,700 --> 00:42:13,800 top of my head we have Stoke uh we have 1119 00:42:13,800 --> 00:42:16,859 uh you know Christy Christy Vlad uh 1120 00:42:16,859 --> 00:42:19,740 excellent stuff from him uh you know and 1121 00:42:19,740 --> 00:42:22,020 they did you know they're really good at 1122 00:42:22,020 --> 00:42:23,579 what they do which is web app and 1123 00:42:23,579 --> 00:42:26,040 testing among many other uh things or 1124 00:42:26,040 --> 00:42:28,740 many other areas of expertise or subject 1125 00:42:28,740 --> 00:42:31,440 matter but they'll really set you in the 1126 00:42:31,440 --> 00:42:32,880 right direction with regards to bug 1127 00:42:32,880 --> 00:42:34,320 bounties and then of course that'll 1128 00:42:34,320 --> 00:42:36,780 directly take you to web proxies where 1129 00:42:36,780 --> 00:42:38,760 you can utilize Oasis app if you're on a 1130 00:42:38,760 --> 00:42:40,440 low budget or you know the community 1131 00:42:40,440 --> 00:42:42,300 version of burp Suite but you know I 1132 00:42:42,300 --> 00:42:43,680 would recommend learning about how to 1133 00:42:43,680 --> 00:42:47,339 utilize zap first that will 1134 00:42:47,339 --> 00:42:49,320 um that'll sort of give you an idea as 1135 00:42:49,320 --> 00:42:51,060 to whether or not you want to invest in 1136 00:42:51,060 --> 00:42:52,980 a burp Suite license but that's up to 1137 00:42:52,980 --> 00:42:55,440 you and just get started with bug 1138 00:42:55,440 --> 00:42:57,119 bounties but I've always recommended 1139 00:42:57,119 --> 00:43:00,240 this start off with bug bounties locally 1140 00:43:00,240 --> 00:43:02,460 so look at the web apps you use on a 1141 00:43:02,460 --> 00:43:04,859 daily basis the the local ones to you 1142 00:43:04,859 --> 00:43:07,980 know uh specific to your region because 1143 00:43:07,980 --> 00:43:09,119 those are the ones that are most 1144 00:43:09,119 --> 00:43:10,859 important to you that you know a lot 1145 00:43:10,859 --> 00:43:13,680 about and do not take that uh lightly if 1146 00:43:13,680 --> 00:43:15,180 you know if you've used the web app 1147 00:43:15,180 --> 00:43:17,640 before you know a lot about how it works 1148 00:43:17,640 --> 00:43:19,319 and where the potential endpoints are 1149 00:43:19,319 --> 00:43:20,579 for example 1150 00:43:20,579 --> 00:43:24,060 so take that into consideration because 1151 00:43:24,060 --> 00:43:26,099 if you get into you know platforms like 1152 00:43:26,099 --> 00:43:28,500 background hacker one they sort of have 1153 00:43:28,500 --> 00:43:30,240 a competitive nature which for a 1154 00:43:30,240 --> 00:43:32,220 beginner can throw you off because it 1155 00:43:32,220 --> 00:43:34,440 now becomes about how many disclosures 1156 00:43:34,440 --> 00:43:36,119 you can get how many bounties you got 1157 00:43:36,119 --> 00:43:38,880 how much you got paid which is not good 1158 00:43:38,880 --> 00:43:40,500 to begin with if you want to make money 1159 00:43:40,500 --> 00:43:42,900 that's fine but in the beginning you 1160 00:43:42,900 --> 00:43:44,579 need to be comfortable with what you're 1161 00:43:44,579 --> 00:43:46,079 doing before you start going onto 1162 00:43:46,079 --> 00:43:48,300 platforms like hacker one you know you 1163 00:43:48,300 --> 00:43:50,060 know onto Public 1164 00:43:50,060 --> 00:43:54,240 public programs so keep that in mind and 1165 00:43:54,240 --> 00:43:55,319 of course 1166 00:43:55,319 --> 00:43:57,660 this process will eventually show you 1167 00:43:57,660 --> 00:43:59,099 what you're good at with regards to 1168 00:43:59,099 --> 00:44:01,200 vulnerabilities so you may you may be 1169 00:44:01,200 --> 00:44:02,880 good at cross-site scripting you may be 1170 00:44:02,880 --> 00:44:04,920 good at SQL injection you may be good at 1171 00:44:04,920 --> 00:44:05,900 uh 1172 00:44:05,900 --> 00:44:10,200 identifying uh insecure authorization or 1173 00:44:10,200 --> 00:44:12,300 local file inclusion vulnerabilities as 1174 00:44:12,300 --> 00:44:15,599 an example you know and uh take a look 1175 00:44:15,599 --> 00:44:18,480 at disclosures reports and blog posts by 1176 00:44:18,480 --> 00:44:20,220 other people doing bug bounties the 1177 00:44:20,220 --> 00:44:22,619 people you know who are very good at 1178 00:44:22,619 --> 00:44:24,300 identifying the vulnerabilities that you 1179 00:44:24,300 --> 00:44:25,800 like or that you're very good at 1180 00:44:25,800 --> 00:44:28,440 identifying as well you learn a lot from 1181 00:44:28,440 --> 00:44:30,660 them and this is where you start getting 1182 00:44:30,660 --> 00:44:32,940 into the community you know uh start 1183 00:44:32,940 --> 00:44:34,980 again it comes back to the idea of 1184 00:44:34,980 --> 00:44:37,460 having your own blog uh you know right 1185 00:44:37,460 --> 00:44:39,839 blog posts about vulnerabilities how you 1186 00:44:39,839 --> 00:44:41,400 did stuff of course taking into account 1187 00:44:41,400 --> 00:44:43,500 responsible disclosure and all of that 1188 00:44:43,500 --> 00:44:46,619 good stuff but yeah web app and testing 1189 00:44:46,619 --> 00:44:48,180 is a very tacit 1190 00:44:48,180 --> 00:44:49,260 um 1191 00:44:49,260 --> 00:44:52,440 very tacit path in that you need to get 1192 00:44:52,440 --> 00:44:54,780 your hands dirty and you will spend a 1193 00:44:54,780 --> 00:44:55,980 lot of time here if this is something 1194 00:44:55,980 --> 00:44:57,540 that you like this may be something 1195 00:44:57,540 --> 00:44:59,040 you'll end up pursuing you know in the 1196 00:44:59,040 --> 00:45:01,440 form of bug bounties so I personally 1197 00:45:01,440 --> 00:45:03,540 like web app and testing and I do bug 1198 00:45:03,540 --> 00:45:05,819 Bounty sometimes but I just don't have 1199 00:45:05,819 --> 00:45:08,640 the time because my primary job deviates 1200 00:45:08,640 --> 00:45:10,800 slightly from web app and testing so I 1201 00:45:10,800 --> 00:45:12,420 always find myself coming back and 1202 00:45:12,420 --> 00:45:14,520 having to gain momentum again and you 1203 00:45:14,520 --> 00:45:15,839 know all of that good stuff but I do 1204 00:45:15,839 --> 00:45:18,500 like whether I've been testing so yeah 1205 00:45:18,500 --> 00:45:21,180 that's uh generally speaking what I 1206 00:45:21,180 --> 00:45:23,819 recommend for year two when it comes 1207 00:45:23,819 --> 00:45:25,619 down to year three this is an area now 1208 00:45:25,619 --> 00:45:28,740 that you get into specializing right 1209 00:45:28,740 --> 00:45:31,200 uh and I haven't covered Blue Team as so 1210 00:45:31,200 --> 00:45:32,040 there's something that I'll probably 1211 00:45:32,040 --> 00:45:33,720 cover later but if you're into pen 1212 00:45:33,720 --> 00:45:35,339 testing in red teaming or the offensive 1213 00:45:35,339 --> 00:45:37,920 side of things anti-virus and ETR 1214 00:45:37,920 --> 00:45:40,859 evasion are very very important 1215 00:45:40,859 --> 00:45:43,079 um these are areas that I'll be delving 1216 00:45:43,079 --> 00:45:44,940 deeper into in their own videos because 1217 00:45:44,940 --> 00:45:47,400 they deserve their own videos another 1218 00:45:47,400 --> 00:45:49,079 one of course is active directory pen 1219 00:45:49,079 --> 00:45:51,180 testing which is another tangent that 1220 00:45:51,180 --> 00:45:53,880 you'll find yourself going down learn 1221 00:45:53,880 --> 00:45:55,800 about red teaming tactics techniques and 1222 00:45:55,800 --> 00:45:57,240 procedures for the mighty attack 1223 00:45:57,240 --> 00:45:58,980 framework or the Cyber kill chain but 1224 00:45:58,980 --> 00:46:01,260 learn the mighty attack framework learn 1225 00:46:01,260 --> 00:46:02,940 about port forwarding and pivoting 1226 00:46:02,940 --> 00:46:06,540 within a a large Network C2 Frameworks 1227 00:46:06,540 --> 00:46:08,040 like Havoc 1228 00:46:08,040 --> 00:46:08,940 um 1229 00:46:08,940 --> 00:46:11,280 Covenant partial Empire 1230 00:46:11,280 --> 00:46:13,859 you know plethora of others like Posh so 1231 00:46:13,859 --> 00:46:15,300 on and so forth learn about how they 1232 00:46:15,300 --> 00:46:17,339 work why they're utilized uh how to 1233 00:46:17,339 --> 00:46:19,260 utilize them not just for post 1234 00:46:19,260 --> 00:46:21,780 exploitation but also for exfiltration 1235 00:46:21,780 --> 00:46:24,240 learn about fish fishing and initial 1236 00:46:24,240 --> 00:46:26,520 access ttps this is arguably the most 1237 00:46:26,520 --> 00:46:28,020 important especially if you're in the in 1238 00:46:28,020 --> 00:46:30,240 red teaming then about how to set up you 1239 00:46:30,240 --> 00:46:31,980 know proper fishing infrastructure how 1240 00:46:31,980 --> 00:46:34,260 to set up or how to write good phishing 1241 00:46:34,260 --> 00:46:37,140 emails and that'll then take you deeper 1242 00:46:37,140 --> 00:46:39,359 into resource development where you 1243 00:46:39,359 --> 00:46:42,119 learn how to develop your own macros uh 1244 00:46:42,119 --> 00:46:43,619 how to develop your own malicious 1245 00:46:43,619 --> 00:46:46,260 documents your own malicious executables 1246 00:46:46,260 --> 00:46:49,079 payloads all that good stuff 1247 00:46:49,079 --> 00:46:52,319 and also you know then within year three 1248 00:46:52,319 --> 00:46:54,900 another great place or another important 1249 00:46:54,900 --> 00:46:56,760 area is adversary emulation this is 1250 00:46:56,760 --> 00:46:58,380 specific to the red team is but also 1251 00:46:58,380 --> 00:47:00,060 useful to the blue and purple teamers 1252 00:47:00,060 --> 00:47:02,460 learn about what adversary emulation is 1253 00:47:02,460 --> 00:47:05,160 analyze apt groups or thread groups and 1254 00:47:05,160 --> 00:47:07,200 their operations uh their previous 1255 00:47:07,200 --> 00:47:10,140 operations or historically speaking uh 1256 00:47:10,140 --> 00:47:12,300 learn about their trade craft their ttps 1257 00:47:12,300 --> 00:47:14,280 and their software or malware that 1258 00:47:14,280 --> 00:47:16,500 they've utilized the industries they 1259 00:47:16,500 --> 00:47:19,440 target and more important to this learn 1260 00:47:19,440 --> 00:47:22,260 how to utilize edrs and seems like Wazoo 1261 00:47:22,260 --> 00:47:23,819 they're you know completely free to 1262 00:47:23,819 --> 00:47:25,500 detect your attacks and understand the 1263 00:47:25,500 --> 00:47:27,660 defender's perspective so that you 1264 00:47:27,660 --> 00:47:29,579 understand what you look like what your 1265 00:47:29,579 --> 00:47:32,400 activity looks like uh if there is a 1266 00:47:32,400 --> 00:47:34,380 blue team in place because that's 1267 00:47:34,380 --> 00:47:35,880 something that you know is very very 1268 00:47:35,880 --> 00:47:36,900 important 1269 00:47:36,900 --> 00:47:38,099 um especially in the context of 1270 00:47:38,099 --> 00:47:40,500 adversity emulation because stealth and 1271 00:47:40,500 --> 00:47:43,460 persistence is is a key factor or key 1272 00:47:43,460 --> 00:47:45,839 determinant here 1273 00:47:45,839 --> 00:47:48,359 and of course this will take you down to 1274 00:47:48,359 --> 00:47:51,000 manually automatically emulating apts or 1275 00:47:51,000 --> 00:47:52,740 threat groups you know automatically 1276 00:47:52,740 --> 00:47:55,020 that could be through a tool like miter 1277 00:47:55,020 --> 00:47:57,720 Caldera or the atomic 1278 00:47:57,720 --> 00:48:00,900 um the atomic red team tests and then of 1279 00:48:00,900 --> 00:48:03,119 course manually most of your adversary 1280 00:48:03,119 --> 00:48:05,280 emulation or simulation campaigns will 1281 00:48:05,280 --> 00:48:08,160 be uh will involve you know manual face 1282 00:48:08,160 --> 00:48:09,780 to them especially in the resource 1283 00:48:09,780 --> 00:48:11,880 development side of things uh but uh 1284 00:48:11,880 --> 00:48:15,000 yeah that's uh what I recommend for year 1285 00:48:15,000 --> 00:48:16,920 three with regards to ready means 1286 00:48:16,920 --> 00:48:18,720 specific now another area that you can 1287 00:48:18,720 --> 00:48:21,180 get into and again this is very nuanced 1288 00:48:21,180 --> 00:48:23,099 this is something that I at least in my 1289 00:48:23,099 --> 00:48:24,359 experience I've seen that you either 1290 00:48:24,359 --> 00:48:27,359 like or you find 1291 00:48:27,359 --> 00:48:29,940 um intuitive or not it doesn't say 1292 00:48:29,940 --> 00:48:31,560 anything about your intelligence or 1293 00:48:31,560 --> 00:48:34,079 anything like that but reverse 1294 00:48:34,079 --> 00:48:35,940 engineering you know binary exploitation 1295 00:48:35,940 --> 00:48:38,880 malware analysis these are all very very 1296 00:48:38,880 --> 00:48:40,859 nuanced fields that require a lot of 1297 00:48:40,859 --> 00:48:42,960 prerequisite knowledge specifically with 1298 00:48:42,960 --> 00:48:45,359 regards to development and in my opinion 1299 00:48:45,359 --> 00:48:47,819 the only way way for you to successfully 1300 00:48:47,819 --> 00:48:50,339 learn reverse engineering is for you to 1301 00:48:50,339 --> 00:48:52,560 have developed an application either in 1302 00:48:52,560 --> 00:48:54,540 C C plus plus or c-sharp you know 1303 00:48:54,540 --> 00:48:57,000 specifically in the case of Windows that 1304 00:48:57,000 --> 00:48:59,579 that's not exclusively the case but 1305 00:48:59,579 --> 00:49:01,980 if you have developed a windows program 1306 00:49:01,980 --> 00:49:04,740 or net application reverse engineering 1307 00:49:04,740 --> 00:49:06,480 it will make sense it you'll actually 1308 00:49:06,480 --> 00:49:09,480 understand what's going on and so 1309 00:49:09,480 --> 00:49:11,520 that's what I recommend doing now of 1310 00:49:11,520 --> 00:49:13,140 course in most cases you're going to be 1311 00:49:13,140 --> 00:49:15,000 in a black box type of scenario where 1312 00:49:15,000 --> 00:49:16,140 you're reverse engineering and 1313 00:49:16,140 --> 00:49:17,940 executable or you're performing malware 1314 00:49:17,940 --> 00:49:19,619 analysis on a malware sample you've 1315 00:49:19,619 --> 00:49:21,960 never analyzed before and that's where 1316 00:49:21,960 --> 00:49:23,819 the other skills like you know of course 1317 00:49:23,819 --> 00:49:26,880 assembly is one of them both x86 and x64 1318 00:49:26,880 --> 00:49:28,920 is important but you know you have your 1319 00:49:28,920 --> 00:49:31,020 typical debugging skills disassembling 1320 00:49:31,020 --> 00:49:32,280 skills where you have you know either 1321 00:49:32,280 --> 00:49:34,440 immunity you're going to debugger so on 1322 00:49:34,440 --> 00:49:36,599 and so forth and also get rid to a 1323 00:49:36,599 --> 00:49:38,940 certain extent but this is an area that 1324 00:49:38,940 --> 00:49:40,680 I'll also be exploring just to give you 1325 00:49:40,680 --> 00:49:43,260 guys a taste of what this looks like 1326 00:49:43,260 --> 00:49:45,060 um you know using completely practical 1327 00:49:45,060 --> 00:49:47,819 examples but that's another area you can 1328 00:49:47,819 --> 00:49:50,460 focus on in year three now to put all of 1329 00:49:50,460 --> 00:49:52,859 this into context before we end the 1330 00:49:52,859 --> 00:49:53,880 video 1331 00:49:53,880 --> 00:49:55,740 um if you're a blue team as I said I'll 1332 00:49:55,740 --> 00:49:58,619 be making a guide on that because a lot 1333 00:49:58,619 --> 00:50:00,359 of people you know blue team really 1334 00:50:00,359 --> 00:50:02,520 isn't that popular especially in 1335 00:50:02,520 --> 00:50:05,220 colleges in universities but still of an 1336 00:50:05,220 --> 00:50:08,099 excellent field to pursue one that I 1337 00:50:08,099 --> 00:50:10,740 like and find myself you know uh now 1338 00:50:10,740 --> 00:50:13,079 more than ever getting back into 1339 00:50:13,079 --> 00:50:15,119 but that's only to better my operations 1340 00:50:15,119 --> 00:50:17,400 on the red team side so I'm a bit biased 1341 00:50:17,400 --> 00:50:19,560 there but I'll be setting up a guide for 1342 00:50:19,560 --> 00:50:21,240 the blue teamers and you know for anyone 1343 00:50:21,240 --> 00:50:24,060 wants to become a sock uh sock analyst 1344 00:50:24,060 --> 00:50:25,800 Etc 1345 00:50:25,800 --> 00:50:28,200 um so yeah that's really the guide that 1346 00:50:28,200 --> 00:50:30,000 I have come up with and I said I've put 1347 00:50:30,000 --> 00:50:33,000 a lot of time and Research into this and 1348 00:50:33,000 --> 00:50:33,900 um 1349 00:50:33,900 --> 00:50:36,119 again the reason I made it is to provide 1350 00:50:36,119 --> 00:50:38,640 you with a guideline or a roadmap if you 1351 00:50:38,640 --> 00:50:39,300 will 1352 00:50:39,300 --> 00:50:42,420 on what you should you should know at 1353 00:50:42,420 --> 00:50:43,740 the end of the three years and again it 1354 00:50:43,740 --> 00:50:45,420 doesn't have to it this is not you know 1355 00:50:45,420 --> 00:50:47,220 set in stone or anything like that it 1356 00:50:47,220 --> 00:50:49,500 can expand to three five six years 1357 00:50:49,500 --> 00:50:53,220 whatever time you have because I know a 1358 00:50:53,220 --> 00:50:54,720 lot of people especially those who are 1359 00:50:54,720 --> 00:50:56,339 transitioning careers already have a day 1360 00:50:56,339 --> 00:50:58,200 job so I can understand the time 1361 00:50:58,200 --> 00:51:00,300 constraints and one thing that you'll 1362 00:51:00,300 --> 00:51:02,220 find and this is completely normal and 1363 00:51:02,220 --> 00:51:04,140 it's something that I encourage is that 1364 00:51:04,140 --> 00:51:05,880 let's say on year two when you're taking 1365 00:51:05,880 --> 00:51:07,380 a look at pen testing or post 1366 00:51:07,380 --> 00:51:09,720 exploitation is you'll go off on 1367 00:51:09,720 --> 00:51:11,640 tangents of your own within a specific 1368 00:51:11,640 --> 00:51:13,260 topic maybe if you're taking a look at 1369 00:51:13,260 --> 00:51:14,880 exploitation Frameworks that's fine 1370 00:51:14,880 --> 00:51:17,339 that's actually awesome but always 1371 00:51:17,339 --> 00:51:19,380 remember to come back to the guide and 1372 00:51:19,380 --> 00:51:20,520 again you don't have to follow mine 1373 00:51:20,520 --> 00:51:22,140 there's plenty of other guides out there 1374 00:51:22,140 --> 00:51:24,599 what I really wanted to stress is that 1375 00:51:24,599 --> 00:51:26,520 if you want to achieve anything in life 1376 00:51:26,520 --> 00:51:29,280 you need a goal and you need a timeline 1377 00:51:29,280 --> 00:51:32,160 those are the two trust me I know it may 1378 00:51:32,160 --> 00:51:34,920 sound cliche but just try it out for 1379 00:51:34,920 --> 00:51:36,960 yourself and you know set a no-nonsense 1380 00:51:36,960 --> 00:51:39,240 deadline but a realistic one of course 1381 00:51:39,240 --> 00:51:43,400 stick into account all of the 1382 00:51:43,559 --> 00:51:46,140 all of the work that you may have or you 1383 00:51:46,140 --> 00:51:47,400 know the time constraints if you're a 1384 00:51:47,400 --> 00:51:49,380 student make sure it's realistic so 1385 00:51:49,380 --> 00:51:50,880 don't say I'm going to learn how to hack 1386 00:51:50,880 --> 00:51:52,980 active directory in a month that's 1387 00:51:52,980 --> 00:51:55,200 unrealistic you can say 1388 00:51:55,200 --> 00:52:00,079 six months say in 2022 oh sorry 2023 1389 00:52:00,079 --> 00:52:04,020 by let's say July 1390 00:52:04,020 --> 00:52:06,119 I am going to have 1391 00:52:06,119 --> 00:52:08,160 not mastered but I'm going to have 1392 00:52:08,160 --> 00:52:10,140 learned how to pen test in an active 1393 00:52:10,140 --> 00:52:12,300 directory environment just set it just 1394 00:52:12,300 --> 00:52:14,220 say this is July and then you take a 1395 00:52:14,220 --> 00:52:16,559 look at build up a rough outline of what 1396 00:52:16,559 --> 00:52:17,940 you need to learn again it doesn't need 1397 00:52:17,940 --> 00:52:20,099 to be complete when you begin once you 1398 00:52:20,099 --> 00:52:21,540 start getting into it you'll start 1399 00:52:21,540 --> 00:52:23,160 filling in blanks that you didn't even 1400 00:52:23,160 --> 00:52:24,960 know were there you'll start seeing 1401 00:52:24,960 --> 00:52:26,700 stuff that you didn't know were there 1402 00:52:26,700 --> 00:52:29,339 that is not available online you know 1403 00:52:29,339 --> 00:52:31,680 that that's what now upsets you or marks 1404 00:52:31,680 --> 00:52:34,260 you out as a pen tester because you'll 1405 00:52:34,260 --> 00:52:35,880 start having this innate knowledge of 1406 00:52:35,880 --> 00:52:37,800 Technologies and how to assess them you 1407 00:52:37,800 --> 00:52:39,960 know so on and so forth but 1408 00:52:39,960 --> 00:52:42,960 uh set a deadline say okay I'm going to 1409 00:52:42,960 --> 00:52:44,819 learn this in month one two three four 1410 00:52:44,819 --> 00:52:48,119 five six Etc and uh you don't have to be 1411 00:52:48,119 --> 00:52:49,800 crazy with your time you don't have to 1412 00:52:49,800 --> 00:52:51,780 say oh every day I'm gonna focus on my 1413 00:52:51,780 --> 00:52:54,119 ad pen testing for six hours that's 1414 00:52:54,119 --> 00:52:56,880 unrealistic it's inhuman you can only 1415 00:52:56,880 --> 00:52:58,980 focus on something for like four hours a 1416 00:52:58,980 --> 00:53:01,440 day intellectually speaking you know uh 1417 00:53:01,440 --> 00:53:03,420 otherwise that after that your brain 1418 00:53:03,420 --> 00:53:05,220 just turns off you know whatever you're 1419 00:53:05,220 --> 00:53:08,460 learning isn't um isn't really uh isn't 1420 00:53:08,460 --> 00:53:10,559 really being saved in your memory and 1421 00:53:10,559 --> 00:53:12,000 there's a lot of signs to back that up 1422 00:53:12,000 --> 00:53:15,059 so be realistic just say every every day 1423 00:53:15,059 --> 00:53:18,359 five days a week four days a week is 1424 00:53:18,359 --> 00:53:20,579 typically good for two hours I'm just 1425 00:53:20,579 --> 00:53:23,339 gonna do a deep end testing and trust me 1426 00:53:23,339 --> 00:53:26,220 you can take a vacation you can enjoy 1427 00:53:26,220 --> 00:53:28,200 your weekends you don't have to be crazy 1428 00:53:28,200 --> 00:53:31,319 about it trust me by the end of that six 1429 00:53:31,319 --> 00:53:33,059 months 1430 00:53:33,059 --> 00:53:35,280 again you'll not be able to recognize 1431 00:53:35,280 --> 00:53:38,520 who you were uh when you started with 1432 00:53:38,520 --> 00:53:40,020 regards to your skill set in a 1433 00:53:40,020 --> 00:53:41,819 particular topic like active directory 1434 00:53:41,819 --> 00:53:43,319 pen testing so 1435 00:53:43,319 --> 00:53:45,300 again I would love to hear what you guys 1436 00:53:45,300 --> 00:53:48,359 think in the comment section uh and of 1437 00:53:48,359 --> 00:53:50,520 course your feedback is extremely uh 1438 00:53:50,520 --> 00:53:52,680 valuable I do appreciate all the support 1439 00:53:52,680 --> 00:53:55,200 you guys give me uh if you found this 1440 00:53:55,200 --> 00:53:57,359 video helpful uh please give it a like 1441 00:53:57,359 --> 00:53:58,980 or share it with your peers especially 1442 00:53:58,980 --> 00:54:00,780 if you're in school or university if you 1443 00:54:00,780 --> 00:54:03,180 think this may be helpful but yeah 1444 00:54:03,180 --> 00:54:04,500 overall I would like to see what you 1445 00:54:04,500 --> 00:54:05,819 guys have to say in the comment section 1446 00:54:05,819 --> 00:54:08,160 I know I have we have a diverse audience 1447 00:54:08,160 --> 00:54:09,180 of 1448 00:54:09,180 --> 00:54:11,880 students professionals and people now 1449 00:54:11,880 --> 00:54:14,579 who are getting into management so I 1450 00:54:14,579 --> 00:54:16,260 really like to hear what you guys think 1451 00:54:16,260 --> 00:54:19,260 and yeah thank you very much for 1452 00:54:19,260 --> 00:54:21,059 watching this video and I'll be seeing 1453 00:54:21,059 --> 00:54:24,500 you in the next video 1454 00:54:29,670 --> 00:54:32,769 [Music] 104105