A question I frequently get from students goes something like “green, what can I do to improve my technical skills and learn about <fill in the blank topic>?”, or “green, how can I get plugged into the infosec community?”
I know there are a lot of sites out there that offer tips about students should go about doing this. However, I find that I can never remember where those resources are, so I thought I’d put together my own list of suggestions, so I know where it is… 🙂
My goal is to update this periodically with items I come across or suggestions provided to me. If you would like to suggest an item to me, reach out using any methods listed in the page footer.
Having a home lab is step zero in preparing yourself for learning new material. Many of the free resources available to use are either virtual machines or containers. While I’d like to say you can trust these nice people who make these resources available, as a security professional, you should treat them as potential threats to your environment and take appropriate steps to mitigate that risk.
- “Building Virtual Machine Labs: A Hands-on Guide (Second Edition)” by Tony Robinson – https://leanpub.com/avatar2
Virtual machines / containers
After building your home lab, you now have a “clean room” and are ready to start looking for “vulnerable by design” virtual machines or containers to practice with.
- Vulnhub – https://www.vulnhub.com/
- Metasploitable3 – https://github.com/rapid7/metasploitable3
- Windows Evaluation Center – https://www.microsoft.com/en-us/evalcenter/evaluate-lab-kit
These websites provide tutorials and training opportunities. Some are free to use, while some are “pay to play.”
“Hands-on” training websites
These websites provide “hands-on” opportunities for you to gain new skills. Some are free to use, while some are “pay to play.” If you’re unable to build a home lab, these websites are an excellent second option to getting practice time.
- HacktheBox – https://www.hackthebox.eu/
- TryHackMe – https://tryhackme.com/login
- MicroCorruption (Embedded Security CTF) – https://microcorruption.com
- UndertheWire (PowerShell specific training) – https://www.underthewire.tech/index.htm
These communities are helpful for career networking, learning about new training opportunities, and general security-related conversation.
- BSides Atlanta (Slack) – https://bit.ly/bsidesatl-slack
- Atlanta Cybersecurity Engineers (Discord) – http://bit.ly/atlseceng
- Kennesaw State University Infosec Community (Slack) – http://bit.ly/ksu-infosec-community
- Kennesaw State University Offensive Security Research Club (Discord) – http://bit.ly/offsec-discord
Security-related group meetings
These groups meet regularly and are security-related in nature. Some are meeting in person, while some are not.
- DC (Defcon) 404 – https://dc404.org/
- 3rd Saturday, 2-5pm, Manuel’s Tavern – 602 North Highland Avenue Northeast, Atlanta, GA 30307
- DC (Defcon) 770 – https://dc770.org/
- 1st Tuesday, 7-9pm, Jefferson’s Restaurant – 28 W. Main Street, Cartersville GA
- ACE (Atlanta Cybersecurity Engineers) 678 – https://ace678.org
- 2nd Wednesday, 6-9pm, Marietta Square Market – 68 North Marietta Pkwy NW, Marietta, GA 30060
- DC (Defcon) 470 – https://dc470.org/
- 3rd Thursday, 7-9pm, Fry’s Electronic Cafe – 3065 Webb Rd., Milton, GA 30004
- ATL 2600 – https://atl2600.org/
- 1st Friday, 7-9pm, Lennox Square Mall Foodcourt – 3393 Peachtree Rd NE, Atlanta, GA 30326
Below are some resources that will help with understanding cloud services
- How to start / stop an ec2 instance via the console
- How to create, view bucket properties
- Security Groups
- Overview of VPC and securing your VPC
- What is an ENI ( Elastic Network Interface)
- How to setup client VPN to AWS