Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:02,220 --> 00:00:04,560
foreign
2
00:00:04,560 --> 00:00:08,900
[Music]
3
00:00:09,260 --> 00:00:11,940
here back again with another video
4
00:00:11,940 --> 00:00:14,160
Welcome to the three-year cyber security
5
00:00:14,160 --> 00:00:17,460
roadmap uh this is an idea or a concept
6
00:00:17,460 --> 00:00:19,680
that I've been thinking of for probably
7
00:00:19,680 --> 00:00:22,320
one or two years now and I was
8
00:00:22,320 --> 00:00:25,019
originally inspired by a video or a
9
00:00:25,019 --> 00:00:27,779
guide that black hills infosec or Black
10
00:00:27,779 --> 00:00:30,539
Hills information security
11
00:00:30,539 --> 00:00:32,640
um had come up with maybe five or six
12
00:00:32,640 --> 00:00:33,719
years ago
13
00:00:33,719 --> 00:00:36,120
that essentially provided you with a
14
00:00:36,120 --> 00:00:39,600
five-year infosec uh plan if you will
15
00:00:39,600 --> 00:00:42,239
and that was a guide that I really liked
16
00:00:42,239 --> 00:00:43,800
and something that I forwarded to many
17
00:00:43,800 --> 00:00:46,260
people who asked me the question how do
18
00:00:46,260 --> 00:00:49,079
I get started in cyber security uh you
19
00:00:49,079 --> 00:00:50,820
know specifically red teaming or pen
20
00:00:50,820 --> 00:00:52,739
testing or rather the offensive side of
21
00:00:52,739 --> 00:00:54,840
things and while that guide is very
22
00:00:54,840 --> 00:00:56,100
useful
23
00:00:56,100 --> 00:00:59,640
um I still think that uh you know a lot
24
00:00:59,640 --> 00:01:02,219
of um the way I would set it out
25
00:01:02,219 --> 00:01:04,860
especially towards the latter end of the
26
00:01:04,860 --> 00:01:08,159
guide from year three to five is sort of
27
00:01:08,159 --> 00:01:11,460
convoluted and uh really provides no
28
00:01:11,460 --> 00:01:13,799
clear road map as to what what you
29
00:01:13,799 --> 00:01:15,600
should do now
30
00:01:15,600 --> 00:01:17,640
I've sort of taken that original
31
00:01:17,640 --> 00:01:19,799
inspiration and I'll link the original
32
00:01:19,799 --> 00:01:23,159
video in the description section and put
33
00:01:23,159 --> 00:01:25,439
my experience and my knowledge of the
34
00:01:25,439 --> 00:01:27,479
industry not just as a penetration test
35
00:01:27,479 --> 00:01:29,460
and red team but also someone who has
36
00:01:29,460 --> 00:01:31,560
developed a lot of educational material
37
00:01:31,560 --> 00:01:33,960
a lot of people you know as an
38
00:01:33,960 --> 00:01:35,759
individual who has coached and mentored
39
00:01:35,759 --> 00:01:37,619
a lot of people to get into the career
40
00:01:37,619 --> 00:01:39,479
successfully I think you know if you
41
00:01:39,479 --> 00:01:41,040
head over to my LinkedIn page you'll be
42
00:01:41,040 --> 00:01:43,020
able to see that all of the testimonials
43
00:01:43,020 --> 00:01:45,119
have actually helped people get jobs in
44
00:01:45,119 --> 00:01:47,100
this industry not that I'm bragging or
45
00:01:47,100 --> 00:01:49,200
anything that's sort of why I think I
46
00:01:49,200 --> 00:01:52,259
have the uh necessary experience to
47
00:01:52,259 --> 00:01:56,460
guide you here so again the the idea
48
00:01:56,460 --> 00:01:58,619
sort of came about uh primarily because
49
00:01:58,619 --> 00:02:00,479
firstly
50
00:02:00,479 --> 00:02:02,280
um you know I was looking to see whether
51
00:02:02,280 --> 00:02:03,780
there was sort of a road map because
52
00:02:03,780 --> 00:02:06,360
when you look at it realistically when
53
00:02:06,360 --> 00:02:07,619
you talk when you come down when it
54
00:02:07,619 --> 00:02:09,780
comes down to technology there's no real
55
00:02:09,780 --> 00:02:11,580
clear-cut roadmap and that's perfectly
56
00:02:11,580 --> 00:02:13,500
fine you know we can be expected to drop
57
00:02:13,500 --> 00:02:16,459
an exact plan that works 100 of the time
58
00:02:16,459 --> 00:02:19,400
however you see a lot of students
59
00:02:19,400 --> 00:02:21,180
specifically you know either leaving
60
00:02:21,180 --> 00:02:24,360
high school or students in college were
61
00:02:24,360 --> 00:02:25,860
very fascinated by cyber security
62
00:02:25,860 --> 00:02:27,480
they're very passionate about it and
63
00:02:27,480 --> 00:02:29,879
they would like to get into a career or
64
00:02:29,879 --> 00:02:32,280
get a career in cyber security and the
65
00:02:32,280 --> 00:02:35,040
problem with it as I've extrapolated uh
66
00:02:35,040 --> 00:02:37,920
over many many times is firstly the
67
00:02:37,920 --> 00:02:40,319
trivialization which I won't go into
68
00:02:40,319 --> 00:02:43,080
uh secondly there's a lot of knowledge a
69
00:02:43,080 --> 00:02:45,000
lot of platforms a lot of content out
70
00:02:45,000 --> 00:02:47,340
there and it can be difficult uh
71
00:02:47,340 --> 00:02:48,780
especially because of all of this
72
00:02:48,780 --> 00:02:51,239
information to stay focused and to stay
73
00:02:51,239 --> 00:02:54,300
on a consistent track right and so the
74
00:02:54,300 --> 00:02:57,180
the primary objective of this guide is
75
00:02:57,180 --> 00:02:59,040
not to tell you what you can and cannot
76
00:02:59,040 --> 00:03:01,140
do is to give you a guide that if you
77
00:03:01,140 --> 00:03:03,180
are there by or if you essentially
78
00:03:03,180 --> 00:03:05,819
follow roughly speaking you don't have
79
00:03:05,819 --> 00:03:08,280
to follow it exactly I can almost
80
00:03:08,280 --> 00:03:10,680
guarantee that you'll get a job now one
81
00:03:10,680 --> 00:03:12,659
other thing that I've done is I've also
82
00:03:12,659 --> 00:03:14,519
excluded any mention of certificates
83
00:03:14,519 --> 00:03:16,739
because certificates are sort of thought
84
00:03:16,739 --> 00:03:19,440
as the uh you know the only way to get a
85
00:03:19,440 --> 00:03:22,140
job they aren't and I'm going to explain
86
00:03:22,140 --> 00:03:25,260
why on my LinkedIn profile uh if you
87
00:03:25,260 --> 00:03:27,780
take a very close look I've never even
88
00:03:27,780 --> 00:03:30,239
posted most of my certifications though
89
00:03:30,239 --> 00:03:31,920
that was sort of a social experiment
90
00:03:31,920 --> 00:03:34,680
that I had to see firstly how the
91
00:03:34,680 --> 00:03:36,480
industry treats me whether they
92
00:03:36,480 --> 00:03:38,879
appreciate who I am without certificates
93
00:03:38,879 --> 00:03:40,799
so on and so forth and I know for a fact
94
00:03:40,799 --> 00:03:43,260
that now more than ever certificates
95
00:03:43,260 --> 00:03:44,580
really don't
96
00:03:44,580 --> 00:03:46,680
tell anyone anything they are still
97
00:03:46,680 --> 00:03:47,940
important remember they're still
98
00:03:47,940 --> 00:03:49,440
important especially the really good
99
00:03:49,440 --> 00:03:52,620
certifications but they're not a
100
00:03:52,620 --> 00:03:55,260
valuable uh instrument to essentially
101
00:03:55,260 --> 00:03:58,140
assess a person's or an individual's
102
00:03:58,140 --> 00:04:01,260
knowledge skills and abilities and I'll
103
00:04:01,260 --> 00:04:04,200
get into that later so again coming back
104
00:04:04,200 --> 00:04:06,360
to the video I apologize if I get
105
00:04:06,360 --> 00:04:09,120
carried away this is sort of a guide or
106
00:04:09,120 --> 00:04:10,799
a way to get you know on how to get
107
00:04:10,799 --> 00:04:12,420
started with a Korean cyber security
108
00:04:12,420 --> 00:04:15,420
just again as a caveat I'll be filling
109
00:04:15,420 --> 00:04:17,100
in the blanks this is specifically
110
00:04:17,100 --> 00:04:19,199
designed for people who want to get a
111
00:04:19,199 --> 00:04:21,120
job in the offensive side of cyber
112
00:04:21,120 --> 00:04:23,040
security I'll probably I'll probably
113
00:04:23,040 --> 00:04:25,500
cover or make a guide on The Blue Team
114
00:04:25,500 --> 00:04:27,240
side because I do have a bit of
115
00:04:27,240 --> 00:04:30,240
experience in incident response Etc so
116
00:04:30,240 --> 00:04:32,699
to get started you know coming back to
117
00:04:32,699 --> 00:04:35,520
the question why am I making this guide
118
00:04:35,520 --> 00:04:37,440
why am I making this video firstly
119
00:04:37,440 --> 00:04:39,060
there's a lack of structure there's a
120
00:04:39,060 --> 00:04:40,440
lack of a structured approach to
121
00:04:40,440 --> 00:04:42,240
learning Core Concepts and the
122
00:04:42,240 --> 00:04:43,680
fundamentals required to operate
123
00:04:43,680 --> 00:04:45,120
successfully in the cyber security
124
00:04:45,120 --> 00:04:48,000
industry and you know as a direct
125
00:04:48,000 --> 00:04:49,740
consequence of that it can be very
126
00:04:49,740 --> 00:04:52,680
daunting to get or to find a starting
127
00:04:52,680 --> 00:04:54,660
point and you know essentially a point
128
00:04:54,660 --> 00:04:57,300
where you can get started right and the
129
00:04:57,300 --> 00:04:59,820
other reason and this comes to some of
130
00:04:59,820 --> 00:05:01,680
the skills that you'll need to learn in
131
00:05:01,680 --> 00:05:04,139
this industry uh and that is the ability
132
00:05:04,139 --> 00:05:07,560
to be disciplined and the ability to set
133
00:05:07,560 --> 00:05:10,800
time defined goals so you say that in
134
00:05:10,800 --> 00:05:12,960
one month I'm going to learn this and by
135
00:05:12,960 --> 00:05:14,880
the end of that month you should you
136
00:05:14,880 --> 00:05:16,860
should have been able to learn that so
137
00:05:16,860 --> 00:05:19,680
again it's about applying uh positive
138
00:05:19,680 --> 00:05:21,600
pressure on yourself and setting
139
00:05:21,600 --> 00:05:24,360
timelines and setting goals and once you
140
00:05:24,360 --> 00:05:26,280
do that you'll actually see a change in
141
00:05:26,280 --> 00:05:29,580
your career in your life Etc and finally
142
00:05:29,580 --> 00:05:31,680
the final reason or motivation is to
143
00:05:31,680 --> 00:05:34,139
demystify cyber security as a career now
144
00:05:34,139 --> 00:05:36,060
just taking a look at this I think one
145
00:05:36,060 --> 00:05:38,460
of the main things that I want to do is
146
00:05:38,460 --> 00:05:39,660
to highlight the importance of
147
00:05:39,660 --> 00:05:41,820
fundamentals why do I keep highlighting
148
00:05:41,820 --> 00:05:43,139
this why do I keep telling people
149
00:05:43,139 --> 00:05:45,360
fundamentals fundamentals fundamentals
150
00:05:45,360 --> 00:05:47,580
the reason I say this is because cyber
151
00:05:47,580 --> 00:05:50,280
security is a Synergy or it is an
152
00:05:50,280 --> 00:05:53,220
intersection point of a plethora of
153
00:05:53,220 --> 00:05:56,759
other technology or technological skills
154
00:05:56,759 --> 00:05:58,199
or
155
00:05:58,199 --> 00:06:00,780
it requires a lot of uh
156
00:06:00,780 --> 00:06:03,120
a lot of knowledge not a lot but it
157
00:06:03,120 --> 00:06:05,220
requires knowledge in various Fields
158
00:06:05,220 --> 00:06:07,979
like networking operating systems a
159
00:06:07,979 --> 00:06:10,259
little bit of scripting so on and so
160
00:06:10,259 --> 00:06:13,139
forth and as a result if you get into
161
00:06:13,139 --> 00:06:15,240
cyber security and you're lacking in
162
00:06:15,240 --> 00:06:16,740
those three that I've just mentioned
163
00:06:16,740 --> 00:06:18,720
it's going to be difficult and that's
164
00:06:18,720 --> 00:06:20,759
why I get questions all the time when I
165
00:06:20,759 --> 00:06:22,680
make a video on nmap and I cover
166
00:06:22,680 --> 00:06:24,419
something and I always use this example
167
00:06:24,419 --> 00:06:27,060
and I cover maybe you know performing a
168
00:06:27,060 --> 00:06:29,520
syn scan and I say that's a half open
169
00:06:29,520 --> 00:06:31,979
scan we're not completing the TCP
170
00:06:31,979 --> 00:06:34,199
three-way handshake I get questions
171
00:06:34,199 --> 00:06:36,240
saying what's the TCP three-way
172
00:06:36,240 --> 00:06:38,880
handshake and why is it important when
173
00:06:38,880 --> 00:06:41,280
we're performing a stealth scan why do
174
00:06:41,280 --> 00:06:43,380
we essentially you know perform a half
175
00:06:43,380 --> 00:06:45,780
open scan and how does that that affect
176
00:06:45,780 --> 00:06:48,900
or how does that look from a network
177
00:06:48,900 --> 00:06:50,880
traffic analysis perspective how does
178
00:06:50,880 --> 00:06:53,580
the scan look uh you know in why shock
179
00:06:53,580 --> 00:06:55,500
if I was too if false generalize the
180
00:06:55,500 --> 00:06:57,900
traffic and how would that compare to a
181
00:06:57,900 --> 00:07:00,300
you know a standard connect scan
182
00:07:00,300 --> 00:07:02,039
um you know so that's one example if you
183
00:07:02,039 --> 00:07:03,900
don't know these fundamentals it becomes
184
00:07:03,900 --> 00:07:06,360
very difficult to fully utilize the
185
00:07:06,360 --> 00:07:08,699
tools that are right in front of you
186
00:07:08,699 --> 00:07:11,520
and you have a much
187
00:07:11,520 --> 00:07:15,000
um much steeper initial uh slope to
188
00:07:15,000 --> 00:07:17,580
climb if that makes any sense
189
00:07:17,580 --> 00:07:20,039
so the second that I would like to focus
190
00:07:20,039 --> 00:07:22,380
on a lot is the demystification of cyber
191
00:07:22,380 --> 00:07:23,940
security as a career which we'll get
192
00:07:23,940 --> 00:07:24,780
into
193
00:07:24,780 --> 00:07:27,120
so who is the target audience as I said
194
00:07:27,120 --> 00:07:29,280
earlier high school and college or
195
00:07:29,280 --> 00:07:30,840
university students interested in
196
00:07:30,840 --> 00:07:32,460
getting into the cyber security field
197
00:07:32,460 --> 00:07:34,680
this is obviously going to be the main
198
00:07:34,680 --> 00:07:36,599
demographic however there's also another
199
00:07:36,599 --> 00:07:39,240
core demographic that I've seen Rising
200
00:07:39,240 --> 00:07:41,819
uh or increasing in number and that's
201
00:07:41,819 --> 00:07:44,400
technology professionals are looking to
202
00:07:44,400 --> 00:07:46,139
Pivot into cyber security for whatever
203
00:07:46,139 --> 00:07:47,880
reason you could you know just be
204
00:07:47,880 --> 00:07:49,620
interested in security you may have an
205
00:07:49,620 --> 00:07:52,199
aptitude for it or a hunger for it or
206
00:07:52,199 --> 00:07:53,819
you just may want to switch careers and
207
00:07:53,819 --> 00:07:55,380
you find that you know cyber security is
208
00:07:55,380 --> 00:07:57,840
something that fits you uh or you know
209
00:07:57,840 --> 00:08:01,139
is something that you actually are very
210
00:08:01,139 --> 00:08:02,340
um
211
00:08:02,340 --> 00:08:04,919
you're very comfortable with thirdly
212
00:08:04,919 --> 00:08:07,080
cyber Security Professionals looking to
213
00:08:07,080 --> 00:08:08,759
identify knowledge gaps and level up
214
00:08:08,759 --> 00:08:10,080
their skills so again if you're a
215
00:08:10,080 --> 00:08:11,880
seasoned penetration tester or blue
216
00:08:11,880 --> 00:08:14,880
teamer Etc this could be helpful for you
217
00:08:14,880 --> 00:08:16,319
in identifying areas where you can
218
00:08:16,319 --> 00:08:18,000
improve right and that's something that
219
00:08:18,000 --> 00:08:20,400
I do regularly I always analyze my
220
00:08:20,400 --> 00:08:22,020
knowledge gaps and I still find areas
221
00:08:22,020 --> 00:08:25,560
where I'm uh I'm lacking severely
222
00:08:25,560 --> 00:08:27,300
and finally anyone looking to get
223
00:08:27,300 --> 00:08:28,979
started in the cyber security so you
224
00:08:28,979 --> 00:08:30,840
know you could be at a completely
225
00:08:30,840 --> 00:08:33,240
different job maybe a uh you know you
226
00:08:33,240 --> 00:08:35,820
may be working as a contractor or maybe
227
00:08:35,820 --> 00:08:37,559
someone in finance I've seen this happen
228
00:08:37,559 --> 00:08:38,940
a lot and
229
00:08:38,940 --> 00:08:41,580
these individuals are actually the most
230
00:08:41,580 --> 00:08:44,520
successful because they treat it as a
231
00:08:44,520 --> 00:08:46,500
proper career as opposed to the
232
00:08:46,500 --> 00:08:48,480
trivialization that I talked about so if
233
00:08:48,480 --> 00:08:50,519
I tell a contractor let's say he wants
234
00:08:50,519 --> 00:08:53,040
to switch his jobs into technology and
235
00:08:53,040 --> 00:08:55,019
he wants to get into cyber security for
236
00:08:55,019 --> 00:08:56,640
whatever reason he could like it maybe
237
00:08:56,640 --> 00:08:58,320
he likes the money
238
00:08:58,320 --> 00:09:00,540
there's a plethora of motivations for
239
00:09:00,540 --> 00:09:02,640
him wanting to him or her wanting to
240
00:09:02,640 --> 00:09:06,180
switch uh his or her career however if I
241
00:09:06,180 --> 00:09:08,220
give them a guide and I say this will
242
00:09:08,220 --> 00:09:11,519
take three or five years when I revisit
243
00:09:11,519 --> 00:09:13,500
them three or five years later they
244
00:09:13,500 --> 00:09:15,480
already some of them and this is true I
245
00:09:15,480 --> 00:09:17,399
already senior pen testers
246
00:09:17,399 --> 00:09:19,700
because they follow it they understand
247
00:09:19,700 --> 00:09:22,080
that this is a career it should be
248
00:09:22,080 --> 00:09:24,839
treated with respect and if I follow or
249
00:09:24,839 --> 00:09:27,000
adhere to this guide very closely or not
250
00:09:27,000 --> 00:09:28,620
you know it could be roughly speaking
251
00:09:28,620 --> 00:09:31,140
and I'm persistent and I want this is
252
00:09:31,140 --> 00:09:33,240
something that I want and I set goals
253
00:09:33,240 --> 00:09:34,560
and I say five years I'm going to be
254
00:09:34,560 --> 00:09:37,200
working as a red team or a pen tester
255
00:09:37,200 --> 00:09:40,620
they end up achieving that it's the
256
00:09:40,620 --> 00:09:42,720
Dilly dallying and the constant hopping
257
00:09:42,720 --> 00:09:45,120
from one position to the other that
258
00:09:45,120 --> 00:09:46,980
waste a lot of time and this is
259
00:09:46,980 --> 00:09:48,600
something that I have done so I'm
260
00:09:48,600 --> 00:09:50,640
speaking from experience here
261
00:09:50,640 --> 00:09:53,160
so let's start off with year one all
262
00:09:53,160 --> 00:09:56,160
right what's the focus with Year One
263
00:09:56,160 --> 00:09:58,260
this is what I would recommend start off
264
00:09:58,260 --> 00:10:01,260
with operating systems in the context of
265
00:10:01,260 --> 00:10:03,779
Windows learn how to install configure
266
00:10:03,779 --> 00:10:05,820
and administer windows so learn about
267
00:10:05,820 --> 00:10:08,580
Windows take a look at this internals
268
00:10:08,580 --> 00:10:10,560
book learn about the various components
269
00:10:10,560 --> 00:10:12,360
that make up Windows you know like the
270
00:10:12,360 --> 00:10:15,779
kernel the NT kernel the registry how
271
00:10:15,779 --> 00:10:17,880
passwords are stored Etc so essentially
272
00:10:17,880 --> 00:10:20,580
learn how Windows works and the various
273
00:10:20,580 --> 00:10:22,320
components that make up the operating
274
00:10:22,320 --> 00:10:23,820
system
275
00:10:23,820 --> 00:10:25,740
I would then recommend learning how to
276
00:10:25,740 --> 00:10:28,440
secure and Harden windows so sort of
277
00:10:28,440 --> 00:10:31,440
getting an understanding as to some of
278
00:10:31,440 --> 00:10:32,480
the most common security
279
00:10:32,480 --> 00:10:36,120
misconfigurations like setting the user
280
00:10:36,120 --> 00:10:38,220
account control level to low as an
281
00:10:38,220 --> 00:10:41,220
example so on and so forth and a great
282
00:10:41,220 --> 00:10:43,800
um a great utility or guide that you can
283
00:10:43,800 --> 00:10:45,959
utilize here the CIS benchmarks for
284
00:10:45,959 --> 00:10:48,480
Windows which you can take a look at
285
00:10:48,480 --> 00:10:50,760
uh and then I would also recommend
286
00:10:50,760 --> 00:10:52,740
getting an understanding of how Windows
287
00:10:52,740 --> 00:10:55,800
password hashes are how Windows
288
00:10:55,800 --> 00:10:57,779
passwords are hashed and how they're
289
00:10:57,779 --> 00:11:00,120
stored you know the Sam database how
290
00:11:00,120 --> 00:11:01,920
authentication operates how
291
00:11:01,920 --> 00:11:04,920
authentication Works rather and getting
292
00:11:04,920 --> 00:11:06,720
to grips with understanding the
293
00:11:06,720 --> 00:11:08,579
operating system that you could be using
294
00:11:08,579 --> 00:11:10,320
you know just understanding how it works
295
00:11:10,320 --> 00:11:13,019
and not being biased and saying Windows
296
00:11:13,019 --> 00:11:15,600
is bad or Windows is the best operating
297
00:11:15,600 --> 00:11:19,260
system just focus on learning it keep
298
00:11:19,260 --> 00:11:22,500
the biases and the ideologies out of
299
00:11:22,500 --> 00:11:24,600
your learning experience trust me this
300
00:11:24,600 --> 00:11:26,760
is this is a very important tip don't
301
00:11:26,760 --> 00:11:28,620
get stuck up with the oh I'm only going
302
00:11:28,620 --> 00:11:31,320
to use Linux because Windows sends uh
303
00:11:31,320 --> 00:11:33,959
you know Telemetry or you know as is
304
00:11:33,959 --> 00:11:35,760
essentially a Telemetry operating system
305
00:11:35,760 --> 00:11:37,800
that sends a lot of my data back to
306
00:11:37,800 --> 00:11:39,959
Microsoft that's a very pessimistic view
307
00:11:39,959 --> 00:11:41,760
of looking at things and if you're a
308
00:11:41,760 --> 00:11:44,459
pessimist and you're not uh if you if
309
00:11:44,459 --> 00:11:47,459
you're not open to learning things you
310
00:11:47,459 --> 00:11:48,120
know
311
00:11:48,120 --> 00:11:49,980
almost every day
312
00:11:49,980 --> 00:11:51,540
you're going to be in trouble and you'll
313
00:11:51,540 --> 00:11:53,459
see a while later
314
00:11:53,459 --> 00:11:55,320
I would also recommend becoming
315
00:11:55,320 --> 00:11:56,579
comfortable with the Windows command
316
00:11:56,579 --> 00:11:58,200
line that's fairly simple learn the
317
00:11:58,200 --> 00:12:00,180
commands learn how you know how
318
00:12:00,180 --> 00:12:01,740
everything works learn about the common
319
00:12:01,740 --> 00:12:04,740
utilities don't get into Powershell yet
320
00:12:04,740 --> 00:12:07,019
Powershell is something that you'll get
321
00:12:07,019 --> 00:12:08,760
into a bit later because you know it
322
00:12:08,760 --> 00:12:10,200
requires you to have a certain
323
00:12:10,200 --> 00:12:12,959
background and then finally and this is
324
00:12:12,959 --> 00:12:15,180
very important because I see this a lot
325
00:12:15,180 --> 00:12:17,519
learn how to set up and config an active
326
00:12:17,519 --> 00:12:18,959
directory environment which I'll be
327
00:12:18,959 --> 00:12:21,300
doing in another video that'll be
328
00:12:21,300 --> 00:12:23,420
releasing this weekend probably
329
00:12:23,420 --> 00:12:25,560
I'll show you how to set up an active
330
00:12:25,560 --> 00:12:27,060
directory environment how to set up a
331
00:12:27,060 --> 00:12:28,680
domain and configure it to be vulnerable
332
00:12:28,680 --> 00:12:30,240
for your own practice so learn about
333
00:12:30,240 --> 00:12:33,240
active directory the concept of you know
334
00:12:33,240 --> 00:12:37,380
domains trusts forests trees so on and
335
00:12:37,380 --> 00:12:39,120
so forth learn how
336
00:12:39,120 --> 00:12:42,600
learn what active directory is and learn
337
00:12:42,600 --> 00:12:44,760
the importance of active directory and
338
00:12:44,760 --> 00:12:46,560
why companies utilize it because you
339
00:12:46,560 --> 00:12:48,300
will be dealing with active directory a
340
00:12:48,300 --> 00:12:49,560
lot especially if you're a penetration
341
00:12:49,560 --> 00:12:50,639
tester
342
00:12:50,639 --> 00:12:52,740
in the case of Linux the same thing
343
00:12:52,740 --> 00:12:54,540
applies learn how to install config and
344
00:12:54,540 --> 00:12:57,180
administer Linux learn how the Linux
345
00:12:57,180 --> 00:12:59,880
operating systems are the Linux kernel
346
00:12:59,880 --> 00:13:02,220
rather and you know the the collective
347
00:13:02,220 --> 00:13:04,320
operating systems or Linux or gnu plus
348
00:13:04,320 --> 00:13:06,540
Linux learn how this works and the
349
00:13:06,540 --> 00:13:07,920
various components that make up the
350
00:13:07,920 --> 00:13:10,260
operating system learn how to secure and
351
00:13:10,260 --> 00:13:12,839
Harden Linux again the CIS benchmarks
352
00:13:12,839 --> 00:13:15,420
are you know great guideline become
353
00:13:15,420 --> 00:13:17,519
comfortable with the terminal this is a
354
00:13:17,519 --> 00:13:19,980
very very important so I'll be making
355
00:13:19,980 --> 00:13:21,540
follow-up videos regarding these
356
00:13:21,540 --> 00:13:23,220
individual skills but learn how to use
357
00:13:23,220 --> 00:13:24,959
the terminal learn about the common
358
00:13:24,959 --> 00:13:27,959
commands you know Basics admin stuff
359
00:13:27,959 --> 00:13:30,480
learn how to copy files how to you know
360
00:13:30,480 --> 00:13:32,399
set up Chrome jobs
361
00:13:32,399 --> 00:13:36,240
how to automate a lot of your you know
362
00:13:36,240 --> 00:13:39,240
mundane or manual work with bash scripts
363
00:13:39,240 --> 00:13:42,600
learn about environment variables learn
364
00:13:42,600 --> 00:13:44,700
about other terminal emulators about
365
00:13:44,700 --> 00:13:46,440
various shells
366
00:13:46,440 --> 00:13:48,779
learn how to install various Linux
367
00:13:48,779 --> 00:13:50,459
distributions again you don't have to
368
00:13:50,459 --> 00:13:52,740
use them just fire up a VM try out Red
369
00:13:52,740 --> 00:13:55,139
Hat try out Centos tryout Fedora get an
370
00:13:55,139 --> 00:13:57,360
understanding of what makes these
371
00:13:57,360 --> 00:13:59,220
distributions different because you'll
372
00:13:59,220 --> 00:14:01,620
typically be seeing Centos Red Hat
373
00:14:01,620 --> 00:14:05,399
Fedora Ubuntu on production systems so
374
00:14:05,399 --> 00:14:08,399
learn about what makes them
375
00:14:08,399 --> 00:14:10,440
you know that specific distribution
376
00:14:10,440 --> 00:14:13,380
learn about what makes Santos Santos and
377
00:14:13,380 --> 00:14:15,000
learn about the various features that
378
00:14:15,000 --> 00:14:16,680
come packaged with you know security
379
00:14:16,680 --> 00:14:18,480
focused
380
00:14:18,480 --> 00:14:20,519
um distributions like uh you know red
381
00:14:20,519 --> 00:14:21,839
hat for example
382
00:14:21,839 --> 00:14:23,700
and this is very very important the last
383
00:14:23,700 --> 00:14:25,740
two arguably the most important learn
384
00:14:25,740 --> 00:14:28,500
about Vim said orc and rejects so
385
00:14:28,500 --> 00:14:30,600
regular Expressions why do I say Vim
386
00:14:30,600 --> 00:14:33,420
trust me a lot of people say this but
387
00:14:33,420 --> 00:14:37,139
I'll explain why a text editor is Never
388
00:14:37,139 --> 00:14:38,279
As Good
389
00:14:38,279 --> 00:14:43,019
as Vim or a terminal editor even Nano is
390
00:14:43,019 --> 00:14:45,959
like once you start using Vim when I've
391
00:14:45,959 --> 00:14:48,420
gone to Nano just for a few seconds I I
392
00:14:48,420 --> 00:14:51,000
can't comprehend it I really can't I
393
00:14:51,000 --> 00:14:53,220
mean I can't imagine myself
394
00:14:53,220 --> 00:14:55,800
using the control and ok to save
395
00:14:55,800 --> 00:14:57,660
whatever I've typed in
396
00:14:57,660 --> 00:15:00,420
I'm automatically hardwired to you know
397
00:15:00,420 --> 00:15:02,820
use the the actual colon write or write
398
00:15:02,820 --> 00:15:04,740
and quit or exit
399
00:15:04,740 --> 00:15:07,500
Etc once you learn these key bindings or
400
00:15:07,500 --> 00:15:10,620
these key binds that's it you'll never
401
00:15:10,620 --> 00:15:12,720
forget them it's like riding a bicycle
402
00:15:12,720 --> 00:15:14,639
or learning how to ride a bicycle once
403
00:15:14,639 --> 00:15:16,380
you learn them you can wake up after a
404
00:15:16,380 --> 00:15:19,980
coma you know of course without damaging
405
00:15:19,980 --> 00:15:21,420
your brain if you can wake up from a
406
00:15:21,420 --> 00:15:23,519
coma and you'd still be comfortable with
407
00:15:23,519 --> 00:15:24,600
your keyboard
408
00:15:24,600 --> 00:15:27,420
and then finally learn about git git is
409
00:15:27,420 --> 00:15:29,639
of course Source control set up your own
410
00:15:29,639 --> 00:15:32,639
GitHub repo learn how to you know
411
00:15:32,639 --> 00:15:34,440
how to set up your own GitHub repo
412
00:15:34,440 --> 00:15:37,019
locally with the get a terminal client
413
00:15:37,019 --> 00:15:39,899
learn how to you know pull push
414
00:15:39,899 --> 00:15:42,600
so on and so forth how to Fork all of
415
00:15:42,600 --> 00:15:44,100
that good stuff and I've made an entire
416
00:15:44,100 --> 00:15:45,899
video on that actually which I'll link
417
00:15:45,899 --> 00:15:47,399
in the description
418
00:15:47,399 --> 00:15:49,680
and then you can once you've covered
419
00:15:49,680 --> 00:15:51,420
operating systems in the entirety you
420
00:15:51,420 --> 00:15:53,100
can now say okay I've learned operating
421
00:15:53,100 --> 00:15:54,720
systems now learn how to perform
422
00:15:54,720 --> 00:15:56,699
scripting or how to write very basic
423
00:15:56,699 --> 00:15:59,459
scripts starting off with Windows learn
424
00:15:59,459 --> 00:16:01,019
how to utilize Powershell and write
425
00:16:01,019 --> 00:16:04,079
Powershell scripts all right and that
426
00:16:04,079 --> 00:16:06,180
will actually open up a huge Pandora's
427
00:16:06,180 --> 00:16:08,399
Box especially in cyber security because
428
00:16:08,399 --> 00:16:11,220
you learn a lot about what you can and
429
00:16:11,220 --> 00:16:13,740
can do what antivirus signature based
430
00:16:13,740 --> 00:16:16,380
antivirus systems pick up and this is
431
00:16:16,380 --> 00:16:18,060
where you'll start going off the rails a
432
00:16:18,060 --> 00:16:19,440
little bit and experimenting that's
433
00:16:19,440 --> 00:16:21,180
perfectly fine again this is just a
434
00:16:21,180 --> 00:16:23,579
guideline this is just a standardized
435
00:16:23,579 --> 00:16:25,380
path that you can follow
436
00:16:25,380 --> 00:16:27,540
next I would recommend learning again as
437
00:16:27,540 --> 00:16:29,579
I said how to automate tasks on Linux by
438
00:16:29,579 --> 00:16:31,620
leveraging shell scripts just focus on
439
00:16:31,620 --> 00:16:34,680
Bash that's it and finally python now
440
00:16:34,680 --> 00:16:36,540
the other languages you can focus but
441
00:16:36,540 --> 00:16:38,339
please if you are going to learn a
442
00:16:38,339 --> 00:16:40,320
programming or scripting language just
443
00:16:40,320 --> 00:16:43,800
Learn Python we're already up to up to
444
00:16:43,800 --> 00:16:45,480
speed with on you know on Python 3
445
00:16:45,480 --> 00:16:46,980
there's tons of scripts that have been
446
00:16:46,980 --> 00:16:49,079
developed look at them learn from them
447
00:16:49,079 --> 00:16:51,300
write your own scripts whatever crazy
448
00:16:51,300 --> 00:16:53,639
ideas you have just take that as a
449
00:16:53,639 --> 00:16:55,740
project and say okay for one week I'm
450
00:16:55,740 --> 00:16:58,199
going to try and build this with python
451
00:16:58,199 --> 00:17:01,380
and during that week when you run into
452
00:17:01,380 --> 00:17:03,120
issues when you perform your own
453
00:17:03,120 --> 00:17:04,260
research
454
00:17:04,260 --> 00:17:07,919
you will improve so much as a programmer
455
00:17:07,919 --> 00:17:09,959
just by trying to build something
456
00:17:09,959 --> 00:17:11,520
because that's what programmers do
457
00:17:11,520 --> 00:17:13,020
programmers are building things they're
458
00:17:13,020 --> 00:17:15,480
not watching how-to tutorials which is
459
00:17:15,480 --> 00:17:17,160
why I switched up my entire scripting
460
00:17:17,160 --> 00:17:19,319
series to focus on building stuff and
461
00:17:19,319 --> 00:17:20,939
then I know once I do that once you
462
00:17:20,939 --> 00:17:22,500
watch one or two of those videos that's
463
00:17:22,500 --> 00:17:24,660
it you're on your way you don't have to
464
00:17:24,660 --> 00:17:26,640
come back and watch stuff because you've
465
00:17:26,640 --> 00:17:28,860
already got it you've got to tacit
466
00:17:28,860 --> 00:17:30,360
understanding of what this is all about
467
00:17:30,360 --> 00:17:32,840
you're supposed to use these languages
468
00:17:32,840 --> 00:17:35,940
to develop things to automate stuff
469
00:17:35,940 --> 00:17:37,980
that's what you're to solve problems
470
00:17:37,980 --> 00:17:39,720
that's what these languages are about
471
00:17:39,720 --> 00:17:41,700
people have convoluted programming into
472
00:17:41,700 --> 00:17:44,460
this dark arts and you know all of this
473
00:17:44,460 --> 00:17:46,320
stuff and again I've programmed for a
474
00:17:46,320 --> 00:17:48,960
very long time I mean I've done Java
475
00:17:48,960 --> 00:17:50,580
professionally I've developed Android
476
00:17:50,580 --> 00:17:52,440
applications that are still on the
477
00:17:52,440 --> 00:17:54,179
Google Play Store
478
00:17:54,179 --> 00:17:56,700
I have done.net I have done C plus plus
479
00:17:56,700 --> 00:17:59,340
I've done C I've done C sharp I've
480
00:17:59,340 --> 00:18:00,660
delivered developed quite a lot of
481
00:18:00,660 --> 00:18:01,919
programs for Windows I'm actually
482
00:18:01,919 --> 00:18:03,720
developing a solution now for Windows
483
00:18:03,720 --> 00:18:05,880
that I'll be sharing later on but
484
00:18:05,880 --> 00:18:08,700
I know what programming is all about and
485
00:18:08,700 --> 00:18:10,679
when I was learning programming
486
00:18:10,679 --> 00:18:13,679
I followed very briefly the tutorial
487
00:18:13,679 --> 00:18:15,720
Series where they you know they talk to
488
00:18:15,720 --> 00:18:17,820
you about functions and Loops well they
489
00:18:17,820 --> 00:18:20,940
are helpful they are very helpful these
490
00:18:20,940 --> 00:18:23,460
are reference this is reference material
491
00:18:23,460 --> 00:18:25,320
all right those how-to tutorial videos
492
00:18:25,320 --> 00:18:27,299
that's reference material what does that
493
00:18:27,299 --> 00:18:29,280
mean it means when you don't understand
494
00:18:29,280 --> 00:18:31,740
something like how to write a function
495
00:18:31,740 --> 00:18:34,140
or how to write a loop or if you don't
496
00:18:34,140 --> 00:18:35,520
know if you don't understand about
497
00:18:35,520 --> 00:18:38,220
arrays anything about arrays that's when
498
00:18:38,220 --> 00:18:40,440
you switch to those reference videos
499
00:18:40,440 --> 00:18:42,360
that's when you search on you know in
500
00:18:42,360 --> 00:18:43,980
Google but that's when you try and find
501
00:18:43,980 --> 00:18:47,220
help online if it isn't if it hasn't
502
00:18:47,220 --> 00:18:49,200
already been answered but that's when
503
00:18:49,200 --> 00:18:50,820
you start using these videos you don't
504
00:18:50,820 --> 00:18:52,740
start off with these videos there's tons
505
00:18:52,740 --> 00:18:56,160
of resources free code academy
506
00:18:56,160 --> 00:18:58,679
what I'd recommend just say Okay I want
507
00:18:58,679 --> 00:19:00,600
to learn how to do this I want to learn
508
00:19:00,600 --> 00:19:02,880
how to automate an nmap scan with python
509
00:19:02,880 --> 00:19:05,640
perform a Google search take a look at
510
00:19:05,640 --> 00:19:06,840
the script
511
00:19:06,840 --> 00:19:09,299
clone it download it run it understand
512
00:19:09,299 --> 00:19:10,620
what's going on start making
513
00:19:10,620 --> 00:19:12,720
modifications and then when you don't
514
00:19:12,720 --> 00:19:15,299
understand some a segment within that
515
00:19:15,299 --> 00:19:17,280
code that's when you start your research
516
00:19:17,280 --> 00:19:18,840
or just start from scratch take a look
517
00:19:18,840 --> 00:19:21,059
at a few tutorials on how to write a
518
00:19:21,059 --> 00:19:25,140
basic very basic program do that once
519
00:19:25,140 --> 00:19:26,700
you've got a hang of it say I want to
520
00:19:26,700 --> 00:19:27,960
develop something else again it doesn't
521
00:19:27,960 --> 00:19:29,580
matter whether it's been done before you
522
00:19:29,580 --> 00:19:32,400
can do it your way so again just think
523
00:19:32,400 --> 00:19:34,620
of it in that perspective don't get too
524
00:19:34,620 --> 00:19:36,299
crazy with oh I'm going to build this
525
00:19:36,299 --> 00:19:39,360
and just stuff that's important to you
526
00:19:39,360 --> 00:19:41,460
doesn't matter Nothing Else Matters
527
00:19:41,460 --> 00:19:43,980
what's important to you
528
00:19:43,980 --> 00:19:46,620
finally of course here one focus on
529
00:19:46,620 --> 00:19:49,140
networking all right this is this is so
530
00:19:49,140 --> 00:19:52,740
important I mean I I cannot stress the
531
00:19:52,740 --> 00:19:56,580
importance of a topic like networking
532
00:19:56,580 --> 00:20:00,059
networking is so so important in cyber
533
00:20:00,059 --> 00:20:03,120
security or in technology in general so
534
00:20:03,120 --> 00:20:05,580
what's my recommendation start off by
535
00:20:05,580 --> 00:20:07,980
understanding The OSI model this is very
536
00:20:07,980 --> 00:20:09,679
easy to understand
537
00:20:09,679 --> 00:20:12,240
and uh understanding the different
538
00:20:12,240 --> 00:20:14,760
layers again very very easy it's very
539
00:20:14,760 --> 00:20:16,679
intuitive you understand it you know
540
00:20:16,679 --> 00:20:19,140
from the data link layer
541
00:20:19,140 --> 00:20:21,480
to the network layer to the transport
542
00:20:21,480 --> 00:20:22,500
layer
543
00:20:22,500 --> 00:20:24,960
to the you know session layer
544
00:20:24,960 --> 00:20:26,700
application layer
545
00:20:26,700 --> 00:20:29,100
to the presentation layer just
546
00:20:29,100 --> 00:20:32,520
understand what that abstraction means
547
00:20:32,520 --> 00:20:35,280
and how that categorization
548
00:20:35,280 --> 00:20:37,740
uh is used and why it's important and
549
00:20:37,740 --> 00:20:39,360
you'll start to understand hey this
550
00:20:39,360 --> 00:20:40,860
makes a lot of sense you know you start
551
00:20:40,860 --> 00:20:42,600
over the data link layer all the way to
552
00:20:42,600 --> 00:20:45,840
you know various protocols Etc then
553
00:20:45,840 --> 00:20:48,620
learn about the primary
554
00:20:48,620 --> 00:20:52,919
the primary protocols like TCP IP the
555
00:20:52,919 --> 00:20:54,679
transport protocols to be more specific
556
00:20:54,679 --> 00:20:57,780
so TCP and UDP learn how they work
557
00:20:57,780 --> 00:21:00,900
specifically in the case of TCP
558
00:21:00,900 --> 00:21:03,600
what the three-way handshake is
559
00:21:03,600 --> 00:21:06,120
uh what that looks like open up
560
00:21:06,120 --> 00:21:09,419
Wireshark open up Wireshark why shark is
561
00:21:09,419 --> 00:21:11,100
your friend learn about what traffic
562
00:21:11,100 --> 00:21:13,620
looks like take a look at packets try
563
00:21:13,620 --> 00:21:15,840
and perform some packet you know try and
564
00:21:15,840 --> 00:21:18,059
dissect packets perform packet analysis
565
00:21:18,059 --> 00:21:19,320
see what
566
00:21:19,320 --> 00:21:21,539
each packet is made up of and when you
567
00:21:21,539 --> 00:21:23,460
do that after understanding The OSI
568
00:21:23,460 --> 00:21:25,200
model you can actually see it play out
569
00:21:25,200 --> 00:21:28,020
you actually can see okay this is the
570
00:21:28,020 --> 00:21:30,780
ethernet address and then you have the
571
00:21:30,780 --> 00:21:34,140
actual uh let's say you can actually see
572
00:21:34,140 --> 00:21:36,120
the the transport layer you can see it's
573
00:21:36,120 --> 00:21:38,520
TCP okay you then move a layer up and
574
00:21:38,520 --> 00:21:40,200
you can understand just from a packet
575
00:21:40,200 --> 00:21:43,080
everything starts making sense all right
576
00:21:43,080 --> 00:21:45,539
and then understand the common ports and
577
00:21:45,539 --> 00:21:47,820
the common ports used by various
578
00:21:47,820 --> 00:21:52,080
important services so there's 65 535 TCP
579
00:21:52,080 --> 00:21:54,780
ports I'm not saying remember what each
580
00:21:54,780 --> 00:21:56,340
of those ports is used for because none
581
00:21:56,340 --> 00:21:58,860
of them are not all of them are
582
00:21:58,860 --> 00:22:00,480
typically utilized by services but learn
583
00:22:00,480 --> 00:22:04,460
about you know FTP SSH
584
00:22:04,460 --> 00:22:08,880
telnet SMTP uh let's see let's see if I
585
00:22:08,880 --> 00:22:12,720
can think of DNS uh Port 80 port 8080
586
00:22:12,720 --> 00:22:16,559
Port 443 SMB these are very important
587
00:22:16,559 --> 00:22:19,200
you'll you'll run across them
588
00:22:19,200 --> 00:22:21,659
a ton of times there's no other way of
589
00:22:21,659 --> 00:22:24,900
uh of putting it so
590
00:22:24,900 --> 00:22:26,880
again I've mentioned Wireshark already
591
00:22:26,880 --> 00:22:28,799
but that's very important now some
592
00:22:28,799 --> 00:22:31,500
additional stuff that you can do is get
593
00:22:31,500 --> 00:22:33,539
some gear you know uh and this is
594
00:22:33,539 --> 00:22:35,280
something that black hills infosecond
595
00:22:35,280 --> 00:22:37,980
pointed out which again to me when I
596
00:22:37,980 --> 00:22:40,740
look back at it I didn't realize that I
597
00:22:40,740 --> 00:22:43,020
had already done this because you know I
598
00:22:43,020 --> 00:22:45,720
set up my own home network I have a you
599
00:22:45,720 --> 00:22:48,179
know a very very well set up Network you
600
00:22:48,179 --> 00:22:50,820
know with a firewall a real firewall PF
601
00:22:50,820 --> 00:22:52,980
sense to be more specific so learn about
602
00:22:52,980 --> 00:22:56,880
routing learn about subnets learn about
603
00:22:56,880 --> 00:22:59,159
switches and how to set up imagine just
604
00:22:59,159 --> 00:23:00,840
setting up your own home network again
605
00:23:00,840 --> 00:23:02,580
you don't need crazy devices or crazy
606
00:23:02,580 --> 00:23:04,620
crazy Hardware you can use whatever
607
00:23:04,620 --> 00:23:06,539
routers you can get on the cheap I know
608
00:23:06,539 --> 00:23:08,880
most of your students I did the same I
609
00:23:08,880 --> 00:23:10,980
started off with some very very cheap uh
610
00:23:10,980 --> 00:23:13,500
you know routers nothing too crazy but
611
00:23:13,500 --> 00:23:15,960
understand how that network works you
612
00:23:15,960 --> 00:23:18,000
know set up your network play around
613
00:23:18,000 --> 00:23:20,220
with it Tinker with it and then learn
614
00:23:20,220 --> 00:23:21,960
how firewalls work in auto configure
615
00:23:21,960 --> 00:23:23,460
your own firewall and then see how that
616
00:23:23,460 --> 00:23:25,559
plays out you know just
617
00:23:25,559 --> 00:23:28,320
please this is the most important I mean
618
00:23:28,320 --> 00:23:29,940
I can't stress it enough networking is
619
00:23:29,940 --> 00:23:31,320
crazy important
620
00:23:31,320 --> 00:23:32,940
and then finally
621
00:23:32,940 --> 00:23:34,620
um this this is something that you can
622
00:23:34,620 --> 00:23:36,600
get started with but not really if
623
00:23:36,600 --> 00:23:38,400
you're not yeah I know this is where the
624
00:23:38,400 --> 00:23:40,140
old theoretical aspect of it comes into
625
00:23:40,140 --> 00:23:41,700
play but
626
00:23:41,700 --> 00:23:43,559
security fundamentals are very very
627
00:23:43,559 --> 00:23:46,200
important what do I mean by this basic
628
00:23:46,200 --> 00:23:48,299
security Concepts like what an attack is
629
00:23:48,299 --> 00:23:49,919
what a threat is what vulnerabilities
630
00:23:49,919 --> 00:23:52,799
are what risk is how to calculate risk
631
00:23:52,799 --> 00:23:55,860
uh the CIA Triads or confidentiality
632
00:23:55,860 --> 00:23:57,780
integrity and availability you know the
633
00:23:57,780 --> 00:23:59,400
three pillars that hold up cyber
634
00:23:59,400 --> 00:24:01,919
security conceptually speaking then
635
00:24:01,919 --> 00:24:03,720
about governance risk and compliance
636
00:24:03,720 --> 00:24:06,539
which is GRC some Court infosec
637
00:24:06,539 --> 00:24:08,280
terminology this is stuff that you can
638
00:24:08,280 --> 00:24:10,620
pick up you know along the way but for
639
00:24:10,620 --> 00:24:13,620
anyone that's looking for a guide that's
640
00:24:13,620 --> 00:24:15,240
what I recommend and then take a look at
641
00:24:15,240 --> 00:24:18,419
security standards like CIS or nist uh
642
00:24:18,419 --> 00:24:21,179
which you know are obviously at least at
643
00:24:21,179 --> 00:24:22,260
the moment
644
00:24:22,260 --> 00:24:24,960
are pretty much the Benchmark when it
645
00:24:24,960 --> 00:24:26,280
comes down to security standards
646
00:24:26,280 --> 00:24:28,320
remember not pen testing standards not
647
00:24:28,320 --> 00:24:31,440
yet security standards
648
00:24:31,440 --> 00:24:33,659
so that's year one in a nutshell now
649
00:24:33,659 --> 00:24:35,280
year two is when things start getting
650
00:24:35,280 --> 00:24:38,760
crazy or not crazy but uh exciting I
651
00:24:38,760 --> 00:24:41,039
should say exciting
652
00:24:41,039 --> 00:24:42,960
so the first thing you should start off
653
00:24:42,960 --> 00:24:45,360
and never ignore this trust me I've seen
654
00:24:45,360 --> 00:24:46,980
a lot of people ignore this until it's
655
00:24:46,980 --> 00:24:48,659
too late until they're told to write a
656
00:24:48,659 --> 00:24:52,020
report and then you know we get a bit uh
657
00:24:52,020 --> 00:24:54,780
you know things get a bit iffy so if
658
00:24:54,780 --> 00:24:56,159
you're going into pen testing and red
659
00:24:56,159 --> 00:24:58,320
teaming learn about the pen testing
660
00:24:58,320 --> 00:25:00,240
execution standard this is sort of a
661
00:25:00,240 --> 00:25:01,919
methodology or framework that you can
662
00:25:01,919 --> 00:25:04,799
use that'll give you an idea as to what
663
00:25:04,799 --> 00:25:07,020
an ideal assessment would look like the
664
00:25:07,020 --> 00:25:09,780
phases that make up the assessment then
665
00:25:09,780 --> 00:25:11,760
take a look at some methodologies like
666
00:25:11,760 --> 00:25:13,799
the mighty attack framework the Cyber
667
00:25:13,799 --> 00:25:17,520
kill chain uh the unified kill chain OS
668
00:25:17,520 --> 00:25:19,500
top 10 as a guide for web application
669
00:25:19,500 --> 00:25:22,260
pen testing and this is insanely
670
00:25:22,260 --> 00:25:24,900
important the oasp security testing
671
00:25:24,900 --> 00:25:26,880
guide this will sort of give you a
672
00:25:26,880 --> 00:25:28,799
methodological approach to testing web
673
00:25:28,799 --> 00:25:31,140
applications is something that I use a
674
00:25:31,140 --> 00:25:33,059
lot now I have the PDF on my desktop at
675
00:25:33,059 --> 00:25:35,039
all times when I'm testing a web app
676
00:25:35,039 --> 00:25:38,220
and uh you know I sort of want to
677
00:25:38,220 --> 00:25:40,500
you know perform not really for bug
678
00:25:40,500 --> 00:25:42,179
bounty hunting but when I'm performing
679
00:25:42,179 --> 00:25:44,580
an assessment on a web application this
680
00:25:44,580 --> 00:25:46,500
is usually a very good way of ensuring
681
00:25:46,500 --> 00:25:49,500
that I'm I'm very rigorous with my
682
00:25:49,500 --> 00:25:52,080
Approach so the key thing here is
683
00:25:52,080 --> 00:25:53,520
understand the industry standard
684
00:25:53,520 --> 00:25:55,320
methodologies used for pen tests or
685
00:25:55,320 --> 00:25:58,320
assessments and analyze open source pen
686
00:25:58,320 --> 00:25:59,940
testing reports so take a look at pen
687
00:25:59,940 --> 00:26:01,919
testing reports see what they're all
688
00:26:01,919 --> 00:26:04,080
about demystify them because the problem
689
00:26:04,080 --> 00:26:06,000
is be that people put it off for too
690
00:26:06,000 --> 00:26:07,679
long they say I'll look at that later
691
00:26:07,679 --> 00:26:10,140
it's not that important no just look at
692
00:26:10,140 --> 00:26:11,640
a pen test report you don't have to do
693
00:26:11,640 --> 00:26:14,400
anything else just open up a PDF just
694
00:26:14,400 --> 00:26:17,159
read through it as if you are you are an
695
00:26:17,159 --> 00:26:18,779
executive try and see if you can
696
00:26:18,779 --> 00:26:20,279
understand what's going on and that'll
697
00:26:20,279 --> 00:26:21,960
give you you know very good insight as
698
00:26:21,960 --> 00:26:24,120
to how you can write good reports
699
00:26:24,120 --> 00:26:26,159
yourself all right and we'll get back to
700
00:26:26,159 --> 00:26:28,200
report writing shortly
701
00:26:28,200 --> 00:26:30,179
uh another thing that you should start
702
00:26:30,179 --> 00:26:32,820
focusing on in year two is setting up
703
00:26:32,820 --> 00:26:35,100
your home lab so setting up a good home
704
00:26:35,100 --> 00:26:38,520
lab now step one virtualization so
705
00:26:38,520 --> 00:26:41,220
you know um this is something I think
706
00:26:41,220 --> 00:26:42,779
I've heard a lot of people say in the
707
00:26:42,779 --> 00:26:44,580
industry but uh
708
00:26:44,580 --> 00:26:46,020
pretty much one of the first few
709
00:26:46,020 --> 00:26:49,080
programs that any hacker secure cyber
710
00:26:49,080 --> 00:26:51,600
security expert or infosec professional
711
00:26:51,600 --> 00:26:53,880
you know will set up
712
00:26:53,880 --> 00:26:57,000
on the assistant is a hypervisor
713
00:26:57,000 --> 00:26:58,980
virtualization software so think of
714
00:26:58,980 --> 00:27:01,080
virtualbox VMware again they're all free
715
00:27:01,080 --> 00:27:02,880
versions virtual boxes would be my
716
00:27:02,880 --> 00:27:04,860
preferred learn about how to use them
717
00:27:04,860 --> 00:27:07,799
how to set up networks the various types
718
00:27:07,799 --> 00:27:10,080
of networking options
719
00:27:10,080 --> 00:27:11,820
so on and so forth learn about how to
720
00:27:11,820 --> 00:27:14,159
take snapshots you know set up a Windows
721
00:27:14,159 --> 00:27:17,700
box set up a Kali Linux system set up an
722
00:27:17,700 --> 00:27:19,260
active directory environment whatever
723
00:27:19,260 --> 00:27:21,059
you want just learn how to set up your
724
00:27:21,059 --> 00:27:22,679
own home lab for testing because you'll
725
00:27:22,679 --> 00:27:24,840
be doing a lot of testing and then also
726
00:27:24,840 --> 00:27:26,520
take a look at devops this is something
727
00:27:26,520 --> 00:27:28,679
that I did I'm very glad that I did it
728
00:27:28,679 --> 00:27:31,140
early on and sort of exploring
729
00:27:31,140 --> 00:27:34,140
containers when I started out I was
730
00:27:34,140 --> 00:27:36,419
typically you know experimenting with uh
731
00:27:36,419 --> 00:27:39,480
lxc but Docker came along in kubernetes
732
00:27:39,480 --> 00:27:42,179
and that was just insane what you could
733
00:27:42,179 --> 00:27:44,700
do on the cheap uh you know with Docker
734
00:27:44,700 --> 00:27:47,640
containers Etc so set up your own Cali
735
00:27:47,640 --> 00:27:49,980
parrot box or install your own tools
736
00:27:49,980 --> 00:27:53,760
just set up your own home lab and get
737
00:27:53,760 --> 00:27:56,039
start get your hands dirty with vulnerab
738
00:27:56,039 --> 00:27:57,539
boxes they're free you can go to
739
00:27:57,539 --> 00:27:59,640
vulnerab download some hacking
740
00:27:59,640 --> 00:28:00,840
challenges
741
00:28:00,840 --> 00:28:03,900
Try It Out start hacking start learning
742
00:28:03,900 --> 00:28:05,760
about where you know you have gaps
743
00:28:05,760 --> 00:28:09,240
improve on those gaps you know you
744
00:28:09,240 --> 00:28:11,760
really really very very very simple in
745
00:28:11,760 --> 00:28:13,799
terms of what you should do
746
00:28:13,799 --> 00:28:14,520
um
747
00:28:14,520 --> 00:28:17,279
then I would recommend moving on to sort
748
00:28:17,279 --> 00:28:19,679
of your pen testing fundamentals so what
749
00:28:19,679 --> 00:28:21,419
do I mean by this well if you're using
750
00:28:21,419 --> 00:28:23,039
Cali or parrot
751
00:28:23,039 --> 00:28:24,720
I would recommend taking a look at the
752
00:28:24,720 --> 00:28:28,559
Kali Linux revealed PDF it's a free pdf
753
00:28:28,559 --> 00:28:31,220
that essentially guides you in how to
754
00:28:31,220 --> 00:28:33,120
operationalize the Kali Linux
755
00:28:33,120 --> 00:28:34,980
distribution so what all the tools are
756
00:28:34,980 --> 00:28:37,860
used for how to configure Kali you know
757
00:28:37,860 --> 00:28:40,799
the various uh ways you can install Kali
758
00:28:40,799 --> 00:28:42,720
or Cali packages if you're looking for a
759
00:28:42,720 --> 00:28:44,580
minimal installation Etc
760
00:28:44,580 --> 00:28:46,320
then I would recommend learning netcat
761
00:28:46,320 --> 00:28:48,659
and socat now specifically learn about
762
00:28:48,659 --> 00:28:51,380
reverse shells learn about bind shells
763
00:28:51,380 --> 00:28:54,240
learn how to utilize netgat is very very
764
00:28:54,240 --> 00:28:56,279
important and then learn about file
765
00:28:56,279 --> 00:28:58,440
transfers with Linux and windows so
766
00:28:58,440 --> 00:29:00,720
learn how to transfer files from a Linux
767
00:29:00,720 --> 00:29:02,279
system to a Windows system and vice
768
00:29:02,279 --> 00:29:05,159
versa and the different ways you can do
769
00:29:05,159 --> 00:29:07,320
that you know there's tons of ways uh
770
00:29:07,320 --> 00:29:09,600
through SMB through the web you know
771
00:29:09,600 --> 00:29:12,000
through a web server Etc and then you
772
00:29:12,000 --> 00:29:13,260
can move on to passive information
773
00:29:13,260 --> 00:29:15,539
gathering and osen now this is going to
774
00:29:15,539 --> 00:29:17,520
be a lot you know there's a lot of stuff
775
00:29:17,520 --> 00:29:19,620
to cover here but learn about how to
776
00:29:19,620 --> 00:29:21,960
utilize what's publicly available to
777
00:29:21,960 --> 00:29:24,059
gather information on Target and then
778
00:29:24,059 --> 00:29:25,860
when it comes down to active information
779
00:29:25,860 --> 00:29:28,500
again return to vaal Knob return to hack
780
00:29:28,500 --> 00:29:30,539
the box return to triac me any other lab
781
00:29:30,539 --> 00:29:32,820
platforms that you may want to use
782
00:29:32,820 --> 00:29:35,159
you know move on to network and board
783
00:29:35,159 --> 00:29:38,460
scanning nmap is your friend learn about
784
00:29:38,460 --> 00:29:40,860
nmap Mass scan whatever tools you want
785
00:29:40,860 --> 00:29:43,799
to use learn about and also rust scan I
786
00:29:43,799 --> 00:29:45,539
should mention very very fast very very
787
00:29:45,539 --> 00:29:48,360
cool uh learn about how to identify
788
00:29:48,360 --> 00:29:50,580
active hosts on a network how to perform
789
00:29:50,580 --> 00:29:52,679
board scans what to do if the things are
790
00:29:52,679 --> 00:29:54,299
being blocked by a firewall how to speed
791
00:29:54,299 --> 00:29:56,460
up and slow down your scans how to
792
00:29:56,460 --> 00:29:58,200
utilize the nmap scripting engine which
793
00:29:58,200 --> 00:30:01,140
brings me now to enumeration so once
794
00:30:01,140 --> 00:30:02,820
you've identified open ports on a Target
795
00:30:02,820 --> 00:30:04,380
system and the services that are running
796
00:30:04,380 --> 00:30:06,419
on them your next step is to enumerate
797
00:30:06,419 --> 00:30:08,279
as much information as possible from
798
00:30:08,279 --> 00:30:10,080
these open ports that's where
799
00:30:10,080 --> 00:30:11,760
enumeration comes into play there's tons
800
00:30:11,760 --> 00:30:14,279
of tools that you can utilize based on
801
00:30:14,279 --> 00:30:15,899
the protocol you're trying to enumerate
802
00:30:15,899 --> 00:30:18,179
information from so learn about web
803
00:30:18,179 --> 00:30:22,320
enumeration SMB enumeration SSH so on
804
00:30:22,320 --> 00:30:23,940
and so forth and also take a look at
805
00:30:23,940 --> 00:30:26,340
vulnerability scanning with tools like
806
00:30:26,340 --> 00:30:29,039
openvas or nessus anything that you can
807
00:30:29,039 --> 00:30:31,020
get your hands on learn about what that
808
00:30:31,020 --> 00:30:31,980
looks like
809
00:30:31,980 --> 00:30:33,779
uh take a look at vulnerability
810
00:30:33,779 --> 00:30:35,700
assessment reports
811
00:30:35,700 --> 00:30:37,500
understand that because in certain cases
812
00:30:37,500 --> 00:30:39,179
you may be asked to do that instead of a
813
00:30:39,179 --> 00:30:41,640
pen test not always the best of days but
814
00:30:41,640 --> 00:30:43,140
hey
815
00:30:43,140 --> 00:30:46,200
uh once that is done the next phase
816
00:30:46,200 --> 00:30:47,760
which I always separate is the
817
00:30:47,760 --> 00:30:49,740
exploitation and post exploitation phase
818
00:30:49,740 --> 00:30:52,440
so learn about exploitation and post
819
00:30:52,440 --> 00:30:54,539
exploitation Frameworks like Metasploit
820
00:30:54,539 --> 00:30:56,279
and Powershell Empire so learn how to
821
00:30:56,279 --> 00:30:57,679
use them by the way I'll be making
822
00:30:57,679 --> 00:31:00,840
entirely new series on both of these and
823
00:31:00,840 --> 00:31:03,299
showing you how to use them which you
824
00:31:03,299 --> 00:31:05,640
know will be quite important but learn
825
00:31:05,640 --> 00:31:08,340
how to use them use them to run exploits
826
00:31:08,340 --> 00:31:09,779
again don't worry if anyone calls you a
827
00:31:09,779 --> 00:31:12,960
skid or anything like that or noob yeah
828
00:31:12,960 --> 00:31:15,240
again remember you're here to learn take
829
00:31:15,240 --> 00:31:17,700
a look at Metasploit modules hell write
830
00:31:17,700 --> 00:31:19,559
your own Metasploit module automate
831
00:31:19,559 --> 00:31:21,720
whatever you want to automate I'll then
832
00:31:21,720 --> 00:31:23,580
recommend searching for and modifying
833
00:31:23,580 --> 00:31:25,919
exploits on exploitdb so once you've
834
00:31:25,919 --> 00:31:27,179
taken a look at how the automated
835
00:31:27,179 --> 00:31:29,640
exploitation Frameworks work you can
836
00:31:29,640 --> 00:31:31,320
then say Okay I want to exploit the same
837
00:31:31,320 --> 00:31:33,480
vulnerability but manually it could be a
838
00:31:33,480 --> 00:31:36,840
python script it could be you know a A C
839
00:31:36,840 --> 00:31:40,380
C plus plus C shop uh piece of code that
840
00:31:40,380 --> 00:31:41,760
you need to compile learn about that
841
00:31:41,760 --> 00:31:44,520
learn about how to compile exploits you
842
00:31:44,520 --> 00:31:45,659
can then take a look at client-side
843
00:31:45,659 --> 00:31:48,539
attacks like phishing browser exploits
844
00:31:48,539 --> 00:31:49,799
you know
845
00:31:49,799 --> 00:31:51,659
tons of stuff you can explore there
846
00:31:51,659 --> 00:31:54,299
which I'll not go over right now and
847
00:31:54,299 --> 00:31:56,520
very importantly you don't need to be an
848
00:31:56,520 --> 00:31:59,159
expert in buff overflows but just learn
849
00:31:59,159 --> 00:32:02,520
about what causes them and how they
850
00:32:02,520 --> 00:32:04,620
exploit it you can take an example of a
851
00:32:04,620 --> 00:32:06,840
Metasploit module and understand what
852
00:32:06,840 --> 00:32:08,940
it's doing in order for the exploit to
853
00:32:08,940 --> 00:32:10,679
work right
854
00:32:10,679 --> 00:32:11,279
um
855
00:32:11,279 --> 00:32:13,140
and then of course you know you can take
856
00:32:13,140 --> 00:32:15,179
a look at explodb is a great place to
857
00:32:15,179 --> 00:32:17,220
learn about this stuff take a look at
858
00:32:17,220 --> 00:32:21,320
some exploit DB buffer overflow exploits
859
00:32:21,320 --> 00:32:23,880
on exploit DB you can actually download
860
00:32:23,880 --> 00:32:25,740
the vulnerable piece of software set it
861
00:32:25,740 --> 00:32:27,299
up in your home lab whether it's running
862
00:32:27,299 --> 00:32:30,059
on Windows and Linux and then try and
863
00:32:30,059 --> 00:32:32,520
understand most of the exploit DB code
864
00:32:32,520 --> 00:32:34,320
is very well documented so try and
865
00:32:34,320 --> 00:32:35,940
understand what's going on the various
866
00:32:35,940 --> 00:32:38,279
types of overflow attacks or overflow
867
00:32:38,279 --> 00:32:40,140
exploits you know there's a lot of stuff
868
00:32:40,140 --> 00:32:41,760
you can get into there
869
00:32:41,760 --> 00:32:44,159
and then of course the classic which I
870
00:32:44,159 --> 00:32:45,720
always recommend learn about the common
871
00:32:45,720 --> 00:32:48,720
vulnerabilities and the the common CVS
872
00:32:48,720 --> 00:32:51,659
that have have affected windows in the
873
00:32:51,659 --> 00:32:54,179
past like you know Eternal blue blue
874
00:32:54,179 --> 00:32:58,320
Cape uh and then you know on um on
875
00:32:58,320 --> 00:33:02,539
linux's Samba cry shell shock
876
00:33:02,640 --> 00:33:05,100
um hot blade you know some of the most
877
00:33:05,100 --> 00:33:06,480
popular ones take a look at them
878
00:33:06,480 --> 00:33:08,820
understand what caused them it's always
879
00:33:08,820 --> 00:33:11,100
good to have that historical uh you know
880
00:33:11,100 --> 00:33:12,659
perspective and while you're doing that
881
00:33:12,659 --> 00:33:15,000
when you're taking a look at CVS take a
882
00:33:15,000 --> 00:33:16,919
look at the common vulnerability scoring
883
00:33:16,919 --> 00:33:20,159
systems or CVSs learn about you know the
884
00:33:20,159 --> 00:33:23,100
structure of a cve and how that relates
885
00:33:23,100 --> 00:33:25,080
to when it was publicly released or made
886
00:33:25,080 --> 00:33:27,480
publicly available run about responsible
887
00:33:27,480 --> 00:33:30,179
learn about responsible disclosure
888
00:33:30,179 --> 00:33:32,100
Etc and then you can move on to post
889
00:33:32,100 --> 00:33:33,899
exploitation techniques so this is where
890
00:33:33,899 --> 00:33:36,240
you have you know your standard local
891
00:33:36,240 --> 00:33:39,480
enumeration so living uh living on the
892
00:33:39,480 --> 00:33:41,760
land uh then you can take a look at
893
00:33:41,760 --> 00:33:44,279
automation scripts like win pays or lint
894
00:33:44,279 --> 00:33:47,460
piece to automate local in uh you know
895
00:33:47,460 --> 00:33:49,740
to automate the process of Performing
896
00:33:49,740 --> 00:33:52,080
local enumeration on both operating
897
00:33:52,080 --> 00:33:54,179
systems learn about privilege escalation
898
00:33:54,179 --> 00:33:56,460
techniques again I know this is a lot
899
00:33:56,460 --> 00:33:58,740
but I have reviewed or gone over this
900
00:33:58,740 --> 00:34:00,960
you don't have to stick to three years
901
00:34:00,960 --> 00:34:03,260
I know that this is a lot trust me
902
00:34:03,260 --> 00:34:06,000
so this can spill over into the third
903
00:34:06,000 --> 00:34:08,219
fourth or fifth year but this is sort of
904
00:34:08,219 --> 00:34:10,139
giving you a guide as to what you should
905
00:34:10,139 --> 00:34:12,179
know and what I would look for in a
906
00:34:12,179 --> 00:34:14,339
junior pen test or someone who's looking
907
00:34:14,339 --> 00:34:16,619
to get into pen testing was you know got
908
00:34:16,619 --> 00:34:18,119
the certs Etc
909
00:34:18,119 --> 00:34:21,300
and then of course password cracking
910
00:34:21,300 --> 00:34:23,639
um which is quite important so learning
911
00:34:23,639 --> 00:34:26,399
about uh you know various hashes uh what
912
00:34:26,399 --> 00:34:28,859
that means about you know utilizing
913
00:34:28,859 --> 00:34:32,580
tools like hashcat and John the Ripper
914
00:34:32,580 --> 00:34:34,619
and finally how do you put all of this
915
00:34:34,619 --> 00:34:36,800
into context well practice like hell
916
00:34:36,800 --> 00:34:40,080
take participate in ctfs don't focus on
917
00:34:40,080 --> 00:34:42,000
your performance you're just here to
918
00:34:42,000 --> 00:34:43,560
learn that's what you are you're a
919
00:34:43,560 --> 00:34:46,379
sponge again you just take a look at
920
00:34:46,379 --> 00:34:49,199
walkthroughs write-ups participate in
921
00:34:49,199 --> 00:34:51,239
ctfs join a team if you're in University
922
00:34:51,239 --> 00:34:53,760
form a team it doesn't matter how bad
923
00:34:53,760 --> 00:34:56,159
you perform you trust me the first time
924
00:34:56,159 --> 00:34:58,320
you participate in a CTF
925
00:34:58,320 --> 00:35:01,200
the date ends you will be a different
926
00:35:01,200 --> 00:35:03,300
person than the day you actually got
927
00:35:03,300 --> 00:35:05,220
started you you trust me you'll you
928
00:35:05,220 --> 00:35:07,920
would have learned a lot a lot
929
00:35:07,920 --> 00:35:10,680
so again research videos books blogs
930
00:35:10,680 --> 00:35:13,619
write-ups courses certifications just
931
00:35:13,619 --> 00:35:16,140
look for information and again you could
932
00:35:16,140 --> 00:35:18,599
be looking for a very specific you know
933
00:35:18,599 --> 00:35:21,060
piece of information that's fine
934
00:35:21,060 --> 00:35:24,119
just uh you know utilize whatever is on
935
00:35:24,119 --> 00:35:25,740
the internet if you know again if you're
936
00:35:25,740 --> 00:35:28,079
on a budget I understand
937
00:35:28,079 --> 00:35:28,680
um
938
00:35:28,680 --> 00:35:31,140
but yeah also utilize platforms like
939
00:35:31,140 --> 00:35:33,000
hack the Box try hack me to identify
940
00:35:33,000 --> 00:35:36,359
your uh your the the areas
941
00:35:36,359 --> 00:35:38,760
um where you have gaps so where you can
942
00:35:38,760 --> 00:35:39,720
improve
943
00:35:39,720 --> 00:35:41,640
uh learn now and then this is very
944
00:35:41,640 --> 00:35:44,700
important based on the boxes that you do
945
00:35:44,700 --> 00:35:46,500
or the boxes that you Pawn on hack the
946
00:35:46,500 --> 00:35:48,780
Box vulnerable to try Acme
947
00:35:48,780 --> 00:35:51,540
take a pen testing report template and
948
00:35:51,540 --> 00:35:54,000
just write write a report just write a
949
00:35:54,000 --> 00:35:56,940
report or better yet use that same
950
00:35:56,940 --> 00:36:00,839
uh that same model and start a blog
951
00:36:00,839 --> 00:36:03,000
start a YouTube channel
952
00:36:03,000 --> 00:36:05,400
you know start putting out whatever
953
00:36:05,400 --> 00:36:08,400
you're doing into the public space and
954
00:36:08,400 --> 00:36:10,320
the blogs are the best way if you want
955
00:36:10,320 --> 00:36:11,579
to start a YouTube channel let's find
956
00:36:11,579 --> 00:36:13,859
that the great thing with blogs is that
957
00:36:13,859 --> 00:36:15,720
it's immediately accessible I don't have
958
00:36:15,720 --> 00:36:17,339
to watch a video I can just go through
959
00:36:17,339 --> 00:36:20,700
it uh and uh people immediately know
960
00:36:20,700 --> 00:36:22,380
your name they immediately know you are
961
00:36:22,380 --> 00:36:24,720
linked you link your social profiles if
962
00:36:24,720 --> 00:36:25,980
you're doing great work if you're doing
963
00:36:25,980 --> 00:36:27,740
research on a particular vulnerability
964
00:36:27,740 --> 00:36:31,200
whatever you want to do just do it and
965
00:36:31,200 --> 00:36:32,700
then
966
00:36:32,700 --> 00:36:34,380
just write a blog post doesn't matter
967
00:36:34,380 --> 00:36:36,540
how simple it is that's your work treat
968
00:36:36,540 --> 00:36:38,400
this remember this is your career this
969
00:36:38,400 --> 00:36:41,160
is your craft so be proud of what you're
970
00:36:41,160 --> 00:36:44,160
doing and take pride in your work and
971
00:36:44,160 --> 00:36:47,460
very nicely publish a very detailed blog
972
00:36:47,460 --> 00:36:49,079
post about what you're doing what you've
973
00:36:49,079 --> 00:36:51,839
done Etc it'll be useful to someone
974
00:36:51,839 --> 00:36:53,940
and that's how you sort of pass it along
975
00:36:53,940 --> 00:36:56,460
which is what I which is what I did I
976
00:36:56,460 --> 00:36:57,900
took all the stuff that I had learned
977
00:36:57,900 --> 00:36:59,339
and I you know started making videos
978
00:36:59,339 --> 00:37:02,040
about it again I had no big dreams about
979
00:37:02,040 --> 00:37:04,920
being a superstar YouTuber no it was
980
00:37:04,920 --> 00:37:07,500
just me sitting down every evening after
981
00:37:07,500 --> 00:37:09,839
work or whatever I was doing on the
982
00:37:09,839 --> 00:37:11,940
weekends and saying yeah this I you know
983
00:37:11,940 --> 00:37:14,579
I can make a video on this because I can
984
00:37:14,579 --> 00:37:16,320
answer a lot of questions so
985
00:37:16,320 --> 00:37:19,200
have the right mentality in mind and of
986
00:37:19,200 --> 00:37:21,300
course this is something that I do a lot
987
00:37:21,300 --> 00:37:24,000
I've done and I'm so grateful I am so
988
00:37:24,000 --> 00:37:25,740
grateful that I took notes and on
989
00:37:25,740 --> 00:37:27,480
everything I was doing looking back at
990
00:37:27,480 --> 00:37:28,859
some of the notes I took seven years ago
991
00:37:28,859 --> 00:37:31,800
I mean I was an idiot but it's so cool
992
00:37:31,800 --> 00:37:34,200
to say that that growth you know because
993
00:37:34,200 --> 00:37:36,359
I was taking notes and I was making
994
00:37:36,359 --> 00:37:38,880
mistakes I didn't understand Concepts if
995
00:37:38,880 --> 00:37:40,740
you read some of my notes from earlier
996
00:37:40,740 --> 00:37:42,960
on when I tried to explain stuff like a
997
00:37:42,960 --> 00:37:44,640
buffer overflow
998
00:37:44,640 --> 00:37:46,260
and Concepts like that I mean it was
999
00:37:46,260 --> 00:37:48,780
really bad but again I was ironing out
1000
00:37:48,780 --> 00:37:51,119
my thoughts you know if you write and
1001
00:37:51,119 --> 00:37:53,940
writing is very important or typing
1002
00:37:53,940 --> 00:37:56,099
just document what you're doing it's
1003
00:37:56,099 --> 00:37:58,079
important to you don't think about other
1004
00:37:58,079 --> 00:38:00,119
people it this is this is your stuff
1005
00:38:00,119 --> 00:38:01,980
this is you so
1006
00:38:01,980 --> 00:38:04,560
all right so your next step and this is
1007
00:38:04,560 --> 00:38:06,540
something that is optional at least in
1008
00:38:06,540 --> 00:38:08,700
my mind but something that I recommend
1009
00:38:08,700 --> 00:38:10,619
you don't skip over and that is web app
1010
00:38:10,619 --> 00:38:12,839
and testing and or bug bounties and I'll
1011
00:38:12,839 --> 00:38:15,300
sort of explain how these two uh play
1012
00:38:15,300 --> 00:38:17,400
into each other right
1013
00:38:17,400 --> 00:38:20,099
um so why is this important well you'll
1014
00:38:20,099 --> 00:38:22,800
come across web apps uh web app pen
1015
00:38:22,800 --> 00:38:24,540
testing quite a lot of your pen test or
1016
00:38:24,540 --> 00:38:26,280
red email this is this is something that
1017
00:38:26,280 --> 00:38:29,160
you can opt out of specializing in but
1018
00:38:29,160 --> 00:38:31,140
it's good to know how to do it again you
1019
00:38:31,140 --> 00:38:33,660
don't have to specialize in web app and
1020
00:38:33,660 --> 00:38:35,579
testing because again it is an entire
1021
00:38:35,579 --> 00:38:37,740
field of its own really especially now
1022
00:38:37,740 --> 00:38:39,780
but I would recommend you know just
1023
00:38:39,780 --> 00:38:42,060
starting off with the with pawning or
1024
00:38:42,060 --> 00:38:44,640
hacking vulnerable web applications you
1025
00:38:44,640 --> 00:38:47,040
know that could be stuff like the damn
1026
00:38:47,040 --> 00:38:48,960
vulnerable web application it could be
1027
00:38:48,960 --> 00:38:51,720
OS motility stuff like that just getting
1028
00:38:51,720 --> 00:38:54,660
on you know getting into grips with what
1029
00:38:54,660 --> 00:38:56,820
web app and testing is and now I know
1030
00:38:56,820 --> 00:38:58,440
that there's a lot that falls on under
1031
00:38:58,440 --> 00:39:01,140
here but learning the fundamentals of
1032
00:39:01,140 --> 00:39:05,280
http of Recon Etc right and learning
1033
00:39:05,280 --> 00:39:07,140
about how the web works
1034
00:39:07,140 --> 00:39:10,740
and the best way that I've seen this you
1035
00:39:10,740 --> 00:39:11,760
know work
1036
00:39:11,760 --> 00:39:14,220
for me and one thing that I need to also
1037
00:39:14,220 --> 00:39:16,079
point out is that I've seen this a lot
1038
00:39:16,079 --> 00:39:18,359
in my career is that even with pen
1039
00:39:18,359 --> 00:39:21,000
testers or red teamers this is an area
1040
00:39:21,000 --> 00:39:23,339
or a topic that they either like or they
1041
00:39:23,339 --> 00:39:25,020
don't like I've seen those two types of
1042
00:39:25,020 --> 00:39:26,400
pen testers they either really
1043
00:39:26,400 --> 00:39:28,560
passionate about web apps and the web in
1044
00:39:28,560 --> 00:39:31,320
general or they're not they know how to
1045
00:39:31,320 --> 00:39:33,420
you know how to perform a pen test on a
1046
00:39:33,420 --> 00:39:34,680
web app but it's not something they
1047
00:39:34,680 --> 00:39:36,240
enjoy doing as a result they don't get
1048
00:39:36,240 --> 00:39:39,240
into bug Bounty so that's one uh One
1049
00:39:39,240 --> 00:39:42,060
path but I would recommend you getting
1050
00:39:42,060 --> 00:39:43,740
your hands dirty with web app and
1051
00:39:43,740 --> 00:39:46,740
testing before you come to that to that
1052
00:39:46,740 --> 00:39:48,420
assessment or to that judgment you know
1053
00:39:48,420 --> 00:39:50,040
before you actually make up a decision
1054
00:39:50,040 --> 00:39:53,339
on what you want to do so one of the
1055
00:39:53,339 --> 00:39:55,260
things I recommend doing is developing a
1056
00:39:55,260 --> 00:39:59,220
web app and more specifically PHP MySQL
1057
00:39:59,220 --> 00:40:01,619
the example or the application I can
1058
00:40:01,619 --> 00:40:03,359
give you an idea for is a very simple
1059
00:40:03,359 --> 00:40:05,400
content management system there's plenty
1060
00:40:05,400 --> 00:40:07,619
of guides out there already written code
1061
00:40:07,619 --> 00:40:09,540
but write it you know for yourself learn
1062
00:40:09,540 --> 00:40:12,780
about PHP as a server-side language
1063
00:40:12,780 --> 00:40:14,700
um you know the front end that's stuff
1064
00:40:14,700 --> 00:40:16,560
that you can pick up easily but
1065
00:40:16,560 --> 00:40:18,480
obviously JavaScript is going to be a
1066
00:40:18,480 --> 00:40:21,720
huge factor in that but develop your own
1067
00:40:21,720 --> 00:40:23,579
content management system very simple
1068
00:40:23,579 --> 00:40:25,680
one where you know you have a login page
1069
00:40:25,680 --> 00:40:28,200
and then once you log in you can write a
1070
00:40:28,200 --> 00:40:30,300
simple blog post and that's rendered uh
1071
00:40:30,300 --> 00:40:32,040
properly or the way you want it rendered
1072
00:40:32,040 --> 00:40:34,740
on the front end and the reason I say
1073
00:40:34,740 --> 00:40:36,180
this is this will teach you a lot about
1074
00:40:36,180 --> 00:40:38,220
where mistakes are made with regards to
1075
00:40:38,220 --> 00:40:39,720
developing web apps even if it's
1076
00:40:39,720 --> 00:40:41,940
extremely trivial it just gives you that
1077
00:40:41,940 --> 00:40:45,240
tacit understanding as to where
1078
00:40:45,240 --> 00:40:47,040
developers make mistakes even if they
1079
00:40:47,040 --> 00:40:48,359
don't make them anymore you'll still
1080
00:40:48,359 --> 00:40:50,040
find web apps with some very common
1081
00:40:50,040 --> 00:40:52,079
vulnerabilities but learn about you know
1082
00:40:52,079 --> 00:40:54,839
input sanitization you know upload
1083
00:40:54,839 --> 00:40:57,859
filters stuff like that and of course
1084
00:40:57,859 --> 00:41:01,200
code execution which is not that common
1085
00:41:01,200 --> 00:41:03,780
nowadays but you know you still may run
1086
00:41:03,780 --> 00:41:07,020
you still may come across it so develop
1087
00:41:07,020 --> 00:41:08,760
that content management system without
1088
00:41:08,760 --> 00:41:12,500
any security uh any uh secure code
1089
00:41:12,500 --> 00:41:15,180
process integrated into it and then try
1090
00:41:15,180 --> 00:41:16,680
and hack it and you'll actually see
1091
00:41:16,680 --> 00:41:19,140
where the where mistakes are made you
1092
00:41:19,140 --> 00:41:21,240
learn how to assess web applications how
1093
00:41:21,240 --> 00:41:22,500
to test them for specific
1094
00:41:22,500 --> 00:41:24,720
vulnerabilities and do this in tandem
1095
00:41:24,720 --> 00:41:26,579
with the vulnerable web apps and the OS
1096
00:41:26,579 --> 00:41:29,760
top 10 and the OS security testing guide
1097
00:41:29,760 --> 00:41:31,440
they'll sort of give you an
1098
00:41:31,440 --> 00:41:33,180
understanding as to the types of
1099
00:41:33,180 --> 00:41:34,500
vulnerabilities you'll come across
1100
00:41:34,500 --> 00:41:38,520
nowadays on Modern web apps uh
1101
00:41:38,520 --> 00:41:40,800
what causes the vulnerabilities which
1102
00:41:40,800 --> 00:41:42,359
you can then re-implement within your
1103
00:41:42,359 --> 00:41:44,400
own web app or within your own lab and
1104
00:41:44,400 --> 00:41:46,380
then test you know it's a it's
1105
00:41:46,380 --> 00:41:48,480
essentially a cyclic process but learn
1106
00:41:48,480 --> 00:41:50,099
about that and then if you want to get
1107
00:41:50,099 --> 00:41:52,200
into bug bounties you know learn Recon
1108
00:41:52,200 --> 00:41:54,000
and watch everything from Jason Haddix
1109
00:41:54,000 --> 00:41:57,180
and namsec I mean these two guys have
1110
00:41:57,180 --> 00:41:59,160
you know really really
1111
00:41:59,160 --> 00:41:59,700
um
1112
00:41:59,700 --> 00:42:01,619
contributed a lot and of course I've not
1113
00:42:01,619 --> 00:42:03,180
mentioned other creators not because
1114
00:42:03,180 --> 00:42:05,460
they're not good or anything just not
1115
00:42:05,460 --> 00:42:07,380
enough space here there's a ton of other
1116
00:42:07,380 --> 00:42:09,900
creators that do bug Bounty stuff like
1117
00:42:09,900 --> 00:42:11,700
uh you know for example right off the
1118
00:42:11,700 --> 00:42:13,800
top of my head we have Stoke uh we have
1119
00:42:13,800 --> 00:42:16,859
uh you know Christy Christy Vlad uh
1120
00:42:16,859 --> 00:42:19,740
excellent stuff from him uh you know and
1121
00:42:19,740 --> 00:42:22,020
they did you know they're really good at
1122
00:42:22,020 --> 00:42:23,579
what they do which is web app and
1123
00:42:23,579 --> 00:42:26,040
testing among many other uh things or
1124
00:42:26,040 --> 00:42:28,740
many other areas of expertise or subject
1125
00:42:28,740 --> 00:42:31,440
matter but they'll really set you in the
1126
00:42:31,440 --> 00:42:32,880
right direction with regards to bug
1127
00:42:32,880 --> 00:42:34,320
bounties and then of course that'll
1128
00:42:34,320 --> 00:42:36,780
directly take you to web proxies where
1129
00:42:36,780 --> 00:42:38,760
you can utilize Oasis app if you're on a
1130
00:42:38,760 --> 00:42:40,440
low budget or you know the community
1131
00:42:40,440 --> 00:42:42,300
version of burp Suite but you know I
1132
00:42:42,300 --> 00:42:43,680
would recommend learning about how to
1133
00:42:43,680 --> 00:42:47,339
utilize zap first that will
1134
00:42:47,339 --> 00:42:49,320
um that'll sort of give you an idea as
1135
00:42:49,320 --> 00:42:51,060
to whether or not you want to invest in
1136
00:42:51,060 --> 00:42:52,980
a burp Suite license but that's up to
1137
00:42:52,980 --> 00:42:55,440
you and just get started with bug
1138
00:42:55,440 --> 00:42:57,119
bounties but I've always recommended
1139
00:42:57,119 --> 00:43:00,240
this start off with bug bounties locally
1140
00:43:00,240 --> 00:43:02,460
so look at the web apps you use on a
1141
00:43:02,460 --> 00:43:04,859
daily basis the the local ones to you
1142
00:43:04,859 --> 00:43:07,980
know uh specific to your region because
1143
00:43:07,980 --> 00:43:09,119
those are the ones that are most
1144
00:43:09,119 --> 00:43:10,859
important to you that you know a lot
1145
00:43:10,859 --> 00:43:13,680
about and do not take that uh lightly if
1146
00:43:13,680 --> 00:43:15,180
you know if you've used the web app
1147
00:43:15,180 --> 00:43:17,640
before you know a lot about how it works
1148
00:43:17,640 --> 00:43:19,319
and where the potential endpoints are
1149
00:43:19,319 --> 00:43:20,579
for example
1150
00:43:20,579 --> 00:43:24,060
so take that into consideration because
1151
00:43:24,060 --> 00:43:26,099
if you get into you know platforms like
1152
00:43:26,099 --> 00:43:28,500
background hacker one they sort of have
1153
00:43:28,500 --> 00:43:30,240
a competitive nature which for a
1154
00:43:30,240 --> 00:43:32,220
beginner can throw you off because it
1155
00:43:32,220 --> 00:43:34,440
now becomes about how many disclosures
1156
00:43:34,440 --> 00:43:36,119
you can get how many bounties you got
1157
00:43:36,119 --> 00:43:38,880
how much you got paid which is not good
1158
00:43:38,880 --> 00:43:40,500
to begin with if you want to make money
1159
00:43:40,500 --> 00:43:42,900
that's fine but in the beginning you
1160
00:43:42,900 --> 00:43:44,579
need to be comfortable with what you're
1161
00:43:44,579 --> 00:43:46,079
doing before you start going onto
1162
00:43:46,079 --> 00:43:48,300
platforms like hacker one you know you
1163
00:43:48,300 --> 00:43:50,060
know onto Public
1164
00:43:50,060 --> 00:43:54,240
public programs so keep that in mind and
1165
00:43:54,240 --> 00:43:55,319
of course
1166
00:43:55,319 --> 00:43:57,660
this process will eventually show you
1167
00:43:57,660 --> 00:43:59,099
what you're good at with regards to
1168
00:43:59,099 --> 00:44:01,200
vulnerabilities so you may you may be
1169
00:44:01,200 --> 00:44:02,880
good at cross-site scripting you may be
1170
00:44:02,880 --> 00:44:04,920
good at SQL injection you may be good at
1171
00:44:04,920 --> 00:44:05,900
uh
1172
00:44:05,900 --> 00:44:10,200
identifying uh insecure authorization or
1173
00:44:10,200 --> 00:44:12,300
local file inclusion vulnerabilities as
1174
00:44:12,300 --> 00:44:15,599
an example you know and uh take a look
1175
00:44:15,599 --> 00:44:18,480
at disclosures reports and blog posts by
1176
00:44:18,480 --> 00:44:20,220
other people doing bug bounties the
1177
00:44:20,220 --> 00:44:22,619
people you know who are very good at
1178
00:44:22,619 --> 00:44:24,300
identifying the vulnerabilities that you
1179
00:44:24,300 --> 00:44:25,800
like or that you're very good at
1180
00:44:25,800 --> 00:44:28,440
identifying as well you learn a lot from
1181
00:44:28,440 --> 00:44:30,660
them and this is where you start getting
1182
00:44:30,660 --> 00:44:32,940
into the community you know uh start
1183
00:44:32,940 --> 00:44:34,980
again it comes back to the idea of
1184
00:44:34,980 --> 00:44:37,460
having your own blog uh you know right
1185
00:44:37,460 --> 00:44:39,839
blog posts about vulnerabilities how you
1186
00:44:39,839 --> 00:44:41,400
did stuff of course taking into account
1187
00:44:41,400 --> 00:44:43,500
responsible disclosure and all of that
1188
00:44:43,500 --> 00:44:46,619
good stuff but yeah web app and testing
1189
00:44:46,619 --> 00:44:48,180
is a very tacit
1190
00:44:48,180 --> 00:44:49,260
um
1191
00:44:49,260 --> 00:44:52,440
very tacit path in that you need to get
1192
00:44:52,440 --> 00:44:54,780
your hands dirty and you will spend a
1193
00:44:54,780 --> 00:44:55,980
lot of time here if this is something
1194
00:44:55,980 --> 00:44:57,540
that you like this may be something
1195
00:44:57,540 --> 00:44:59,040
you'll end up pursuing you know in the
1196
00:44:59,040 --> 00:45:01,440
form of bug bounties so I personally
1197
00:45:01,440 --> 00:45:03,540
like web app and testing and I do bug
1198
00:45:03,540 --> 00:45:05,819
Bounty sometimes but I just don't have
1199
00:45:05,819 --> 00:45:08,640
the time because my primary job deviates
1200
00:45:08,640 --> 00:45:10,800
slightly from web app and testing so I
1201
00:45:10,800 --> 00:45:12,420
always find myself coming back and
1202
00:45:12,420 --> 00:45:14,520
having to gain momentum again and you
1203
00:45:14,520 --> 00:45:15,839
know all of that good stuff but I do
1204
00:45:15,839 --> 00:45:18,500
like whether I've been testing so yeah
1205
00:45:18,500 --> 00:45:21,180
that's uh generally speaking what I
1206
00:45:21,180 --> 00:45:23,819
recommend for year two when it comes
1207
00:45:23,819 --> 00:45:25,619
down to year three this is an area now
1208
00:45:25,619 --> 00:45:28,740
that you get into specializing right
1209
00:45:28,740 --> 00:45:31,200
uh and I haven't covered Blue Team as so
1210
00:45:31,200 --> 00:45:32,040
there's something that I'll probably
1211
00:45:32,040 --> 00:45:33,720
cover later but if you're into pen
1212
00:45:33,720 --> 00:45:35,339
testing in red teaming or the offensive
1213
00:45:35,339 --> 00:45:37,920
side of things anti-virus and ETR
1214
00:45:37,920 --> 00:45:40,859
evasion are very very important
1215
00:45:40,859 --> 00:45:43,079
um these are areas that I'll be delving
1216
00:45:43,079 --> 00:45:44,940
deeper into in their own videos because
1217
00:45:44,940 --> 00:45:47,400
they deserve their own videos another
1218
00:45:47,400 --> 00:45:49,079
one of course is active directory pen
1219
00:45:49,079 --> 00:45:51,180
testing which is another tangent that
1220
00:45:51,180 --> 00:45:53,880
you'll find yourself going down learn
1221
00:45:53,880 --> 00:45:55,800
about red teaming tactics techniques and
1222
00:45:55,800 --> 00:45:57,240
procedures for the mighty attack
1223
00:45:57,240 --> 00:45:58,980
framework or the Cyber kill chain but
1224
00:45:58,980 --> 00:46:01,260
learn the mighty attack framework learn
1225
00:46:01,260 --> 00:46:02,940
about port forwarding and pivoting
1226
00:46:02,940 --> 00:46:06,540
within a a large Network C2 Frameworks
1227
00:46:06,540 --> 00:46:08,040
like Havoc
1228
00:46:08,040 --> 00:46:08,940
um
1229
00:46:08,940 --> 00:46:11,280
Covenant partial Empire
1230
00:46:11,280 --> 00:46:13,859
you know plethora of others like Posh so
1231
00:46:13,859 --> 00:46:15,300
on and so forth learn about how they
1232
00:46:15,300 --> 00:46:17,339
work why they're utilized uh how to
1233
00:46:17,339 --> 00:46:19,260
utilize them not just for post
1234
00:46:19,260 --> 00:46:21,780
exploitation but also for exfiltration
1235
00:46:21,780 --> 00:46:24,240
learn about fish fishing and initial
1236
00:46:24,240 --> 00:46:26,520
access ttps this is arguably the most
1237
00:46:26,520 --> 00:46:28,020
important especially if you're in the in
1238
00:46:28,020 --> 00:46:30,240
red teaming then about how to set up you
1239
00:46:30,240 --> 00:46:31,980
know proper fishing infrastructure how
1240
00:46:31,980 --> 00:46:34,260
to set up or how to write good phishing
1241
00:46:34,260 --> 00:46:37,140
emails and that'll then take you deeper
1242
00:46:37,140 --> 00:46:39,359
into resource development where you
1243
00:46:39,359 --> 00:46:42,119
learn how to develop your own macros uh
1244
00:46:42,119 --> 00:46:43,619
how to develop your own malicious
1245
00:46:43,619 --> 00:46:46,260
documents your own malicious executables
1246
00:46:46,260 --> 00:46:49,079
payloads all that good stuff
1247
00:46:49,079 --> 00:46:52,319
and also you know then within year three
1248
00:46:52,319 --> 00:46:54,900
another great place or another important
1249
00:46:54,900 --> 00:46:56,760
area is adversary emulation this is
1250
00:46:56,760 --> 00:46:58,380
specific to the red team is but also
1251
00:46:58,380 --> 00:47:00,060
useful to the blue and purple teamers
1252
00:47:00,060 --> 00:47:02,460
learn about what adversary emulation is
1253
00:47:02,460 --> 00:47:05,160
analyze apt groups or thread groups and
1254
00:47:05,160 --> 00:47:07,200
their operations uh their previous
1255
00:47:07,200 --> 00:47:10,140
operations or historically speaking uh
1256
00:47:10,140 --> 00:47:12,300
learn about their trade craft their ttps
1257
00:47:12,300 --> 00:47:14,280
and their software or malware that
1258
00:47:14,280 --> 00:47:16,500
they've utilized the industries they
1259
00:47:16,500 --> 00:47:19,440
target and more important to this learn
1260
00:47:19,440 --> 00:47:22,260
how to utilize edrs and seems like Wazoo
1261
00:47:22,260 --> 00:47:23,819
they're you know completely free to
1262
00:47:23,819 --> 00:47:25,500
detect your attacks and understand the
1263
00:47:25,500 --> 00:47:27,660
defender's perspective so that you
1264
00:47:27,660 --> 00:47:29,579
understand what you look like what your
1265
00:47:29,579 --> 00:47:32,400
activity looks like uh if there is a
1266
00:47:32,400 --> 00:47:34,380
blue team in place because that's
1267
00:47:34,380 --> 00:47:35,880
something that you know is very very
1268
00:47:35,880 --> 00:47:36,900
important
1269
00:47:36,900 --> 00:47:38,099
um especially in the context of
1270
00:47:38,099 --> 00:47:40,500
adversity emulation because stealth and
1271
00:47:40,500 --> 00:47:43,460
persistence is is a key factor or key
1272
00:47:43,460 --> 00:47:45,839
determinant here
1273
00:47:45,839 --> 00:47:48,359
and of course this will take you down to
1274
00:47:48,359 --> 00:47:51,000
manually automatically emulating apts or
1275
00:47:51,000 --> 00:47:52,740
threat groups you know automatically
1276
00:47:52,740 --> 00:47:55,020
that could be through a tool like miter
1277
00:47:55,020 --> 00:47:57,720
Caldera or the atomic
1278
00:47:57,720 --> 00:48:00,900
um the atomic red team tests and then of
1279
00:48:00,900 --> 00:48:03,119
course manually most of your adversary
1280
00:48:03,119 --> 00:48:05,280
emulation or simulation campaigns will
1281
00:48:05,280 --> 00:48:08,160
be uh will involve you know manual face
1282
00:48:08,160 --> 00:48:09,780
to them especially in the resource
1283
00:48:09,780 --> 00:48:11,880
development side of things uh but uh
1284
00:48:11,880 --> 00:48:15,000
yeah that's uh what I recommend for year
1285
00:48:15,000 --> 00:48:16,920
three with regards to ready means
1286
00:48:16,920 --> 00:48:18,720
specific now another area that you can
1287
00:48:18,720 --> 00:48:21,180
get into and again this is very nuanced
1288
00:48:21,180 --> 00:48:23,099
this is something that I at least in my
1289
00:48:23,099 --> 00:48:24,359
experience I've seen that you either
1290
00:48:24,359 --> 00:48:27,359
like or you find
1291
00:48:27,359 --> 00:48:29,940
um intuitive or not it doesn't say
1292
00:48:29,940 --> 00:48:31,560
anything about your intelligence or
1293
00:48:31,560 --> 00:48:34,079
anything like that but reverse
1294
00:48:34,079 --> 00:48:35,940
engineering you know binary exploitation
1295
00:48:35,940 --> 00:48:38,880
malware analysis these are all very very
1296
00:48:38,880 --> 00:48:40,859
nuanced fields that require a lot of
1297
00:48:40,859 --> 00:48:42,960
prerequisite knowledge specifically with
1298
00:48:42,960 --> 00:48:45,359
regards to development and in my opinion
1299
00:48:45,359 --> 00:48:47,819
the only way way for you to successfully
1300
00:48:47,819 --> 00:48:50,339
learn reverse engineering is for you to
1301
00:48:50,339 --> 00:48:52,560
have developed an application either in
1302
00:48:52,560 --> 00:48:54,540
C C plus plus or c-sharp you know
1303
00:48:54,540 --> 00:48:57,000
specifically in the case of Windows that
1304
00:48:57,000 --> 00:48:59,579
that's not exclusively the case but
1305
00:48:59,579 --> 00:49:01,980
if you have developed a windows program
1306
00:49:01,980 --> 00:49:04,740
or net application reverse engineering
1307
00:49:04,740 --> 00:49:06,480
it will make sense it you'll actually
1308
00:49:06,480 --> 00:49:09,480
understand what's going on and so
1309
00:49:09,480 --> 00:49:11,520
that's what I recommend doing now of
1310
00:49:11,520 --> 00:49:13,140
course in most cases you're going to be
1311
00:49:13,140 --> 00:49:15,000
in a black box type of scenario where
1312
00:49:15,000 --> 00:49:16,140
you're reverse engineering and
1313
00:49:16,140 --> 00:49:17,940
executable or you're performing malware
1314
00:49:17,940 --> 00:49:19,619
analysis on a malware sample you've
1315
00:49:19,619 --> 00:49:21,960
never analyzed before and that's where
1316
00:49:21,960 --> 00:49:23,819
the other skills like you know of course
1317
00:49:23,819 --> 00:49:26,880
assembly is one of them both x86 and x64
1318
00:49:26,880 --> 00:49:28,920
is important but you know you have your
1319
00:49:28,920 --> 00:49:31,020
typical debugging skills disassembling
1320
00:49:31,020 --> 00:49:32,280
skills where you have you know either
1321
00:49:32,280 --> 00:49:34,440
immunity you're going to debugger so on
1322
00:49:34,440 --> 00:49:36,599
and so forth and also get rid to a
1323
00:49:36,599 --> 00:49:38,940
certain extent but this is an area that
1324
00:49:38,940 --> 00:49:40,680
I'll also be exploring just to give you
1325
00:49:40,680 --> 00:49:43,260
guys a taste of what this looks like
1326
00:49:43,260 --> 00:49:45,060
um you know using completely practical
1327
00:49:45,060 --> 00:49:47,819
examples but that's another area you can
1328
00:49:47,819 --> 00:49:50,460
focus on in year three now to put all of
1329
00:49:50,460 --> 00:49:52,859
this into context before we end the
1330
00:49:52,859 --> 00:49:53,880
video
1331
00:49:53,880 --> 00:49:55,740
um if you're a blue team as I said I'll
1332
00:49:55,740 --> 00:49:58,619
be making a guide on that because a lot
1333
00:49:58,619 --> 00:50:00,359
of people you know blue team really
1334
00:50:00,359 --> 00:50:02,520
isn't that popular especially in
1335
00:50:02,520 --> 00:50:05,220
colleges in universities but still of an
1336
00:50:05,220 --> 00:50:08,099
excellent field to pursue one that I
1337
00:50:08,099 --> 00:50:10,740
like and find myself you know uh now
1338
00:50:10,740 --> 00:50:13,079
more than ever getting back into
1339
00:50:13,079 --> 00:50:15,119
but that's only to better my operations
1340
00:50:15,119 --> 00:50:17,400
on the red team side so I'm a bit biased
1341
00:50:17,400 --> 00:50:19,560
there but I'll be setting up a guide for
1342
00:50:19,560 --> 00:50:21,240
the blue teamers and you know for anyone
1343
00:50:21,240 --> 00:50:24,060
wants to become a sock uh sock analyst
1344
00:50:24,060 --> 00:50:25,800
Etc
1345
00:50:25,800 --> 00:50:28,200
um so yeah that's really the guide that
1346
00:50:28,200 --> 00:50:30,000
I have come up with and I said I've put
1347
00:50:30,000 --> 00:50:33,000
a lot of time and Research into this and
1348
00:50:33,000 --> 00:50:33,900
um
1349
00:50:33,900 --> 00:50:36,119
again the reason I made it is to provide
1350
00:50:36,119 --> 00:50:38,640
you with a guideline or a roadmap if you
1351
00:50:38,640 --> 00:50:39,300
will
1352
00:50:39,300 --> 00:50:42,420
on what you should you should know at
1353
00:50:42,420 --> 00:50:43,740
the end of the three years and again it
1354
00:50:43,740 --> 00:50:45,420
doesn't have to it this is not you know
1355
00:50:45,420 --> 00:50:47,220
set in stone or anything like that it
1356
00:50:47,220 --> 00:50:49,500
can expand to three five six years
1357
00:50:49,500 --> 00:50:53,220
whatever time you have because I know a
1358
00:50:53,220 --> 00:50:54,720
lot of people especially those who are
1359
00:50:54,720 --> 00:50:56,339
transitioning careers already have a day
1360
00:50:56,339 --> 00:50:58,200
job so I can understand the time
1361
00:50:58,200 --> 00:51:00,300
constraints and one thing that you'll
1362
00:51:00,300 --> 00:51:02,220
find and this is completely normal and
1363
00:51:02,220 --> 00:51:04,140
it's something that I encourage is that
1364
00:51:04,140 --> 00:51:05,880
let's say on year two when you're taking
1365
00:51:05,880 --> 00:51:07,380
a look at pen testing or post
1366
00:51:07,380 --> 00:51:09,720
exploitation is you'll go off on
1367
00:51:09,720 --> 00:51:11,640
tangents of your own within a specific
1368
00:51:11,640 --> 00:51:13,260
topic maybe if you're taking a look at
1369
00:51:13,260 --> 00:51:14,880
exploitation Frameworks that's fine
1370
00:51:14,880 --> 00:51:17,339
that's actually awesome but always
1371
00:51:17,339 --> 00:51:19,380
remember to come back to the guide and
1372
00:51:19,380 --> 00:51:20,520
again you don't have to follow mine
1373
00:51:20,520 --> 00:51:22,140
there's plenty of other guides out there
1374
00:51:22,140 --> 00:51:24,599
what I really wanted to stress is that
1375
00:51:24,599 --> 00:51:26,520
if you want to achieve anything in life
1376
00:51:26,520 --> 00:51:29,280
you need a goal and you need a timeline
1377
00:51:29,280 --> 00:51:32,160
those are the two trust me I know it may
1378
00:51:32,160 --> 00:51:34,920
sound cliche but just try it out for
1379
00:51:34,920 --> 00:51:36,960
yourself and you know set a no-nonsense
1380
00:51:36,960 --> 00:51:39,240
deadline but a realistic one of course
1381
00:51:39,240 --> 00:51:43,400
stick into account all of the
1382
00:51:43,559 --> 00:51:46,140
all of the work that you may have or you
1383
00:51:46,140 --> 00:51:47,400
know the time constraints if you're a
1384
00:51:47,400 --> 00:51:49,380
student make sure it's realistic so
1385
00:51:49,380 --> 00:51:50,880
don't say I'm going to learn how to hack
1386
00:51:50,880 --> 00:51:52,980
active directory in a month that's
1387
00:51:52,980 --> 00:51:55,200
unrealistic you can say
1388
00:51:55,200 --> 00:52:00,079
six months say in 2022 oh sorry 2023
1389
00:52:00,079 --> 00:52:04,020
by let's say July
1390
00:52:04,020 --> 00:52:06,119
I am going to have
1391
00:52:06,119 --> 00:52:08,160
not mastered but I'm going to have
1392
00:52:08,160 --> 00:52:10,140
learned how to pen test in an active
1393
00:52:10,140 --> 00:52:12,300
directory environment just set it just
1394
00:52:12,300 --> 00:52:14,220
say this is July and then you take a
1395
00:52:14,220 --> 00:52:16,559
look at build up a rough outline of what
1396
00:52:16,559 --> 00:52:17,940
you need to learn again it doesn't need
1397
00:52:17,940 --> 00:52:20,099
to be complete when you begin once you
1398
00:52:20,099 --> 00:52:21,540
start getting into it you'll start
1399
00:52:21,540 --> 00:52:23,160
filling in blanks that you didn't even
1400
00:52:23,160 --> 00:52:24,960
know were there you'll start seeing
1401
00:52:24,960 --> 00:52:26,700
stuff that you didn't know were there
1402
00:52:26,700 --> 00:52:29,339
that is not available online you know
1403
00:52:29,339 --> 00:52:31,680
that that's what now upsets you or marks
1404
00:52:31,680 --> 00:52:34,260
you out as a pen tester because you'll
1405
00:52:34,260 --> 00:52:35,880
start having this innate knowledge of
1406
00:52:35,880 --> 00:52:37,800
Technologies and how to assess them you
1407
00:52:37,800 --> 00:52:39,960
know so on and so forth but
1408
00:52:39,960 --> 00:52:42,960
uh set a deadline say okay I'm going to
1409
00:52:42,960 --> 00:52:44,819
learn this in month one two three four
1410
00:52:44,819 --> 00:52:48,119
five six Etc and uh you don't have to be
1411
00:52:48,119 --> 00:52:49,800
crazy with your time you don't have to
1412
00:52:49,800 --> 00:52:51,780
say oh every day I'm gonna focus on my
1413
00:52:51,780 --> 00:52:54,119
ad pen testing for six hours that's
1414
00:52:54,119 --> 00:52:56,880
unrealistic it's inhuman you can only
1415
00:52:56,880 --> 00:52:58,980
focus on something for like four hours a
1416
00:52:58,980 --> 00:53:01,440
day intellectually speaking you know uh
1417
00:53:01,440 --> 00:53:03,420
otherwise that after that your brain
1418
00:53:03,420 --> 00:53:05,220
just turns off you know whatever you're
1419
00:53:05,220 --> 00:53:08,460
learning isn't um isn't really uh isn't
1420
00:53:08,460 --> 00:53:10,559
really being saved in your memory and
1421
00:53:10,559 --> 00:53:12,000
there's a lot of signs to back that up
1422
00:53:12,000 --> 00:53:15,059
so be realistic just say every every day
1423
00:53:15,059 --> 00:53:18,359
five days a week four days a week is
1424
00:53:18,359 --> 00:53:20,579
typically good for two hours I'm just
1425
00:53:20,579 --> 00:53:23,339
gonna do a deep end testing and trust me
1426
00:53:23,339 --> 00:53:26,220
you can take a vacation you can enjoy
1427
00:53:26,220 --> 00:53:28,200
your weekends you don't have to be crazy
1428
00:53:28,200 --> 00:53:31,319
about it trust me by the end of that six
1429
00:53:31,319 --> 00:53:33,059
months
1430
00:53:33,059 --> 00:53:35,280
again you'll not be able to recognize
1431
00:53:35,280 --> 00:53:38,520
who you were uh when you started with
1432
00:53:38,520 --> 00:53:40,020
regards to your skill set in a
1433
00:53:40,020 --> 00:53:41,819
particular topic like active directory
1434
00:53:41,819 --> 00:53:43,319
pen testing so
1435
00:53:43,319 --> 00:53:45,300
again I would love to hear what you guys
1436
00:53:45,300 --> 00:53:48,359
think in the comment section uh and of
1437
00:53:48,359 --> 00:53:50,520
course your feedback is extremely uh
1438
00:53:50,520 --> 00:53:52,680
valuable I do appreciate all the support
1439
00:53:52,680 --> 00:53:55,200
you guys give me uh if you found this
1440
00:53:55,200 --> 00:53:57,359
video helpful uh please give it a like
1441
00:53:57,359 --> 00:53:58,980
or share it with your peers especially
1442
00:53:58,980 --> 00:54:00,780
if you're in school or university if you
1443
00:54:00,780 --> 00:54:03,180
think this may be helpful but yeah
1444
00:54:03,180 --> 00:54:04,500
overall I would like to see what you
1445
00:54:04,500 --> 00:54:05,819
guys have to say in the comment section
1446
00:54:05,819 --> 00:54:08,160
I know I have we have a diverse audience
1447
00:54:08,160 --> 00:54:09,180
of
1448
00:54:09,180 --> 00:54:11,880
students professionals and people now
1449
00:54:11,880 --> 00:54:14,579
who are getting into management so I
1450
00:54:14,579 --> 00:54:16,260
really like to hear what you guys think
1451
00:54:16,260 --> 00:54:19,260
and yeah thank you very much for
1452
00:54:19,260 --> 00:54:21,059
watching this video and I'll be seeing
1453
00:54:21,059 --> 00:54:24,500
you in the next video
1454
00:54:29,670 --> 00:54:32,769
[Music]
104105
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.