Learning Offensive Security, Multimodal Edition

  Enumeration: Introduction Hey everyone! It's incredible to hear back from so many of you already. 4 blog posts in, I can already feel the love.  I did go back this week and add a disclaimer to all posts. First, I wanted to ensure that folks are being careful with using the skills within the resources. Second, I just wanted to explain that this entire series is really about learning topics thoroughly, however you need to learn. As someone who is a multimodal learner, I'm actually using the resources in these posts to understand these topics as fully as I can. Let's get into enumeration. Taking directly from the company RedTeam Security , "Enumeration is the method that a penetration tester uses to identify information about in-scope assets. A pen tester will use an automated process to identify all active IP addresses within the scope and some limited information about those devices, such as type and operating system version. This information is then used for further...

  Ohhhhh sint. This will not be my only post about OSINT, so it very much fundamentals. I got into it via two paths, Trace Labs (which I will mention below) and romance scammers in terms of business email compromises. Below are a mixture of resources that I've used to solidify OSINT Fundamentals as a multimodal learner. A read through of this blog can be found at the bottom of this page.  Visual: The OSINT Framework   for starts, a literal map of many things OSINT.  Next, a tool called  YOGA  via Micah Hoffman. His DEFCON talk is below (yes we're blending with Aural already, I know) & I really respect it, especially the idea that people sometimes get in the weeds on the findings and forget to make a great recipe instead. He says that YOGA is supposed to help OSINTers figure out what is next, which is pretty cool.  I do consider the 2 resources above as fundamental stuff. The OSINT Framework is well known in the industry so ...

  The Art of Finding Resources One of the most important skills to posses, along with drive, is the ability to find resources. This is by no means an exhaustive list, it seems like every day there is a new platform or channel teaching offensive security. I simply didn't want to miss out on showing how those with a multimodal learning style can supplement things they are trying to learn. In both offensive security and in general education, being able to find resources should not be underrated.  Visual: For visual learners, offensive security is a great place to learn. From YouTube to Khan Academy, there are a myriad of ways to learn what you need to. Below, I've compiled lists my favorite resources to both learn both basics and advanced stuff from.  Khan Academy (is also considered kinesthetic):      (Basic, non pentesting) Computers and the Internet   AP®︎/College Computer Science Principles   Computer science   YouTube: I like to watch...

  What is up my friends! If you follow me on the social platforms, you know I'm in the Neurodiverse space . My flavor affects how I learn and, somewhat, how I experience this world. I looked into learning styles in college where I first discovered that I am a multimodal learner. Simply, multimodal learners might be able to learn something through just one of the 4 ( Visual , Aural , Read/write , Kinesthetic ) but they might not and may need a mix several types to learn thoroughly.  I've struggled and continue to struggle with picking up certain concepts and methodologies when it comes to learning offensive security. The purpose of this blog is twofold: learn this stuff & give my resources/process to others that learn like me.  Each post will be separated into resources that reflect the 4 types of learning mentioned above.  I may make videos myself or record, I might link my notes from Notion. I will largely utilize platforms like TryHackMe or HacktheBox for ...