Can someone explain some of these terms to me?

My InfoSec pal (been in the field 6+ years) is trying to explain to me as an aspiring student wanting to get in the field some stuff that I should familiarize myself with. But.. Sadly I don't know what any of it is. That's where you guys and Google come in!

"Also look into Kali, what it is and what it can do
Other things you should familiarize yourself with
NMAP
Nessus/OpenVas
netcat/nc/socat
Damn Vulnerable Linux (for looking into pen-testing)
Damn Vulnerable WebApp (web app pen-testing)
Linux - understand the different forks, how they differ and are the same
OSI model"

Any ideas and do you endorse it?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

vanillagorilla3

Well, each topic you have listed can have a book written about it (and it does).

Kali is a Linux Distro with a bunch of pen-testing, forensics, etc tools built in.
Nmap, netcat - network scanning, debugging tools
Linux is an operating system and there are many different distributions.
OSI model is the networking framework. You definitely need to understand this first before you get into pen-testing/security.

Psydrox

Ahh neat thank you! I guess I should eventually have a library of infosec books I can read up on

soccarplayer29

You seem very hungry for knowledge and ambitious. Those are mostly tools which are covered within the C|EH exam/studies. The C|EH is commonly referred to as a "tour of the tools".

The things your colleague mentioned are valid and gaining knowledge of those would help in your studies and future career aspirations. But honestly, I'd focus more on your class studies and computing/security fundamentals before digging into the tools. While less 'exciting' the fundamentals will stick with you much longer.

I would think things like the OSI model, basic network (Net+), general security (Sec+), etc. should be the priority. Also getting some general hands on experience with Linux (such as Kali) and just familiarizing yourself with some tools (which come pre-loaded in Kali) would also be helpful.

cyberguypr

This is pretty much standard for anyone in InfoSec. Many members here could talk for a long time about these, but you'll get a better understanding by going out there, researching, downloading, installing, and trying this stuff on your own. Here is where YouTube becomes useful as there's a metric ton of videos for most of these.

My advice is to take it one step at a time and don't try to do it all at once.

tedjames

Check out this site: http://sectools.org You can read about a lot of great security tools here including the ones that your friend recommended.

tedjames

Psydrox wrote: »

Ahh neat thank you! I guess I should eventually have a library of infosec books I can read up on

Check out https://www.packtpub.com You can create an account and then download a FREE book (their choice) every day. They often have specials where you can buy their books for as low as $5 each.

stryder144

Here is a great book to get you started. It is from Packt Publishing, as mentioned above by tedjames. Another really good book is this one.

alias454

Also this is good for starting out https://www.cybrary.it/

Psydrox

Thanks everyone! Really appreciate the links and possible reads, I'll have to find time to read them all

tedjames wrote: »

Check out https://www.packtpub.com You can create an account and then download a FREE book (their choice) every day. They often have specials where you can buy their books for as low as $5 each.

Neat little site, what do you suggest I select under "tech preferences" when making my account?

TechGromit

Sounds a lot like the curriculum of a SANS course to me.

TechGuru80

There are several specially built operating systems (Linux based), with tools preloaded...Kali is one of the major ones...primarily used for pentesting and security testing.

The next three are tools you use for various things in infosec...primarily finding vulnerabilities or for pentesting.

The next two are to help learn pentesting.

See the first note I made. Sometimes operating systems interact with the OSI model differently...for instance Linux vs Windows.

UnixGuy

The eLearnSecurity penetration testing student course will introduce you to all those topics:
https://www.elearnsecurity.com/course/penetration_testing_student/