A Friendly Hello


Bit nervous about posting; But here we go.

I’ve been a member of HTB coming up to a year now. Life had slapped me pretty soon after getting access. That got in the way of me and HTB.

I’ve worked in IT for over 10 years. We typically outsource Sec people to come in and test various networks. Obviously I asked “Where do you go to learn? Or even practice this stuff?” and now I’m here (without the use of google to get past the invite I REALLY needed a mini win as I was dealing with depression).

I didn’t do Uni, again life and a cost thing. And my Boss is more than happy to keep me at the level I am at (tech support)… Maybe I’m stupid I don’t know.
I’ve played around with (self taught), python, c++, html/css/php, java.
OS’s Windows Desktop/Servers (my Job), Mac (also my job), RedHat (when I was a teen), Ubuntu, Arch, BackTrack (pre kali… was flirting with the idea back then), Kali.

I’ve always been into Info-Sec. But never had the opportunity (or lab equipment) to learn and practice it. Excited and nervous about being here.
If anyone would have any advice, what cert/books should I aim for/read?Should I focus on retired machines first? Is it OK to read the write ups? Are there learning communities?

Anyway, a friendly Hello.
Looking forward to getting my broadband installed (house move), and getting sunk in. And maybe my next post will actually be helpful to another (it’s nice to dream).


P.S. Sorry for taking up your time.

A friendly hello back. Welcome!

I think you are on a good way. How to proceed depends on how fast and how deep you like to go into infosec. This depends also of the time you have to invest. So if you want to reach a high level it is a lot of time… Sometimes also frustrating but if you have the interest, ambition and pleasure you will get it.

There could be other opinions, but i recommend to do some easy machines at the retired lab first. If you don’t get it at the beginning, don’t bang your head twenty hours against :wink: Try it for an amount of time and maybe a break would give you new ideas. If this is not the case, you can watch the video of e.g. ippsec (benefit of the retired machines) until the point you are struggling. Then you can try again to proceed by your own.

Mhm, there are a lot of books out there. In which direction would you like to go? Webapp, OS, Coding, Reversing, Social Engineering, etc? (maybe you can’t answer that question at time).
A well known book for webapps is “The Web Application hacker’s handbook”. Also an interesting book about hacking in general is “Hacking - The art of Exploitation”. To start and get an overview I can recommend “Penetration Testing” from Giorgia Weidmann.
Are you also interested in Buffer overflows? There is a great tut at SEH based overflow exploit tutorial - Infosec Resources (the links of the basic knowledge about stack overflows are broken at time, but you will find it with google)

In general, I recommend to do a lot of practice. You can read some books, thats good, but the real skill you will get with practice, practice, practice.

Certification? SANS offer a lot of courses. And i’m sure, you know offensive security. So there is the OSCP Certification. Some years ago, it was an insider tip. Now, some parts of the industry have realized how valuable this certification is. Play around here in the labs and if you get the easy til middle rated boxes you are ready to register for the oscp lab. You can do it also earlier, but you will then need much more effort and the mindset “Try Harder” :slight_smile: