[ Penny ] - 0x00 > Overview

##– What is the “Penny”-Guide? –

With this guide I want to help the newbies who wants to enter the world of IT-Security and give them a picture which is (in my opinion) essential to understand that it’s much harder than you think.

There is a lot of theory and much more practice behind it.

##– My story –

My empathy starts as I was 2 years old. I watched my dad how he turns on the computer and use it. How he worked with the mouse and the keyboard and so on. Someday as my parents slept yet, I turned on the PC, started playing my first game “Warcraft” and rushed my first round.

A few years later I feel the urge to find out a way to manipulate the values of the resources I already have.
I couldn’t take this feeling off.

In the middle of 2015 I decide to enter the world of the IT-Security. At this moment I already was 24 years old. So I asked myself “Isn’t it too late for me to enter this area?”. I am a guy who acts extreme in everything I do. The question was answered by itself. I decided to go the hard way. After a lot of research I found a course called “Penetration Testing with Kali Linux” by Offensive Security. With 0 experience I purchased this course because at this moment I had no idea how I can enter this area otherwise. I didn’t expect what I had done :frowning:. Did I know it before, I think I would never started it.

And with this I am on my first section.

##– Personal Attitude –

I will structure this guide very detailed and will add some challenges to it which you can use to try out the things you will learn. But the most important thing is - I don’t want you become a skriptkiddie!!!
But before you should read the next parts of this guide you make sure you have the right attitude for it.

  • Motivation
    |_ You have to want to learn it - just your volition will decide how good you’ll become.

  • Patience
    | Be very patience. Now I think I will break the neck of your motivation but you will need YEARS to become a good Pentester. The most important skills of a Pentester you need to have a solid understanding of almost all categories behind IT(-Security).

  • Affinity
    | You don’t need to be genius. But solid understanding how to work with your OS and why you can interact with others over Internet is required. If not so -> Google.

  • Ambition
    | One of the most important things you need! in the future you will have to solve problems where you will lost days or maybe weeks. So won’t be able to give up. Like Offensive Security says - Try Harder!

  • Independence
    | At this area you’re at your own. Nobody will answer your question if it’s too general. If you study math at your university and I will ask you if you can explain me how multiplication table works - you will kick my ass off. You will ask me “What the hell are you doing here without this ‘basics’ ?”. Do it for yourself - not for others.

  • Constructive thinking
    | In my opinion - You should plan everything. Each day, each week, each month and each year. Just try it out. To succeed you will need a construct how you are working, how and when you will study and when you want to archive your goal.

  • Determination
    | Notice your goals. Do it as detailed as possible. “I want to become a good pentester” - is far from “detailed”. Now you have to demonstrate your ability of independence and discipline.

##– The Structure of “Penny”-Guide –

Pentesting requires a lot of knowledge.
I will show you the sections I will create for this guide in the future.
(I’m still working on the order yet and in the meantime I will change, add and edit the guide.)

  • OS

    • (VirtualBox)
    • Windows 7/8
    • Debian
  • Networking

  • ISO/OSI
  • TCP/IP
    • TCP
    • UDP
    • Structure
    • Content
  • Subnetting
  • VLSM
  • HUB/Switch
  • ARP
    • MITM
  • Router
  • NAT
  • Proxy
  • VPN
    • OpenVPN
  • Networktraffic
    • Capturing the traffic
    • Analysis
    • Filtering
  • Services
    • DHCP
    • DNS
    • WEB
  • Databses

    • Theory about Databases and SQL
    • MySQL
    • PostgresSQL
    • MSSQL
  • Programming

    • Theory about Programming-Languages and OOP

    • In-Depth:

      • BASH
      • Python (main)
        • Basics
        • Networking
        • Nmap
        • Structure
    • Basics:

      • PowerShell
      • C/C++
      • C#
      • Perl
      • Ruby
      • PHP
      • ASM
      • JavaScript
  • Firewalls

    • Theory behind Firewalls
    • IPTables
    • PfSense
    • Windows Firewall
  • Buffer Overflows

    • Theory about Buffer Overflows
    • Stack based BOs
    • Heap based BOs
  • Pentesting Practice

  • Methodology

    • OSSTMM
    • PTES
    • OWASP
  • Practice

    • VulnHub
    • PWK
    • Hacking-Lab

I think this will be enough to give you the basics after you can go further by your own.
Cya later. :wink:

PS:
Because of less time and the difficulty to structure this half-decent I will create the promised topics, but a little bit later. Sorry for that. :wink:

25 Likes

I looked for something exactly like this about 8 years ago. My attempt ended up in failure as I couldn’t find the resources and stopped learning about pen testing. I came back recently and now going at it. Wish tutorials like this were available back in the day. Or maybe I just failed to locate them.
Anyway, big thanks to people like you for making these noob friendly startup tutorials. Cheers!

3 Likes

This entry is very interesting. I currently work for about 10 years as Software Quality Engineer and I am fed up with my work. I do not develop in it and I feel slow professional burnout. I do not get too much knowledge while working. So yesterday I came to the conclusion that I definitely want to develop into sexiness, but also programming. I already have some basics, but they are not very impressive to deal with. However, the problem is that now I also study weekends and time to learn at weekends and is limited after work. Therefore, I have to learn to manage my time very well, plan and build discipline.

Is there a continuation of this list that you have proposed in this forum?

@coffeina:
I won’t publish any continuation of this list. The reason for this is the individuality of the skillset and the goal of each person. Moreover, it would create more confusion than clarity. To create such a list would be wrong for almost everyone.

Especially for you:
You need a goal. Write it down. Imagine the steps you should and must do because without a purpose you will move around the knowledge without any finish line.
After that, I recommend you to watch this video by Josh Kaufman:

He explains the methodology of how you can learn very well.

3 Likes

I loved this talk and I am happy that you recommended it, the ukulele part was great and really summed up what he was trying to tell in his whole talk.

Ukulele ? I have to watch this talk.

Edit: I was not disappointed. Really nice topic btw :smiley:

1 Like

Understood.

Ok, I write my goals on paper. And this video is really good. I didn’t know that I can learn something in 20h to be good enough.

i am 23 year old everyone says that i am crazy that now started to read like crazy waste so many hours give up my job maybe also my friends as i dont go out often . Thanks for the information and the motivation.

1 Like

I am just 16 and started my IT career in 2017 when I got my first jio connection with jio 4g connection before there was only 2g in my area and I was so small that I didnt even know to open a Facebook account. Later after 1 year playing with Google I came across cracking forms that posted tools and accounts. Then I looked for related results in Google. And Google himself showed me the ways related to the forums. And this was my beginning. After that I joined a hacking forum called xakfor . Though it was a Russian language forum I however was able to translate it with Google. Here was my behinning. I then came across udemy courses I never bought a course but got everything pirated by some people who actually carded those stuffs. Then I went through Linux and many security courses that we’re in demand in udemy. And months later now I can build a virus , beat antivirus hack the way I can. I just learnt c++ during my school and till now c++ is in my computer science book. I am not a programmer but will be soon.
And this forum I came across results like SS7 attack which you wouldn’t learn yourself. Etc this forum is really helpful.

If you are a noob start with hacking forums first rather than going courses. Hacking forums contains every categories related to hacking.

1 Like

Quality post! I’m looking at this now and I’m realizing there’s a decent bit of networking I still haven’t touched on. I do have a couple of suggestions though, if you don’t mind me bring them up.

If you aren’t already, I’d suggest whenever you make a post on one of those topics, you put some sources to start on more advanced things with each topic. like the classic “smashing the stack for fun and profit”. That article in particular is a little dated, but you get the idea.

another suggestion is depending on how long this are going to be, perhaps link to places that talk about the history of some of this things. Some of these topics would be easier to grasp if looked upon through the lens of the time before security was ramped up on them.

Finally, personal ideology here, but perhaps put programming before networking? at least with one language, because of how easy it is to do some of these networking doodads with the default library and things like scapy. I know it was a lot easier for me to get the idea of networking when I had a language as a testing ground for what I was learning.

Just my personal thoughts though, you could be going for something completely different than I think you are for these guides, and so some of these probably won’t be applicable, lmao.

This topic was automatically closed after 19 minutes. New replies are no longer allowed.