Commute Plan - Back to InfoSec!

So, to get back into infosec I am going with the following plan, in loop

Do:

  1. Find and read a thing on the topic (Blog, book, etc)
  2. Hands on (local gear, VM, cloud, demo web thing)
  3. Class, test or cert


For:

  • Python
  • Powershell
  • Windows server security options
  • Windows desktop security options
  • Windows Active Directory management
  • VLANs
  • Firewall settings
  • Port controls
  • Web-testing basics: SQL injections, XSS
  • Server testing basics: ports, connections
  • network scan / port scan
  • automation of patching, WSUS
  • patch scan
  • SQL
  • MS-SQL
  • DNS management in windows
  • DNS settings on registrar
  • Windows IIS
  • Windows S/FTP
  • RAID / SAN shenanigans
  • SMTP
  • SSL
  • Load Balancing
  • Database balancing
  • VMware (hyperV)
  • Physical lock down (disable usb etc)
  • Policy Groups
  • VPN
  • nmap
  • metasploit
  • splunk
  • github
  • LAMP (apache)
  • Add WMI, AppLocker, Credential Guard, Device Guard, and EMET/Windows Defender Exploit Guard to the list (recent developments or becoming more pertinent)

Comments

  1. Suggestions:
    Grab a copy of @georgiaweidman’s pentesting book?
    Try some CTFs? http://captf.com/practice-ctf/
    Set up some VMs and poke at them?

    ReplyDelete
  2. Suggestion:
    https://tisiphone.net/2016/08/26/starting-an-infosec-career-the-megamix-chapter-7/

    ReplyDelete
  3. Suggestion:
    setting up a Linux mail server including configuring DNS, STARTTLS, etc. (AWS free tier for that?)

    ReplyDelete
  4. Reading: https://github.com/alex/what-happens-when/blob/master/README.rst

    ReplyDelete
  5. Suggestion:
    https://blog.zsec.uk/101-web-testing-1/

    ReplyDelete
  6. resources:
    https://github.com/ForgottenSec/Transitioning_Into_InfoSec/blob/master/index.md

    ReplyDelete
  7. Seriously - looked at your resume. Beef up on a CI/CD tool now like Ansible or Chef. Tutorials are online for free. If you want to do real DevSecOps work, DM me.

    I will be honest though nobody will give you week on then week off telework. Doesn’t work that way in DC area.

    ReplyDelete
  8. Jonathan Katz


    @katzmandu
    Dec 20
    More
    Replying to @amazonv
    Download some free @splunk & learn that, too :D

    ReplyDelete

Post a Comment

Popular posts from this blog

Subscriptions