5. Getting started in Computer Security
● Plenty of resources exist to get started with different areas of security
● You get out what you put into it
6. Intro to Exploitation
● General Goals:
○ Lateral Movement
○ Command and Control
○ Data Exfiltration
7. General Tools
● Kali Linux - contains many exploitation tools pre-installed
● FLARE VM - contains many security tools for use in a Windows
environment
9. Network
Attacking the network and network services,
often to access machines on said network.
Examples:
● Attacking Windows domains
● Attacking cloud infrastructure
Tools:
● nmap
Practice:
● HackTheBox
● CloudGoat
10. Linux
Escalating privileges, exfiltrating data,
establishing persistence, and more.
Examples:
● Hacking Linux?
Tools
● bash
● Metasploit
● Linux Knowledge
Practice
● OverTheWire - Bandit
● HackTheBox
● Metasploitable 2
11. Windows
Escalating privileges, exfiltrating data,
establishing persistence, and more.
Examples:
● Hacking Windows?
Tools
● Powershell
● Metasploit
● Windows Knowledge
Practice
● HackTheBox
● Metasploitable 3
● Immersive Labs (Powershell)
13. Web
Dumping databases, gaining code execution,
breaking webscale, learning too many
frameworks
Examples
● SQL Injection
● Code Execution
● Local File Includes
Tools
● Burp Suite
● Browser Developer Tools
Practice
● HackTheBox
● OverTheWire - Natas
● WebGoat
14. Binary
Exploiting flaws in a program to do “fun”
things
Example
● Bypassing authentication
● Gaining code execution
Tools
● gdb (Debuggers)
● IDA Pro (Disassemblers)
Practice
● pwnable.kr
● Protostar
● The Assembly Group
15. Overall
Being well “read” can give you a significant
edge in security
YouTube - Tutorials
● LiveOverflow
● GynvaelEN
YouTube - Talks
● DefCon
● BlackHat
● media.ccc.de (34C3)
News/Blogs
● /r/NetSec
● HackerNews