elearnsecurity PTSv3, request/first post

SirKidSirKid Posts: 7Member ■□□□□□□□□□
Hello, everyone. I am new to this community, but I plan on being here a lot. Recently, I sent this email to elearnsecurity:

Although I’ve found some free information out there, I question its validity and often read it is outdated. I would like to learn from your channel, however, I am a full-time college student on a scholarship and I do not have the means of attaining the $300-$400 needed to enroll in your program. I do not know how feasible this proposal is, but I would like to make a payment-plan to pay off your course. I can send you guys $20 a month until the whole program is paid off. In addition, I will take high notes on everything I learn and send them to you to make them publicly available. I will also spread awareness of your website among friends interested in computer security. Again, this proposal may be too out of reach, but I really want to learn from current, quality resources. If there exist any options for someone like myself, a response would be greatly appreciated. I apologize for any inconveniences in advance, and thank you for your time.

They responded saying that it was not possible, but that i
[FONT=arial, sans-serif]f I had a friend that enrolled with them he could share the PTSv3 Barebone invite with me. I know this is not a normal first post, but I was wondering if anyone had a free invite code that they did not plan on using. If you do, please let me know, it would be much appreciated! I'm sure we can work something out. I look forward to being part of this great community! [/FONT]

Comments

  • xxxkaliboyxxxxxxkaliboyxxx Posts: 466Member
    First lesson, nothing is free. Contribute to the community.

    PS: With that said, I have no problem helping out people interested in educations if I have the means. Please don't hack me
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • cyberguyprcyberguypr Senior Member Posts: 6,751Mod Mod
    Second lesson: have a plan B. If nothing pans out remember that there's a metric ton of material out there you can study on your own.
  • SirKidSirKid Posts: 7Member ■□□□□□□□□□
    Thanks for the advice, but I never asked for it for free. I said, "I'm sure we can work something out." Also, I'm reading a book on how to use wire-shark and I'm watching videos on cybrary.it. If you'd like I can share my notes on what I've covered thus far.
  • SirKidSirKid Posts: 7Member ■□□□□□□□□□
    Heres a fragment of what I've done, I can send more on request

    OSI and TCP/IP Models - Overview
    Tuesday, December 6, 2016
    5:24 PM
    · OSI Model is a way of thinking about Networks that allows us to divide it into layers
    · Networking is sending communications from one point to another point
    · The OSI Model works once forward, and then it works in reverse when the other device is receiving the data
    · It consists of seven different layers
    o Lower Level - Bare Bones
    · Layer 1 - Physical Layer
    § Cables
    § Network card in our computer
    § Bits

    · Layer 2 - Data Link Layer
    § Sending frames or to a switch

    · Layer 3 - Network Layer
    § IP Addressing
    § Sending to points all across the world
    § Sending data to a router

    · Layer 4 - Transport Layer
    § Management
    § Help break up our session into packets

    · Layer 5 - Session Layer
    § Communication and management of our actual communication sessions
    § Who's allowed to talk when
    § Helps communication run smoother

    · Layer 6 - Presentation Layer
    § Encrypting and decrypting
    § Format our data on screen so that we can understand it

    o Higher Level
    · Layer 7 Application Layer
    § Which programs or parts of our computer are allowed to talk over the network

    · Please Do Not Throw Sausage Pizza Away is an easy way to remember the 7 layers


    OSI Model Layer 1 - Physical
    Tuesday, December 6, 2016
    5:50 PM
    · This layer is going to be all about cables and bits
    o Physical, tangible things we can measure

    · "Physical / Electrical Stage"
    o Includes electrical impulses and wireless data that’s traveling back and forth
    o Electricity is something we can measure, and its physical

    · Computerized data has to have some sort of conversion to electronic signals and this is where that occurs
    · Includes
    o Pinouts
    o Voltages
    o Cable specifications
    o Network Interface Cards
  • JoJoCal19JoJoCal19 California Kid Posts: 2,773Mod Mod
    Everything (and much, much more) that is in the PTSv3 can be found for free on Securitytube.net. Cybrary is a good place as well.
    Have: CISSP, CISM, CISA, CRISC, eJPT, GCIA, GSEC, CCSP, CCSK, AWS CSAA, AWS CCP, CEHv8, CHFIv8, ITIL-F, MS Cyber Security - USF, BSBA - UF, MSISA - WGU
    Currently Working On: Python, OSCP Prep
    Next Up:​ OSCP
    Studying:​ Code Academy (Python), Bash Scripting, Virtual Hacking Lab Coursework
  • SirKidSirKid Posts: 7Member ■□□□□□□□□□
    Ya, but the PTSv3 offers guidelines and a course of action. That's what I like, otherwise I get unmotivated and sloppy. I set daily, ambitious goals and even when I don't meet them, I feel like I've done a lot.
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 988Member ■■■■■■□□□□
    You can also get lots of free and low cost training at www.udemy.com Quality varies. Overally, I've gotten some good training there.

    I've gotten a lot out of these:
    https://www.udemy.com/learn-how-to-create-a-hacking-penetration-testing-lab/
    https://www.udemy.com/linux-command-line-volume1

    Do searches on hacking, penetration testing, kali, kali linux, linux, wireshark, etc. You'll find a lot of free training and lots in the $15-$20 range.
  • xxxkaliboyxxxxxxkaliboyxxx Posts: 466Member
    What about hacking virtual servers made for hacking like bwapp and metasploitable? Its hands on and goal focus?
    Studying: GPEN
    Reading
    : SANS SEC560
    Upcoming Exam: GPEN
  • SirKidSirKid Posts: 7Member ■□□□□□□□□□
    I'll be sure to check it out, kaliboy. I'm really new to "hacking". Started learning like ~1 week ago. I'm looking for something to take me from a complete beginner to a place where I can understand other subtopics I would like to start exploring.
  • tedjamestedjames Scruffy-looking nerfherdr Posts: 988Member ■■■■■■□□□□
    SirKid wrote: »
    I'll be sure to check it out, kaliboy. I'm really new to "hacking". Started learning like ~1 week ago. I'm looking for something to take me from a complete beginner to a place where I can understand other subtopics I would like to start exploring.

    The two Udemy courses I posted above, taken in that order, worked well for me. Build your lab and learn a little about Linux. Then look into some hands-on training that will show you how to use that lab. You'll be building great skills before you know it.

    If you're totally new to security, I recommend earning the Security+ certification before doing anything else.
  • SirKidSirKid Posts: 7Member ■□□□□□□□□□
    Thanks for all the advice! I'm glad I decided to post on here.
  • 636-555-3226636-555-3226 Posts: 976Member ■■■■■□□□□□
    The labs on elearnsecurity's site tell you what hands-on skills you need to practice. all of the below are free and give you real world skills

    Lab 1 HTTP(S) Traffic Sniffing - tcpdump & wireshark. Youtube has everything you need to know. don't just learn how to use the programs - learn how to interpret and understand the results they give you!
    Lab 2 Find the secret server Preliminary Skills - whatever that means
    Lab 3 Burp Suite Preliminary Skills - OWASP ZAP is a free alternative that does many similar things. Again, Youtube has it all
    Lab 4 Scanning and OS fingerprinting - nmap is the tool to learn here. Youtube
    Lab 5 Nessus - a free download. Tenable's manual is good, as is Youtube
    Lab 6 Dirbuster - i thought this was end of lifed and pulled into the aforementioned ZAP, but could be wrong
    Lab 7 Cross site scripting - Youtube.
    Lab 8 SQL Injection - Youtube. SQLMap is the free tool to learn
    Lab 9 Bruteforce and Password Cracking - THC Hydra, DaftHack's domainpasswordspray, John the Ripper, Hashcat, huge free dictionary files at https://hashes.org/crackers.php, mimikatz kiwi, volume shadow copy + CoreSecurity's impacket's secretsdump.py
    Lab 10 Null Sessions - SMB, i presume. Youtube "smb null session"
    Lab 11 ARP Poisoning - cain does this, as does scapy (which is a bear to learn, IMO). probably some newer tools (and most likely metasploit), but i don't do much ARP poisoning. LLMNR is a much more fun thing to play with (spiderlabs responder)
    Lab 12 Metasploit - this is a lot of work. youtube, and tons of books.
  • MaximlockeMaximlocke Posts: 13Member ■□□□□□□□□□
    Get on https://www.vulnhub.com and download some beginner virtuals and work through the guides, you will need kali linux as well.
    Install the virtuals on a spare machine with Virtual Box or on a tower/laptop with enough RAM and processor power.
    Google everything that you don't understand and document all the commands you will use. Watch videos of the guides as well, some of
    them explain each step they take really well.

    icon_study.gif
  • Mike7Mike7 Posts: 1,062Member ■■■■□□□□□□
    SirKid wrote: »
    Also, I'm reading a book on how to use wire-shark and I'm watching videos on cybrary.it.

    You are reading books and watching videos. Are you practising?

    For example on Cybrary they have Advanced Penetration Testing, each video corresponds to a chapter in her book.
    If you setup the VMs and go through the labs as per the video and book, you should be picking up quite a fair amount of knowledge.

    I came upon https://www.computersecuritystudent.com/ recently. They have quite a number of hands-on labs with step-by-step instructions and screen shots. Was going through their labs on using metasploit on metasploitable 2
Sign In or Register to comment.