Importer

Feedback for Study Plan (Kali Linux & Penetration Testing) - 4 Points

I started to study pentesting for two months with the book named Penetration Testing - A Hands on Introduction to Hacking by Georgia Weidmann, and now I am really hungry to learn more :) . I think I found the right area to study for years (IT&Network&System Security). When finished my book I think that I must have a plan for my learning process to go deeper and to be master. I made a plan in which there are books, video tuts and certifications, and now I need some feedback about it (masters and profs can help me to improve it but any feedback from anyone are welcome).

And here my plan:

  1. Information Gathering

    • Kali Linux Network Scanning Book (Book)

    • INE- Wireshark Advanced Technologies (Video Tut)

  2. Threat Modelling

    • Kali Linux Cook Book(Book)
  3. Vulnerability Analysis

    • Gray Hat Hacking - The Ethical Hacker's Handbook(Book)
    • Kali- Assuring Security by Penetration Test(Book)
  4. Exploitation

    • Gray Hat Hacking - The Ethical Hacker's Handbook(Book)
    • Udemy - Certified Metasploit Framework Professional (Video Tut)
    • Kali Linux - Social Engineering(Book)
    • Web Penetration Testing with Kali(Book)
    • Udemy - Website Hacking in Practice(Book)
  5. Post-exploitation

    • Gray Hat Hacking - The Ethical Hacker's Handbook(Book)
    • Mastering Kali Linux for Advanced Pen testing(Book)
    • Cybrary - Pen Test and Ethical Hack (Video Tut)
    • Kali Linux CTF Blueprints(Book)
    • Infiniteskills - Reverse Engineering and Exploit Development (Video Tut)
  6. Mobile Hacking

    • Penetration Testing -Georgia Weidmann Chapter 20(Book)
  7. Study through learning process:

    • Programming
      • Black Hat Python - Python Programming for Hackers and Pentesters(Book)
      • Penetration Testing with Bash Shell(Book)
    • Tactics and Techniques
      • Ninja Hacking - Unconventional Pen Test Tactics and Techniques(Book)

Prerequisites(also my b.g.):

  • Linux & Microsoft Operating Systems Knowledge
  • Networking (Reference models-OSI & TCP/IP, Protocols, Subnetting ex.)
  • Programming (Functional and OOP knowledge; PHP, C/C++, Java)
  • And, labour and patience :)

If one wants to work as pentester or IT/System Administrator, you should have some certifications, I think (especially in this area). Thus, there is a list for certifications:

  • CISSP (Certified Information Systems Security Professional):

    • Official Link: https://www.isc2.org/cissp/
    • Study Sources:
      • Official (ISC)² Guide to the CISSP CBK Textbook
      • All-in-One CISSP Certification by Shon Harris
  • OSCP (Offensive Security Certified Profesional):

  • CEH (Certified Ethical Hacking)
    • Official Link:
    • Study Sources:
      • EC-Council Online Training
      • Ethical Hacking & Countermeasures (All of them)

And, there are resources for free times:

  • The Tech Active Series - The Hacker's Manual 2015
  • Kevin Mitnick's books
  • Mikko Hypponen - Security Presentations (TED Talks)


No answers

This site uses data from stackexchange. Source