- This topic has 18 replies, 6 voices, and was last updated 9 years, 10 months ago by
.
-
Posts
-
-
I’m really interested in linux/wireless/wireless security/ and pentesting.
Currently I work as NOC/ linux support, so I’m gaining networking and linux experience. I just obtained my Linux+ this week and I want to learn more about linux but would the RHCSA/RHCE be useful for pentesting or is that just overkill?
For the wireless portion; I would like to get all 4 of the CWNP’s certs and maybe the cisco wireless certs but most people say to focus on the CWNP certs.
After I get the CWNA, that’s when I’ll start studying for the pentesting certs. I would really like to get the GPEN and GAWN certs first then maybe OSCP or GWAPT. But then again, maybe start with eCPPT/OSWP/ security tube wireless cert than SANS?
Tell me what you think?
-
You just said the everybody dilema. ” I want to be this and this and this” after that I want to be a pentest, etc, etc. The problem is that only those fields cover a lot/time/knowledge.
This is my way, maybe I am wrong but I’ve been moving around and I never get anything done. So I did my plan in writing:
1. Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
2. Python skills (selfstudy) – Process
3. Wireshark skills (monitoring) (selfstudy)
4. Wireless certification from Offensive Security (Online training)
5. Web pen tester certification from Elearnsecurity (online training)
6. OSCP certification from Offensive Security (online training)
7. CEH (selfstudy)
8. GPEN (selfstudy)I am working on that plan and sometimes I want to change it. Yes I will do it (the order) but no the subjects. When I begin to read specially this forum I want to begin to do this and that again, then I open my plan and see where I am and keep going.
-
-
I am more interested in Network part of Security. For now most of my learning part is going on self pace, thanks to my college library for having awesome books.
One major reason that I aint going for any certs now is not having $$ 😛
I can be pretty stingy on things ;D but I really don’t mind spending money on two things:
– Hardware
– Good DocumentationMy path is some thing like:
– Linux Skills (Self pace) – there is a huge amount of material online.
– Protocols (TCP/IP…) – some good books like TCP/IP Illustrated
– nmap – lucky to have Fyodor’s book at library
– Wireshark Skills – Wireshark has really nice user guide and wiki.(and lots n lots of practice)
– Higher concepts like Firewall’s and IDS
– Python Skills – there are plenty of good books(some are free), this is something I have been focusing mostly on because at some point you feel like you can’t turn your ideas into code. So my focus is more on coding.This list and some others will keep me busy for quite some time.
My certification path would be something like:
CWNA – To get started with wireless things.
OSWP – getting deeper into wireless security
OSCP – Once I am comfortable with the above skill (and some other skills) I am going for OSCP. I am not in for eCPPT, as it covers almost the same stuff like OSCP except it focuses more on Web App’s security.Coming to your point,
“Linux +” skills will be pretty much fine for going further into security. if you have time & bucks, you can consider RH certs.In the wireless portion, I would rather suggest to focus on CWNP certs because they are vendor neutral certifications.
After CWNP certs, as your focus is wireless you can go for OSWP, that course is pretty nicely laid out. SANS certs are good but they come with a big $$, I feel like Offensive Security certs come with a good learning curve and are not too pricey for what they offer. GPEN would be a nice place to start with.eCPPT is good with the Web Apps security modules and you can also take a look at “So You Want To Be A Web App Pentester” by Joe McCray.
-
-
Hi !
here is my way :Right now i’m passing my degree in networking so i have started with TCP/IP Protocol, Linux skills, C Language, SQL, Java.
In my free times i study on Python skills and wireless. I plan to go to OSWP when i’ll be comfortable and have the money.After i’ll probably go to OCSP and CEH as CEH is most important for the french companies…
-
-
-
-
-
-
-
One thing to remember is to expect to be derailed. My path has changed sooo much since i started, for example i expected to do the OSCP and CISA among other things by now. Like the greats you must be able to adapt.
My path was the following.
Linux (When i was in H.S.)
Network Security (College Degree)
Learned Python (In College)
I got a Info Sec Analyst Job (which I am now.)
Took GCIA
Took GCIH
Took GPEN
Taking GWAPT exam – err… thursday *crosses fingers*
Going Back to School for M.S. CIS
Looking to take EnCe
Then GCFA and CCE
Then GSEC, CISSP
Finally GSEI really want to throw the OSCP in there somewhere. it may have to wait until i complete school.
As for impulses path i would change it to the following.
1. Linux Skills (selfstudy) – Done – Took 1 month and 20 days (10/20/11)
2. Python skills (selfstudy) – Process (this will be a never ending step. push to background look at ‘gray hat hacking with python’) &
3. CEH (do this earlier it will set a good foundation)
4. tcpdump / Wireshark skills (monitoring) (selfstudy) (first understand tcp dump and packet analysis, you will get wireshark better.)
5. Wireless certification from Offensive Security (Online training)
6. Metaploit / Nessus Skills (self study) (understand how exploits and payloads work. pre and post exploitation)
7. OSCP certification from Offensive Security (online training)
8. GPEN (selfstudy) (the business side of pen testing)
9. Web pen tester certification from Elearnsecurity (online training)
10. GWAPT? -
impelse,
In no way do I think certs will put me in elite status, but they do help my learning and hopefully point me in the right direction.
idr0p,
Thanks for the input. Right now I’m hoping to take a SANS course next april/may with my tax returns =) lol but then again..maybe I should hold off until I actually get a security job (since you have to renew them every 4 years).
I have a few questions for you…
How long after college did it take for you to land a info sec job?
Which of the SANS courses did you like the most so far?thanks
-
Those are good ideas.
When i said learn Python is only read two books, I am reading Python® Programming for the Absolute Beginner, Third Edition and then Hacking: The Art of Exploitation, Second Edition
For wireshark I am watching Laura Chapell videos (going deep to tcp).
I will stuck there until I complete and keep according the plan with some modifications.
-
-
-
GSEC, even though i havent taken it… yet, looks like it has some good stuff in it. I think it is a step up from the Sec+ and the main thing about SANs tests is you want to get a feel for them it is a good cert to start with in general.
On a side note the GPEN does cover python, but no too deep. OSCP is where you will need the py skills more.
-
I took and passed the GCIH. It was an awesome course and loved the CTF event at the end. Since I won the CTF contest, they gave me the GSEC course materials for free. I had a look at these and yes, it has a ton of valuable info but I never wrote the exam. Just my opinion but if you already have your Sec+, CEH and CPTE, I would think you’re beyond GSEC. I must admit that I’ve seen job ad’s with GSEC in there too. I’d hope if they see you have a more advanced cert then GSEC, that would be sufficient.
-
- You must be logged in to reply to this topic.
