Commute Plan - Back to InfoSec!

So, to get back into infosec I am going with the following plan, in loop

Do:

  1. Find and read a thing on the topic (Blog, book, etc)
  2. Hands on (local gear, VM, cloud, demo web thing)
  3. Class, test or cert


For:

  • Python
  • Powershell
  • Windows server security options
  • Windows desktop security options
  • Windows Active Directory management
  • VLANs
  • Firewall settings
  • Port controls
  • Web-testing basics: SQL injections, XSS
  • Server testing basics: ports, connections
  • network scan / port scan
  • automation of patching, WSUS
  • patch scan
  • SQL
  • MS-SQL
  • DNS management in windows
  • DNS settings on registrar
  • Windows IIS
  • Windows S/FTP
  • RAID / SAN shenanigans
  • SMTP
  • SSL
  • Load Balancing
  • Database balancing
  • VMware (hyperV)
  • Physical lock down (disable usb etc)
  • Policy Groups
  • VPN
  • nmap
  • metasploit
  • splunk
  • github
  • LAMP (apache)
  • Add WMI, AppLocker, Credential Guard, Device Guard, and EMET/Windows Defender Exploit Guard to the list (recent developments or becoming more pertinent)

Comments

  1. AmazonVNovember 9, 2017 at 9:35 AM

    Suggestions:
    Grab a copy of @georgiaweidman’s pentesting book?
    Try some CTFs? http://captf.com/practice-ctf/
    Set up some VMs and poke at them?

    ReplyDelete
  2. AmazonVNovember 9, 2017 at 9:39 AM

    Suggestion:
    room362.com/start

    ReplyDelete
  3. AmazonVNovember 9, 2017 at 9:40 AM

    Suggestion:
    https://tisiphone.net/2016/08/26/starting-an-infosec-career-the-megamix-chapter-7/

    ReplyDelete
  4. AmazonVNovember 9, 2017 at 9:43 AM

    Suggestion:
    setting up a Linux mail server including configuring DNS, STARTTLS, etc. (AWS free tier for that?)

    ReplyDelete
  5. AmazonVNovember 9, 2017 at 9:43 AM

    Reading: https://github.com/alex/what-happens-when/blob/master/README.rst

    ReplyDelete
  6. AmazonVNovember 9, 2017 at 9:44 AM

    Suggestion:
    https://blog.zsec.uk/101-web-testing-1/

    ReplyDelete
  7. AmazonVNovember 9, 2017 at 10:05 AM

    resources:
    https://github.com/ForgottenSec/Transitioning_Into_InfoSec/blob/master/index.md

    ReplyDelete
  8. PaintNovember 10, 2017 at 10:43 AM

    Netacad has some free classes.

    ReplyDelete
  9. AmazonVDecember 6, 2017 at 3:10 PM

    Seriously - looked at your resume. Beef up on a CI/CD tool now like Ansible or Chef. Tutorials are online for free. If you want to do real DevSecOps work, DM me.

    I will be honest though nobody will give you week on then week off telework. Doesn’t work that way in DC area.

    ReplyDelete
  10. AmazonVDecember 22, 2017 at 8:40 PM

    Jonathan Katz


    @katzmandu
    Dec 20
    More
    Replying to @amazonv
    Download some free @splunk & learn that, too :D

    ReplyDelete

Post a Comment

Popular posts from this blog

Subscriptions

Here are subscription boxes I think are cool, have any to add? The Devotea USA tea http://us.the-devotea.com/totm Amoda Tea http://www.amodatea.com/pages/subscribe.php Tea Sparrow http://www.teasparrow.com/ loot crate geeky toys https://www.lootcrate.com/subscriptions/index handmade tea http://handmadetea.com/plans.php Graze Snacks http://www.graze.com/us/p/7JK41LPWT Naturebox snacks http://naturebox.com/ Birch Box beauty https://www.birchbox.com/shop/gift  Hammock Pack - staycations http://hammockpack.com/?page_id=31 Yumvelope snacks https://www.yumvelope.com/ Love with Food https://lovewithfood.com/subscriptions?s=top-bar-snackbox  Bagel of the month http://www.bagelofthemonthclub.com/packages/the-brooklyn-basics/ mystery box shop http://www.mysteryboxshop.com/ Nerd Block https://nerdblock.com/#subscribe Startup Threads https://www.startupthreads.com/monthly Quarterly http://quarterly.co/products/tina-roth-eisenberg http://quarterly.co/products/alexis-ohanian ht
Read more