Skip to main content

Resources: Know 'em & Know How to Find 'em

 

The Art of Finding Resources




One of the most important skills to posses, along with drive, is the ability to find resources.

This is by no means an exhaustive list, it seems like every day there is a new platform or channel teaching offensive security. I simply didn't want to miss out on showing how those with a multimodal learning style can supplement things they are trying to learn. In both offensive security and in general education, being able to find resources should not be underrated. 



Visual:

For visual learners, offensive security is a great place to learn. From YouTube to Khan Academy, there are a myriad of ways to learn what you need to. Below, I've compiled lists my favorite resources to both learn both basics and advanced stuff from. 


Khan Academy (is also considered kinesthetic):

    (Basic, non pentesting)


YouTube:

I like to watch people that change up their tone well or have fun with it, some of my favorites are:

A great option, if it can be found, are videos of white board sessions. For multimodal learners that lean into visual significantly white board sessions can be critical. 







Aural:

Some resources that a multimodal learner can use for aural learning include:


Read/Write:

Heyyy LinkedIn put together the list so I don't have to! 
A key component to cementing some of this information in is taking notes. For certain, if you are doing an OSINT investigation, pen test, physical test, social engineer gig, you'll have notes on the target. Get used to using them now. Report writing will also use your note taking skills, so there are a few reasons to get practiced. 

Personally, I've been using Notion but I encourage you to use several different applications (or even Notepad++), you will have different needs than I will out and each app has little differences. 

I even keep notes on my resources, this blog was so easy to make due to it!

Kinesthetic: 

The fun one - the biggest type of learning I lean on. 

I'm dialed in on TryHackMe & HackTheBox. These platforms let you read, listen, and actually do the work. Many of these are free! TCM Security, Black Hills Information Security, SANS, and many other companies that do training will also provide virtual machines that you can exploit. OWASP Juice Shop is a web app you can attack. There are many more. 

Please take note of my blog post over on d1r7b46 things that talks about not getting sued. Only kinesthetically learn on things you have permission to touch, please.


I really don't want to make these blogs long, with resources it could be a whole rabbit hole. Please just know that it's important to understand that we multimodal people have a lot at our fingertips and it's completely expected that we utilize a few at the same time. Please let me know on my LinkedIn post if you have other great resources for any specific learning type!


Oh yeah, and never stop learning.
Never stop learning.


Disclaimer:  Understanding that this industry is already filled with educational content, the writer of this blog intends for this series to be utilized by professionals who are looking to find resources for said topics. The content within these resources should be learned and used with caution and common sense, taking note to understand the applicable laws of the reader's location. This is a personal blog of which any opinions or ideas expressed are of the owner/writer and not of any association they are affiliated with. To reach the writer of this blog, please find them on LinkedIn. When sharing this content with your own community it is requested that credit be given.

Popular posts from this blog

Enumeration: NetBios

  Enumeration: NetBios If you come across this post but you're unsure about what NetBIOS actually is, take a moment to step back and go through this article (and the Professor Messor video inside) from Networkencyclopedia.com.  Okay cool, so we're on the same page now!  As we go through the resources for NetBIOS enumeration keep the following items in your mind - we're looking for them: system names usernames domains  printers available shares There are a ton of great tools out there to do NetBIOS enumeration. Just some of the few I found include:  nbtstat (Windows) winfo  (Windows) winfingerprint  (windows) nbtscan (Linux) smb-nat  (Linux) Hyena  (I have not used this yet but it came recommended) smbclient (Linux) - this page is overwhelming to my visual senses, ha, if there is a cleaner one, use it! nmap smbmap crackmapexec   Autorecon  (have not used this yet, it honestly looks awesome) msfconsole burp (web) many others,...
Read more

Enumeration: Introduction

  Enumeration: Introduction Hey everyone! It's incredible to hear back from so many of you already. 4 blog posts in, I can already feel the love.  I did go back this week and add a disclaimer to all posts. First, I wanted to ensure that folks are being careful with using the skills within the resources. Second, I just wanted to explain that this entire series is really about learning topics thoroughly, however you need to learn. As someone who is a multimodal learner, I'm actually using the resources in these posts to understand these topics as fully as I can. Let's get into enumeration. Taking directly from the company RedTeam Security , "Enumeration is the method that a penetration tester uses to identify information about in-scope assets. A pen tester will use an automated process to identify all active IP addresses within the scope and some limited information about those devices, such as type and operating system version. This information is then used for further...
Read more