Skip to content

Instantly share code, notes, and snippets.

@Satharus

Satharus/OSC - Getting Started with Cybersecurity.md

Last active February 9, 2024 19:50
Show Gist options
  • Star 4 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save Satharus/84d6cd58bf1cab9d617ab1a298890a18 to your computer and use it in GitHub Desktop.
Save Satharus/84d6cd58bf1cab9d617ab1a298890a18 to your computer and use it in GitHub Desktop.
Download ZIP
A session for OSC 2023's Linux committee and general crew on how to get started with cybersecurity on 30/1/2023
Raw
OSC - Getting Started with Cybersecurity.md

What is Cybersecurity anyway?

  • In layman's terms: Protecting computers from theft or damage
  • In more technical terms:
    • Penetration Testing
    • Vulnerability Assessment
    • "Ethical Hacking"
    • Cyber Defence
    • Threat Monitoring
    • Threat Hunting
    • Threat Intelligence
    • Counter-Espionage
    • Cyber Warfare
    • A lot more!

Why Cybersecurity?

  • We depend more on technology
  • Threats and attacks against tech we use every day are popular as ever
  • Attackers are no longer script kiddies or hackers having fun when everyone else is asleep
  • APT Groups, Governments, and Cybercrime Gangs/Companies are now actively trying to attack their enemies:
    • Damaging their reputation
    • Stealing from them
    • Destroying or disabling their infrastructure
  • Examples:
    • APT14 (Allegedly) --> PoisonIvy Rootkit (Popularly used, especially by Molerats, a Palestinian hacker group)
    • USA/Israel (Allegedly) --> Stuxnet attack on Iran's Nuclear Plants (2010)
    • Conti Ransomware (Rebranded into 3 other companies in late 2022): Huge cybercrime group with over 350 members, and HR department, recruiters, and $2.7 billion in revenue through cryptocurrency in only one year

Conti Ransomware and its family rebranding

Cybersecurity Roles

Now to the big question, where do we geeks, developers, and infosec researchers fit in all this?

Blue Team

Mainly responsible for defending, responding, and improving defence capabilities.

Log --> Alert --> Respond

  • Security Operations Center
  • Incident Response
  • Digital Forensics
  • Malware Analysis
  • Compromise Assessment
  • Threat Hunting
  • Threat Intelligence
  • Vulnerability Assessment
  • Network and Security Appliances Configuration Review?
  • Governance, Risk, and Compliance (GRC) Auditing?

Red Team

Responsible for finding security holes, exploiting them, and reporting them without causing any real damage.

  • Penetration Testing
  • Phishing
    • Spearphishing
    • Email Phishing
    • SMS
    • Vishing
  • Social Engineering

Purple Team

More of a virtual team: pretty much a mix between the two teams, responsible for enhancing the process of both teams.

  • Adversary Emulation
  • Detection Enhancement
  • Red Team Exercise Automation

SCYTHE’s Ethical Hacking Maturity Model

Cybersecurity Jobs

What jobs are available?

In Egypt, there is quite a bit of limited role types. However, the market is booming and growing.

Blue Team

  • Security Operations Center (SOC) Analyst (T1/T2)
    • Threat monitoring
    • Responding to threats
    • Sometimes, threat hunting
  • Digital Forensics and Incident Response Engineer
    • Responding to larger escalated threats
    • Performing deep-dive forensics when it is required
    • Enhancing detection and response through playbooks and use cases
  • Network Security Engineer/Security Infrastructure Engineer
    • Responsible for network security infrastructure
    • Network services, AD Security, Security Appliances etc... are usually part of their responsibility
  • SIEM Admin
    • Responsible for managing and tuning the SIEM for the SOC
  • Threat Hunter (Usually a SOC T2, sometimes T3)
    • Usually, a senior SOC analyst who is designated to perform threat hunting activities

Red Team

  • Penetration Tester: Mobile, Desktop, Web, etc...
  • Cybersecurity Engineer
    • A bit of a generic title, you could be doing anything
    • Mostly I've seen it with red team jobs
    • When I had the title, I did mobile penetration testing, reverse engineering, red teaming activities (phishing simulations), DFIR, and desktop app penetration testing

Misc. Job Roles

  • GRC Specialist/Consultant
    • Responsible for auditing governance, risk, and compliance for clients or internally
    • Relevant standards include: PCI/DSS, ISO 27001, and some others
  • Security-oriented development roles
    • Not that common in Egypt
    • Some companies hire developers specifically to make sure the apps get secured properly

In other parts of the world, there are many other roles which are related directly or indirectly to Cybersecurity. For the sake of time and brevity, I won't get into them. Feel free to check LinkedIn, GlassDoor, and any other website where you can find job titles and then just look up what they do.

How do I get started?

The good ol' question, how do I get started in Cybersecurity?

Well, there isn't one route. As a matter of fact, I don't actually have a route to recommend. However, I can try and tell you what to study based on what you want to do!

Relevant:

My Path

  • Introduced to roughly what cybersecurity is in 2016 (2nd/3rd year of high school)

  • Learned some tiny bits of general computer knowledge and programming until 2017

  • Joined FCIS, ASU in 2017 (Thus joining OSC)

    • Our Linux head, Maha Amin, told us about CyberTalents' new CTF platform
    • We started solving it for a while as a fun exercise
    • I started learning what security actually is
    • I attended CyberTalent's Ain Shams CTF in September 2018, and I came in 2nd place with my team

  • Attended CSCamp in Late 2018

  • Started studying reverse engineering and assembly in early 2019 from OpenSecurityTraining.info (check the resources section)

  • From 2019 to 2020: I kept attending Cybersecurity Conferences and studying random security topics related to what I was interested in: Reverse Engineering, Forensics, etc...

  • January 2020: I got my first job as a SOC analyst at MNZ Technology Solutions

  • April 2020: I moved to the Cybersecurity Services team at MNZ as I knew reverse engineering

    • In this role (Cybersecurity Engineer), I learnt a lot more about forensics, system internals, and incident response

    Note: Up until this moment, I genuinely still had no idea what I wanted to do in Cybersecurity. All knew was that I loved Cybersecurity, low level stuff, and reverse engineering.

  • January 2021: I moved to Cyber Castle for a DFIR Engineer position

  • From 2021 to early 2023:

    • I worked in the same position for ~2 years
    • During my military conscription(obligatory in Egypt), I studied LOTS of topics related to hardware and firmware attacks and security on the side. What helped me to understand such topics was a knowledge of electronics, OS internals, computer architecture, etc...
      • Worth noting that this had been an area of my interest ever since I started studying cybersecurity and it became even more interesting to me when I started working. So, this wasn't my first exposure to such topics!
      • My experience in DFIR, red team activities, and cyber defence definitely helped when studying such topics
      • I also learned that reading is one of the good things you can do to pass time and also benefit from it

  • June 2023: I joined HP Inc. UK as a Hardware & Firmware Threat Research Analyst

As you can see, my path wasn't direct and wasn't planned. Yours won't be either. Each person has their own path.

Also, you can see that I shifted a couple of times between different cybersecurity fields. The only thing being consistent between all of my career phases is always trying to do/learn something and not just waiting for glory. Also, having quite a bit of basics helped me learn different topics a bit easier. This also proves the point that no knowledge is useless. Knowledge will add up eventually and serve whatever you want to do.

A VERY Generic Route

Take this with a grain of salt. You don't have to do exactly this, I am just trying to put a general guideline.

  • First thing, remove the "I don't like this" mentality. You will have to learn stuff you don't like. You may delay studying them a bit but eventually, you will bump into them in your day-to-day job.
    • I, for one, had to learn PowerShell. The funny thing is, I actually started to like it after working with it for a while!
  • Make sure you're familiar with network and OS fundamentals:
    • Linux
      • Familiar with the Shell
      • Familiar with the general structure of the OS, the filesystem, etc... (A very basic overview)
    • Windows:
      • Familiar with internals such as the registry, services, filesystems, etc...
      • Familiar with the command prompt and PowerShell
    • General OS concepts and definitions:
      • Processes and Services
      • Filesystem
      • Logging
      • Crashes and Errors
    • Networking:
      • IPs and Ports
      • MAC Addresses
      • Type of network connections
      • NATing and Port Forwarding
  • Then, decide whether you want to start doing blue team or red team activities
    • How? CTFs!
    • Check the resource section for CTF platforms and a video on how to utilise CTFs properly
  • After you've decided on what you want to do, start studying more specialised topics according to what you like
    • You could actually start with CTFs before studying the basics and learn them as you go. It was what I mostly did. That depends on what you feel like doing. Having good fundamentals never hurts, though.

Side note: You may want to look at So, You Wanna Do Security ?, it is a very detailed video by Mohamed Gamal. He put a huge effort into it and talks about a lot of the key points. You can check the description, look for the job you want, and then listen to what he has to say about it. This video was recommended by my dear friend Islam Mostafa, who co-authored this video with Mohamed and also put a huge effort into it.

Practical Examples

Resources

General Resources

CTF Resources

Blue Team Resources

Red Team Resources

Make sure to check the blog post under General Resources to see more resources.

Connect with the Community

Conferences

Facebook Groups

GET ON TWITTER AND LINKEDIN!

  • Follow people in the industry
  • Interact with posts, share resources, and get known in the community!

Companies and Organisations that Operate in Egypt (In no specific order)

General Advice

This is some general advice I have for anyone starting out in pretty much anything, but I have tailored some of the advice for cybersecurity.

  1. Do something, doesn't matter what it is. Doing something is always better than nothing.
    • Learn anything you can. If you don't feel like learning what's in your " studying path", then do something else but don't waste time waiting to find motivation
    • Want to write your own malware even though you're a blue teamer? DO IT! It is fun. I personally have and learnt a ton from it
    • Don't let your "specialisation" hold you back from trying new stuff or learning things that interest you
  2. Connect with the community, it genuinely helps on both the technical, professional, and personal levels.
    • LinkedIn
    • Twitter
    • Some areas of Facebook
    • Reddit has a couple of good subs
  3. Follow the cybersecurity news, this isn't an advertisement but I really enjoy reading the following email newsletters:
  4. Listen to Podcasts instead of music on your commutes or maybe when you're doing other activities such as running or cooking. I personally really enjoy music so this was hard for me to do, but sometimes I still manage it. I like Darknet Diaries by Jack Rhysider.
  5. Cybersecurity (and computers in general) may be a bit overwhelming at the start, don't let that get to you. Focus on one thing at a time and leave the rest for later.
  6. Don't worry about certifications at the start of your career, those come later and you will find out what you want or need to certify in sooner than later.
  7. It's a fast moving career, no advice or resource recommendation stays constant and accurate for long.

Document Info

Author

Metadata

  • Latest Revision: V1.7 - 13/12/2023
  • Changelog:
    • V1.7: Added Antisyphon talk by Wade Wells
    • V1.6: Added an update to my path, fixed some typos, made the doc clearer
    • V1.5: Added Dr. Ahmed Shosha's talk
    • V1.4: Added Caisec
    • V1.3: Added IRM by CERT Societe Generale
    • V1.2: Added HackTheBox, TryHackMe, VulnHub
    • V1.1: Added Mohamed and Islam's video
    • V1.0: Initial Version before the session

License

  • This work is licensed under a Attribution-NonCommercial-ShareAlike 4.0 International license.
  • Meaning you are free to:
    • Share — copy and redistribute the material in any medium or format
    • Adapt — remix, transform, and build upon the material
  • Under the following terms:
    • Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made.
    • NonCommercial — You may not use the material for commercial purposes.
    • ShareAlike — If you remix, transform, or build upon the material, you must distribute your contributions under the same license as the original.

License

@HossamElQersh
Copy link

Great document, I enjoyed it a lot

@Satharus
Copy link
Author

Satharus commented Feb 2, 2023

@hoss1shark Thanks bro <33

@ahmedYasserM
Copy link

Such an amazing document, Thank you :)

@Satharus
Copy link
Author

Satharus commented Feb 9, 2024

@ahmedYasserM Glad it is useful, no need at all 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment