Studies, experiments, thoughts, and maybe other things
home |
blog |
linkedin |
github |
email
Intro - Diving into Infosec
22nd of September, 2024
What interests me the most about this area of IT - computer networks, cybersecurity - is how important it is, despite being "in the shadows". It seems that nowadays most people are dependent on technology, all the while having very little knowledge of how it works. Computers have revolutionized our lives, our work, our access to information and communication, and, the way human anatomy is fascinating, so is the anatomy of machines and networks. I'm on a mission to learn as much as I can about it all.
I'm putting down a list of topics and skills as I study, and I'll be revisiting with updates periodically.
So far I really love TryHackMe, HackTheBox as learning and practicing resources. This roadmap is also a good guide.
Networking
- OSI model
- Network topologies: star, ring, mesh, bus
- Network types: LAN, MAN, WAN, WLAN, PAN, CAN, SAN, SDWAN
- Common network protocols: HTTP/HTTPS, SSL/TLS, SSH, FTP/SFTP, RDP, POP3, IMAP, SMTP
- Common ports
- IP terminology
- IP address - IPv4, IPv6
- subnet mask
- default gateway address
- loopback address
- CIDR notations
- Subnetting
- APIPA
- DHCP
- DNS & DNS records
- NAT
- PAT/NAT overload
- MAC addresses
- NDP
- Network communication: unicast, broadcast, multicast, anycast
- ICMP
- VPN
- IPSec
- Network devides: hub, bridge, switch, router, Access Point, modem, repeater
- Wireless standards (IEEE 802.11)
- PoE
Operating systems & System Administration
- Windows, Linux, MacOS
- Installation & configuration
- Permissions
- Performing CRUD on files
- Navigation via GUI & CLI
- Common terminal commands
- Troubleshooting
Security skills
- Security principles
- Web hacking: Command injection, SQL injection
- IDOR vulnerabilities
- XSS vulnerabilities
- Burp Suite
- Subdomain enumeration
- Passive & Active Recoinnaissance
- Troubleshooting & Network tools
- ipconfig, ifconfig
- ping
- nmap
- nslookup
- tcpdump
- arp
- netstat
- tracert
- route
- Packet sniffers: Wireshark
- Port scanners
- Protocol analyzers
- Vulnerability research: CVSS, VPR, Vulnerability databases, CVEs
- Metasploit, meterpreter
- Privilege escalation
- Sending and receiving shells
- Hydra
Cloud skills
- cloud or on-premises
- Cloud services: Saas, PaaS, IaaS, DaaS
- Cloud architectures; SDN
- Cloud models: private, public, hybrid
- Common cloud storage options
- Cloud environments: AWS
home |
blog |
linkedin |
github |
email
