Having completed my Network+/Security+ certifications near the end of October, I’ve been trying to put together a sort of plan of study, or things to start learning about; to become more well rounded and get about doing my own research.
I have a couple of things, which I might briefly touch on, but for now, some books to potentially work through:
- Linux Basics for Hackers by OccupyTheWeb
- The Linux Command Line by William Shotts (free online, want to contribute to a Spanish translation in future)
- Practical Packet Analysis by Chris Sanders
- Wireshark for Security Professionals by Jessey Bullock w/ Jeff T. Parker
- Attacking Network Protocols by James Forshaw
- Practical SQL: A Beginner’s Guide to Storytelling with Data by Anthony DeBarros
- Malware Data Science : Attack Detection and Attribution by Joshua Saxe & Hillary Sanders
- Advanced Penetration Testing: Hacking the World’s Most Secure Networks by Wil Allsopp
- Linux Server Security: Hack & Defend by Chris Binnie
- Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman
- Web Application Hacker’s Handbook 2nd Ed by Dafydd Stuttard & Marcus Pinto and/or the Portswigger Web Security Academy
This list is pretty tentative, and since first written has probably changed a bit in my mind. I realize it might not be possible time wise, I might not get to go through all of them, and I might not be technically apt to work through all successfully, but in combination to random projects and stuff I look at, watch, etc.; I think it can be a good foundation. I’ll try to post more lists of tentative things I want to do.
For example, use my Raspbery Pi for something, maybe do pwnagotchi, set up IDS, play with a SIEM or do a free Splunk course, etc.