Reddit Reddit reviews Network Security Assessment: Know Your Network

We found 3 Reddit comments about Network Security Assessment: Know Your Network. Here are the top ones, ranked by their Reddit score.

Computers & Technology
Books
Networking & Cloud Computing
Computer Networks, Protocols & APIs
LANs
Network Security Assessment: Know Your Network
O Reilly Media
Check price on Amazon

3 Reddit comments about Network Security Assessment: Know Your Network:

u/koeningyou666 · 73 pointsr/netsecstudents

In my opinion; every book in this bundle is a bag of shit.

Here's a list of reputable books, again in my opinion (All links are Non-Affiliate Links):

Web Hacking:

The Web Hackers Handbook (Link)

Infrastructure:

Network Security Assessment (Link)

Please Note: The examples in the book are dated (even though it's been updated to v3), but this book is the best for learning Infrastructure Testing Methodology.

General:

Hacking: The Art of Exploitation (Link)

Grey Hat Hacking (Link)

Linux:

Hacking Exposed: Linux (I don't have a link to a specific book as there are many editions / revisions for this book. Please read the reviews for the edition you want to purchase)

Metasploit:

I recommend the online course "Metaspliot Unleashed" (Link) as opposed to buying the book (Link).

Nmap:

The man pages. The book (Link) is a great reference and looks great on the bookshelf. The reality is, using Nmap is like baking a cake. There are too many variables involved in running the perfect portscan, every environment is different and as such will require tweaking to run efficiently.

Malware Analysis:

Practical Malware Analysis (Link)

The book is old, but the methodology is rock solid.

Programming / Scripting:

Python: Automate the Boring Stuff (Link)

Hope that helps.

u/apt_snake_oil · 3 pointsr/singapore

I think very poorly of the cyber security courses offered (except NUS) in Singapore, as the things they teach are not aligned with the industry practices - either outdated or just not practical enough.

Having said that, if you have the time, I would suggest taking the SIT degree instead of the diplomas (waste of time IMO) and hopefully it provides you the fundamentals (programming, network and system administration) and be exposed to some other topics in cybersecurity.

If you are doing a career switch, I suppose you want to get up to speed fast by focusing on the need to have knowledge as a baseline. I would suggest taking the time to go through these stuff in details, setup your labs and practice the stuff

  1. https://www.cybrary.it/course/comptia-network-plus/
  2. https://www.amazon.com/Kali-Linux-Revealed-Penetration-Distribution/dp/0997615605
  3. https://www.amazon.com/Network-Security-Assessment-Know-Your/dp/149191095X
  4. https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

    Other wise, there are hands on courses and industry certifications that you can take online at your own pace and employers look out for such as:

  5. https://www.elearnsecurity.com/training_paths/ (eLearnSecurity is good because they have a progression path from student onwards )
  6. https://www.offensive-security.com/information-security-certifications/oscp-offensive-security-certified-professional/ (I don't encourage going for this as a starter unless you already have some fundamental knowledge and skillets for system administrations but this is highly recognised in the industry)
  7. You can also go for SANS or what not, I think it's just too expensive for my liking.

    There is no one path to becoming a good pentester. However from my observations, folks who tend to be more in demands (with or without certifications/formal educations) are those who can display the ability to learn stuff on their own. This is an industry of skills and continuous learning. For employers that pay top dollar and provide time for training, learning and research, they are looking for folks who can display those stuff through actions.

    ​

    Source: Pentester
u/ArkionA · 3 pointsr/ITCareerQuestions

Absolutely love being a pentester and the cyber security industry. If you are willing to put in the time and study it can be very rewarding. CEH is a good step in the right direction and should open doors for you.
For entry level positions, pentesting is usually split into two areas, web application and internal/external infrastructure. It's good to have knowledge of both but it's worth choosing which area interests you the most. Personally, I specialise in web applications & API and there is a lot of online resources to help you. (As you have mentioned owasp top 10, I'll assume web apps is your interest)


The best way to learn a vulnerability and get a good understanding is to create vulnerable web pages (this also gives you something to take into an interview). I would suggest doing some basic LAMP stack (Linux, Apache, Mysql, PHP) - Don't let this put you off as it's actually pretty simple. If you can make a few vulnerable pages to display vulnerabilities, you will fly through entry level interviews.


it's really simple to do.. Here is a form that is vulnerable to cross-site scripting. (a few lines of php with some html)
---

<form method="POST" action="">

<p> <input type="text" name="xss"/></p>

<input type="submit">

<?php
$value = $_POST['xss'];
echo $value;
?>

Reading Material:

https://www.amazon.co.uk/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470

https://www.amazon.co.uk/Network-Security-Assessment-Know-Your/dp/149191095X


Practical learning
DVWA (Damn Vulnerable Web App) - Purposely vulnerable web pages to practice exploiting.
http://www.dvwa.co.uk/


Once you have a bit of experience have a look at hackthebox

https://www.hackthebox.eu/