Diving more into stuff from the Pentester Academy, I ended up getting more interested in the Information Security subjects themselves instead of a means to an end to learning assembly programming for the NetBSD kernel. I still want to code NetBSD kernel, certainly, but Red Team stuff sure is interesting.
So, I haven’t made much progress in my assembly programming studies in the last week, as I’ve been working too much on this website… and I’m not a web designer, but there was always one more thing that isn’t right. The website is at a place where I’ll just leave it alone.
Also, I applied effort to get more into the InfoSec community at large, by surrounding myself in folks that have a passion for it, no matter if they have “made it” or not. Much of that is via Twitter, certainly, but it isn’t limited to that medium.
So, discerning diving into InfoSec Red Team stuff and seeing if it is for me.
Naturally, this certification seems to be something folks hold in high regard… and I want to see what it is all about. I got these books to help me learn what it is all about and if I truly want to apply a large amount of effort into it.
- “Penetration Testing: A Hands-On Introduction to Hacking” by Georgia Weidman (Amazon)
- “The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws 2nd Edition” by Dafydd Stuttard, Marcus Pinto (Amazon)
- “RTFM: Red Team Field Manual” by Ben Clark (Amazon)
While I’ve been doing this professionally for 20 years now, InfoSec has always been from the sidelines. I’ve been someone that has known infosec people but never was one. So, learning from titans and leaders in the field is important to me. I may not ever be mentored, but I can virtually apply mentorship and learnings from those that have put it out there.
- “Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World” by Marcus J Carey and Jennifer Jin. (Amazon)
- This is a treasure trove of amazing advice from folks that have made it in their own way and path. Virtual mentorship is amazing in this book!
- “Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World” by Joseph Menn (Amazon)
- Looking forward to diving into this after I finish the Tribe of Hackers book.
- “Snow Crash” by Neal Stephenson. (Audible)
- This book had a big impact on me when it came out. It is part of the reason I’m a programmer. I miss the wonder of what the Internet would become that existed during the time.
- Listening to this as an audiobook on my drives to and from work.
Having direct knowledge from folks that have solved the OSCP certification problem is super valuable. Here are some links I found that may be useful to you, too.
Staying up-to-date on big issues and being entertained at the same time is always a great combo. Here are a few podcasts I subscribe to now.
- InSecurity https://threatvector.cylance.com/en_us/home/insecurity-podcast-joseph-menn-on-cult-of-the-dead-cow-the-original-hacking-supergroup.html
- Smashing Security https://www.smashingsecurity.com/
- Security Now https://www.grc.com/securitynow.htm
- Internet Storm Center Stormcast https://isc.sans.edu/podcast.html
So yeah, I spent a lot of time away from learning new skills, but I think it was worth it. Now I don’t feel so unsettled and excited to continue learning.
Unrelated to much else, but I wasted too much time researching laptops. Looking like a Dell XPS or Lenovo Thinkpad at some point. I’m really good at making simple computing resources work well for me.