A question I frequently get from students goes something like “green, what can I do to improve my technical skills and learn about <fill in the blank topic>?”, or “green, how can i get plugged into the infosec community?”
I know there are a lot of sites out there that offer tips about students should go about doing this. However, I find that I can never remember where those resources are, so I thought I’d put together my own list of suggestions so I know where it is… 🙂
My goal is to update this periodically with items I come across, or suggestions provided to me. If you would like to suggest an item to me, reach out using any of the methods listed in the page footer.
Having a home lab is step zero in preparing yourself for learning new material. A lot of the free resources available to use are either virtual machines or containers. While I’d like to say you can trust these nice people who make these resources available, as a security professional you should treat them as potential threats to your environment and take appropriate steps to mitigate that risk.
- “Building Virtual Machine Labs” by Tony Robinson – https://leanpub.com/avatar
Virtual machines / containers
After building your home lab, you now have a “clean room” and are ready to start looking for “vulnerable by design” virtual machines or containers to practice with.
- Vulnhub – https://www.vulnhub.com/
- Metasploitable3 – https://github.com/rapid7/metasploitable3
- Windows Evaluation Center – https://www.microsoft.com/en-us/evalcenter/evaluate-lab-kit
These websites provide tutorials and training opportunities. Some are free to use, while some are “pay to play”.
“Hands-on” training websites
These websites provide “hands on” opportunities for you to gain new skills. Some are free to use, while some are “pay to play”. If you’re unable to build a home lab, these websites are a good second option to get practice time.
- HacktheBox – https://www.hackthebox.eu/
- TryHackMe – https://tryhackme.com/login
- MicroCorruption (Embedded Security CTF) – https://microcorruption.com
- UndertheWire (PowerShell specific training) – https://www.underthewire.tech/index.htm
These communities are helpful for career networking, learning about new training opportunities, and general security-related conversation
- BSides Atlanta (Slack) – https://bit.ly/bsidesatl-slack
- Atlanta Cybersecurity Engineers (Discord) – http://bit.ly/atlseceng
- Kennesaw State University Infosec Community (Slack) – http://bit.ly/ksu-infosec-community
- Kennesaw State University Offensive Security Research Club (Discord) – http://bit.ly/offsec-discord
Security-related group meetings
These groups meet regularly, and are security-related in nature. Some are meeting in-person, while some are not.
- DC (Defcon) 404 – https://dc404.org/
- 3rd Saturday, 2-5pm, Manuel’s Tavern – 602 North Highland Avenue Northeast, Atlanta, GA 30307
- DC (Defcon) 770 – https://dc770.org/
- 1st Tuesday, 7-9pm, Jefferson’s Restaurant – 28 W. Main Street, Cartersville GA
- DC (Defcon) 678 – http://dc678.org/
- 2nd Wednesday, 6-9pm, Marietta Square Market – 68 North Marietta Pkwy NW, Marietta, GA 30060
- DC (Defcon) 470 – https://dc470.org/
- 3rd Thursday, 7-9pm, Fry’s Electronic Cafe – 3065 Webb Rd., Milton, GA 30004
- ATL 2600 – https://atl2600.org/
- 1st Friday, 7-9pm, Lennox Square Mall Foodcourt – 3393 Peachtree Rd NE, Atlanta, GA 30326