Can someone explain some of these terms to me?

PsydroxPsydrox Member Posts: 25 ■□□□□□□□□□
My InfoSec pal (been in the field 6+ years) is trying to explain to me as an aspiring student wanting to get in the field some stuff that I should familiarize myself with. But.. Sadly I don't know what any of it is. That's where you guys and Google come in!

"Also look into Kali, what it is and what it can do
Other things you should familiarize yourself with
NMAP
Nessus/OpenVas
netcat/nc/socat
Damn Vulnerable Linux (for looking into pen-testing)
Damn Vulnerable WebApp (web app pen-testing)
Linux - understand the different forks, how they differ and are the same
OSI model"

Any ideas and do you endorse it?

Comments

  • vanillagorilla3vanillagorilla3 Member Member Posts: 79 ■■■□□□□□□□
    Well, each topic you have listed can have a book written about it (and it does).

    Kali is a Linux Distro with a bunch of pen-testing, forensics, etc tools built in.
    Nmap, netcat - network scanning, debugging tools
    Linux is an operating system and there are many different distributions.
    OSI model is the networking framework. You definitely need to understand this first before you get into pen-testing/security.
  • PsydroxPsydrox Member Posts: 25 ■□□□□□□□□□
    Ahh neat thank you! I guess I should eventually have a library of infosec books I can read up on :)
  • soccarplayer29soccarplayer29 CISSP, CISA, PMP Member Posts: 230 ■■■□□□□□□□
    You seem very hungry for knowledge and ambitious. Those are mostly tools which are covered within the C|EH exam/studies. The C|EH is commonly referred to as a "tour of the tools".

    The things your colleague mentioned are valid and gaining knowledge of those would help in your studies and future career aspirations. But honestly, I'd focus more on your class studies and computing/security fundamentals before digging into the tools. While less 'exciting' the fundamentals will stick with you much longer.

    I would think things like the OSI model, basic network (Net+), general security (Sec+), etc. should be the priority. Also getting some general hands on experience with Linux (such as Kali) and just familiarizing yourself with some tools (which come pre-loaded in Kali) would also be helpful.
    Certs: CISSP, CISA, PMP
  • cyberguyprcyberguypr Senior Member Mod Posts: 6,920 Mod
    This is pretty much standard for anyone in InfoSec. Many members here could talk for a long time about these, but you'll get a better understanding by going out there, researching, downloading, installing, and trying this stuff on your own. Here is where YouTube becomes useful as there's a metric ton of videos for most of these.

    My advice is to take it one step at a time and don't try to do it all at once.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    Check out this site: http://sectools.org You can read about a lot of great security tools here including the ones that your friend recommended.
  • tedjamestedjames Scruffy-looking nerfherdr Member Posts: 1,179 ■■■■■■■■□□
    Psydrox wrote: »
    Ahh neat thank you! I guess I should eventually have a library of infosec books I can read up on :)

    Check out https://www.packtpub.com You can create an account and then download a FREE book (their choice) every day. They often have specials where you can buy their books for as low as $5 each.
  • stryder144stryder144 Senior Member Member Posts: 1,684 ■■■■■■■■□□
    Here is a great book to get you started. It is from Packt Publishing, as mentioned above by tedjames. Another really good book is this one.
    The easiest thing to be in the world is you. The most difficult thing to be is what other people want you to be. Don't let them put you in that position. ~ Leo Buscaglia

    Connect With Me || My Blog Site || Follow Me
  • alias454alias454 Member Posts: 648
    Also this is good for starting out https://www.cybrary.it/
    “I do not seek answers, but rather to understand the question.”
  • PsydroxPsydrox Member Posts: 25 ■□□□□□□□□□
    Thanks everyone! Really appreciate the links and possible reads, I'll have to find time to read them all :)
    tedjames wrote: »
    Check out https://www.packtpub.com You can create an account and then download a FREE book (their choice) every day. They often have specials where you can buy their books for as low as $5 each.

    Neat little site, what do you suggest I select under "tech preferences" when making my account?
  • TechGromitTechGromit GSEC, GCIH, GREM, Ontario, NY Member Posts: 2,052 ■■■■■■■■□□
    Sounds a lot like the curriculum of a SANS course to me.
    Still searching for the corner in a round room.
  • TechGuru80TechGuru80 Member Posts: 1,539 ■■■■■■□□□□
    There are several specially built operating systems (Linux based), with tools preloaded...Kali is one of the major ones...primarily used for pentesting and security testing.

    The next three are tools you use for various things in infosec...primarily finding vulnerabilities or for pentesting.

    The next two are to help learn pentesting.

    See the first note I made. Sometimes operating systems interact with the OSI model differently...for instance Linux vs Windows.
  • UnixGuyUnixGuy Are we having fun yet? Mod Posts: 4,310 Mod
    The eLearnSecurity penetration testing student course will introduce you to all those topics:
    https://www.elearnsecurity.com/course/penetration_testing_student/
    Certs: GPEN, GCFA, CISM, CRISC, RHCE
    In Progress: MBA
Sign In or Register to comment.