ShreKy Profile picture
Oct 4 18 tweets 20 min read
1️⃣ IT Fundamentals

Before jumping into more advanced fields, you gotta know the basics.

You can learn everything you need for FREE from
@ProfessorMesser's course ➡️ professormesser.com/free-a-plus-tr…

For reference, you should be apt for @CompTIA's A+ certification before the next step.
2️⃣ Networking

It's time to get technical.

Networking will teach you how the internet works, and it's CRUCIAL to have a SOLID understanding of this subejct.

You don't have to be a network engineer, but know things like the OSI Model, TCP/IP, Ports & Services, CIDR, Subnets, etc
Here are some resources to learn networking:

1. Mike Meyers Udemy course (Cheap, but worth it) ➡️ udemy.com/course/comptia…

2. @ProfessorMesser's course (Free) ➡️professormesser.com/network-plus/n…

3. FreeCodeCamp course (Free) ➡️

Practice - netacad.com/courses/packet…
3️⃣ Linux

After networking, Linux is the next thing you're gonna focus on.

But why Linux? why not Windows?

Linux is EVERYWHERE and thus you NEED to know it like the back of your hand.

You can learn other OS systems after, but first, Linux will be your best friend for some time
Linux is what you'll primarily use in infosec, red or blue team, specifically Debian distros.

Resources to learn:

1. OverTheWire (Free) ➡️ overthewire.org/wargames/bandi…

2. Linux Journey (Free) ➡️ linuxjourney.com

3. @TCMSecurity's Linux 101 (Paid) ➡️academy.tcm-sec.com/p/linux-101
4️⃣ Coding

Coding isn't 100% necessary in cyber security, HOWEVER, it is of great benefit to know some sort of scripting/programming language at least at a basic level.

Depending on your niche, you may want to know: Bash, Python, JavaScript, C, or other languages.
For beginners, I'd recommend Python as a first language.

As with networking, you don't need to become a full stack software dev, just know how to code basic programs and understand them.

After Python, I'd recommend Bash and/or JavaScript.

Below I go into more detail👇
After you complete the fundamentals, you can move on to more specific niches in cybersecurity.

This is the stage where you choose your career path.

Below are a couple of images that show every specialization/job role in cybersecurity:
As you saw above, there's many different specialties in #cybersecurity, including Offensive and Defensive Security, also called 🟥Red Team and 🟦Blue team.

Below are the different components to 🟥Offensive Security:
If you're interested in 🟦Cyber Defence, have a read here at @ine's blog ➡️ ine.com/blog/understan…

🟦Blue team roles:

1. Cyber Security Engineer
2. Cyber Security Analyst
3. Incident Response Manager

❗As a side note, it's good to know the basics of the other side/team aswell
After you've decided on 🟥 or 🟦 , it's time to dive into them.

Training platforms to get you started learning 🟥/🟦 team:

1. @hackthebox_eu ➡️ hackthebox.com
2. @RealTryHackMe ➡️ tryhackme.com

As a start, this is all you need, focus on them for now.
TIPS👇
As a beginner, don't bombard yourself with 100 different learning resources, just go off HTB Academy (academy.hackthebox.com) and THM (tryhackme.com) for a couple months until you create a good general understanding of the field, don't overwhelm yourself.
You're already gonna be very overwhelmed with the amount of information that's thrown at you, so keep it to these 2 platforms for now.

As time passes and your knowledge 📈, YOU'LL KNOW WHERE TO GO NEXT❗ don't worry
And remember, you can never know everything in #cybersecurity👇
Throughout your learning process and beyond, don't forget to network with others by joining communities and follow other people on here.

Communities:
1. TCMSec discord - tcm-sec.com/discord
2. NetSecFocus - mm.netsecfocus.com/join
3. @NahamSec - discord.gg/KsxB68wmSt
+more
@TCMSecurity @thedawgyg @_JohnHammond @dccybersec @hacksplained @HackerSploit @LiveOverflow @davidbombal @Jhaddix @NetworkChuck @TJ_Null @ippsec @CristiVlad25 @ITJunkie @0dayCTF @0xTib3rius @brutelogic @zseano @_zSecurity_ Wrap.

You know what to do from here: GET TO WORK

There's A TON of other resources online, don't limit yourself, you just have to look for them, and REPEAT WHAT'S ALREADY BEEN PROVEN TO WORK❗

You got this🙌

🚨Remember to follow me @shrekysec for more and RT the first tweet👇
I want to emphasize further on this, as it's very important to know this effect curve.

This is the main reason people have Imposter Syndrome, especially at the beginning.

You may not know much yet, but you get better with time.

No one can ever know EVERYTHING in this field.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with ShreKy

ShreKy Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @shrekysec

Oct 5
Bug Testing Methodology Series:

𝐗𝐒𝐒 (𝐂𝐫𝐨𝐬𝐬 𝐒𝐢𝐭𝐞 𝐒𝐜𝐫𝐢𝐩𝐭𝐢𝐧𝐠)

Learn how to test for #XSS step by step on real #bugbounty programs.

Thread🧵👇

#cybersecurity #cybersecuritytips #infosec #hacking #bugbountytips #infosecurity
Before we start, it should be mentioned that this thread will only focus on the testing methodology of XSS, not teaching how it works.

If you don't already know what XSS is, check this out ➡️ portswigger.net/web-security/c…
1️⃣ Look for reflections

This is the first step in finding XSS.

Anywhere you see user input is reflected in the response (not limited to what you see on the page, it could be in source code/HTTP response only), note the location/parameter down, that's a potential attack vector.
Read 10 tweets
Sep 30
I gained FULL ADMIN access to other organizations.

The craziest #bugbounty I've found.

Writeup🧵👇

#bugbountytips #infosec #cybersecurity #cybersecuritytips
First of all, I should give a little context about the target:

The target consisted of a collaboration tool for organizations/teams.

There are multiple user roles --> Member, Admin, Moderator, Leader.

It allows organizations to communicate with each other, create teams, etc.
Now onto the findings:

This impact was a result of a 3 bug chain.

Info disclosure --> IDOR --> IDOR --> Full Admin Access to other organizations

Let's dive deeper into each bug chain:
Read 13 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(