Skip to main content

Resources: Know 'em & Know How to Find 'em

 

The Art of Finding Resources




One of the most important skills to posses, along with drive, is the ability to find resources.

This is by no means an exhaustive list, it seems like every day there is a new platform or channel teaching offensive security. I simply didn't want to miss out on showing how those with a multimodal learning style can supplement things they are trying to learn. In both offensive security and in general education, being able to find resources should not be underrated. 



Visual:

For visual learners, offensive security is a great place to learn. From YouTube to Khan Academy, there are a myriad of ways to learn what you need to. Below, I've compiled lists my favorite resources to both learn both basics and advanced stuff from. 


Khan Academy (is also considered kinesthetic):

    (Basic, non pentesting)


YouTube:

I like to watch people that change up their tone well or have fun with it, some of my favorites are:

A great option, if it can be found, are videos of white board sessions. For multimodal learners that lean into visual significantly white board sessions can be critical. 







Aural:

Some resources that a multimodal learner can use for aural learning include:


Read/Write:

Heyyy LinkedIn put together the list so I don't have to! 
A key component to cementing some of this information in is taking notes. For certain, if you are doing an OSINT investigation, pen test, physical test, social engineer gig, you'll have notes on the target. Get used to using them now. Report writing will also use your note taking skills, so there are a few reasons to get practiced. 

Personally, I've been using Notion but I encourage you to use several different applications (or even Notepad++), you will have different needs than I will out and each app has little differences. 

I even keep notes on my resources, this blog was so easy to make due to it!

Kinesthetic: 

The fun one - the biggest type of learning I lean on. 

I'm dialed in on TryHackMe & HackTheBox. These platforms let you read, listen, and actually do the work. Many of these are free! TCM Security, Black Hills Information Security, SANS, and many other companies that do training will also provide virtual machines that you can exploit. OWASP Juice Shop is a web app you can attack. There are many more. 

Please take note of my blog post over on d1r7b46 things that talks about not getting sued. Only kinesthetically learn on things you have permission to touch, please.


I really don't want to make these blogs long, with resources it could be a whole rabbit hole. Please just know that it's important to understand that we multimodal people have a lot at our fingertips and it's completely expected that we utilize a few at the same time. Please let me know on my LinkedIn post if you have other great resources for any specific learning type!


Oh yeah, and never stop learning.
Never stop learning.


Disclaimer:  Understanding that this industry is already filled with educational content, the writer of this blog intends for this series to be utilized by professionals who are looking to find resources for said topics. The content within these resources should be learned and used with caution and common sense, taking note to understand the applicable laws of the reader's location. This is a personal blog of which any opinions or ideas expressed are of the owner/writer and not of any association they are affiliated with. To reach the writer of this blog, please find them on LinkedIn. When sharing this content with your own community it is requested that credit be given.

Popular posts from this blog

Enumeration: NetBios

  Enumeration: NetBios If you come across this post but you're unsure about what NetBIOS actually is, take a moment to step back and go through this article (and the Professor Messor video inside) from Networkencyclopedia.com.  Okay cool, so we're on the same page now!  As we go through the resources for NetBIOS enumeration keep the following items in your mind - we're looking for them: system names usernames domains  printers available shares There are a ton of great tools out there to do NetBIOS enumeration. Just some of the few I found include:  nbtstat (Windows) winfo  (Windows) winfingerprint  (windows) nbtscan (Linux) smb-nat  (Linux) Hyena  (I have not used this yet but it came recommended) smbclient (Linux) - this page is overwhelming to my visual senses, ha, if there is a cleaner one, use it! nmap smbmap crackmapexec   Autorecon  (have not used this yet, it honestly looks awesome) msfconsole burp (web) many others,...
Read more

Discovery: OSINT Fundamentals

  Ohhhhh sint. This will not be my only post about OSINT, so it very much fundamentals. I got into it via two paths, Trace Labs (which I will mention below) and romance scammers in terms of business email compromises. Below are a mixture of resources that I've used to solidify OSINT Fundamentals as a multimodal learner. A read through of this blog can be found at the bottom of this page.  Visual: The OSINT Framework   for starts, a literal map of many things OSINT.  Next, a tool called  YOGA  via Micah Hoffman. His DEFCON talk is below (yes we're blending with Aural already, I know) & I really respect it, especially the idea that people sometimes get in the weeds on the findings and forget to make a great recipe instead. He says that YOGA is supposed to help OSINTers figure out what is next, which is pretty cool.  I do consider the 2 resources above as fundamental stuff. The OSINT Framework is well known in the industry so ...
Read more