Open in app

Sign in

Write

Sign in

Offensive Cyber-Security for Dummies

Zarkones Xena
4 min readJul 12, 2021

ETHICS

I’m referring to a bit of a younger audience which may not be aware of their capabilities.

Be responsible. Even through you may not have the wrong intention, performing a penetration testing can have side-effects.
You may just want to learn new stuff, and by doing so decide to run some tool against some party’s servers, which can cause a lot of damage!

Think of others. Have respect for others. Your automated scans can bring servers down or have a very unexpected effect. Think of people trying to recover production servers at 3:30 AM. It ain’t fun.

If you want real-world experience, participate in bug bounty programs.
But bare in mind that you should respect each program’s policy.

Penetration testing of any kind should take place after the written permission has been issued to the penetration tester.

LEARNING RESOURCES

Real World Vulnerabilities

pentester.land/list-of-bug-bounty-writeups
hackerone.com/hacktivity

Land of known threats

any.run

Questions & Answers

security.stackexchange.com

Blogs

blog.malwarebytes.com
mcafee.com/blogs
krebsonsecurity.com

CASUAL LINUX

Recommendation of Linux distributions meant for day-to-day use.

Parrot OS: Home Edition

Parrot Home Edition is a general purpose operating system with the typical Parrot look and feel. This edition is designed for daily use, privacy and software development. Parrot Tools can be manually installed to assemble a custom and lightweight penetration testing environment.

Has the modern look. Comes with multiple desktop environments and the system is oriented towards privacy and security.

www.parrotsec.org

Debian

An operating system is the set of basic programs and utilities that make your computer run. Debian systems currently use the Linux kernel or the FreeBSD kernel. Linux is a piece of software started by Linus Torvalds and supported by thousands of programmers worldwide. FreeBSD is an operating system including a kernel and other software. However, work is in progress to provide Debian for other kernels, primarily for the Hurd. The Hurd is a collection of servers that run on top of a micro kernel (such as Mach) to implement different features. The Hurd is free software produced by the GNU project.

www.debian.org

As they say, a truly general purpose operating system.

OFFENSIVE LINUX

Linux distributions meant to be used for conduction of penetration testing.

Parrot OS: Security Edition

Parrot Security Edition is a special purpose operating system designed for Penetration Test and Red Team operations. It contains a full arsenal of ready to use penetration testing tools.

www.parrotsec.org

My favorite! Runs well on older computers and it’s really packed with all you may need. In the contrast to Kali Linux, it does have a decent level of security.

Kali Linux

Kali Linux is an open-source, Debian-based Linux distribution geared towards various information security tasks, such as Penetration Testing, Security Research, Computer Forensics and Reverse Engineering.

www.kali.org

I’ve used it in the past, it’s really good, but it’s not my cup of tea.

ISSUES WITH SECURITY IMPLICATIONS

HTTP Smuggling

Web Cache Poisoning

Request Forgery

Cross-Origin Resource Sharing Misconfiguration

Missing or Wrong Implementation of Anti Cross-Site Request Forgery Token

SQL Injections

Account Takeover

Command Injection

Weak Credentials

Weak Rate-Limiting

Self-Inflicting Denial of Service

Abuse of the “forgot a password” feature

Web Cache Deception

Weak Encryption

Cross-Site Scripting

Weak Input Escaping and Validation

PROGRAMMING

You need to read and write code.
That can be done by using a programming language.
A programming language is a language as any other, except the fact it’s understood by both humans and computers.
In order for your computer to understand a programming language, you’ll need to acquire a programming language compiler or interpreter.
Compiler is a program which translates your code into binary program.
Interpreter is a program which executes your code as it is read.
Binary program is a set of zeros and ones, representing the flow of electricity in your computer.

With that being said. You need to pick a language for yourself. I will mention some of them, which I consider a good fit for a cyber-security role. Bare in mind that the order in which I’ve written them in doesn’t matter.

  1. HAXE — An open source cross-platform strictly-typed high-level programming language with a fast optimizing cross-compiler. It transpiles to: JavaScript, HashLink, Eval, JVM, PHP7, C, Lua, C++, Python, Java, Flash, Neko, ActionScript, PHP5… It’s standard library includes support for Web servers (full-stack), GPU programming, Cryptography, Threading, and many more…
    It comes with a package manager called haxelib.
  2. Golang — An open source cross-platform strictly-typed low-level programming language with an accent on scalability and a modern syntax. It’s really fast and has a relatively small foot-print. Definite choice for those who have C or Python background.
  3. TypeScript — An open source cross-platform optionally-typed high-level programming language with a really configurable compiler. It’s real power comes from the Node JavaScript framework.
  4. Python3 — An open source cross-platform optionally-type high-level programming language with a strict syntax. It comes with a reach ecosystem of libraries.

When it comes to the code that you read, the following serve you well with the content.

  1. GitHub
  2. GitLab
  3. BitBucket
  4. PasteBin

PENETRATION TESTING SOFTWARE

Software meant to be used when trying to break into computers.

Reconnaissance

Sublist3r — Passive enumeration of subdomains.
NMAP — Software used for network mapping.
Shodan — Internet mapped for you.
BurpSuite — Capable of brute-force subdomain enumeration, endpoint enumeration and passive HTTP analysis and logging.
Tor Browser — Free and anonymous web browsing.

Proxies

BurpSuite — Proxy application used for interacting with HTTP traffic.
Tor — TCP proxy server. Oriented towards privacy and freedom.

Exploitation of Computers

Metasploit — Humans and software exploitation framework.
XENA — Framework used for botnet creation & development.
Armitage — Metasploit with a native interface for desktop operating systems.
CHAOS — Remote administration tool.

Database (SQL) Exploitation

SQLMap — Automated SQL injection and database takeover tool.
SQLNinja —SQL exploitation tool.
BurpSuite — It’s useful for manual & automated efforts when it comes to SQL injections.

Cybersecurity
Penetration Testing
Programming Languages

--

--

Zarkones Xena

Written by Zarkones Xena

14 Followers

Researcher. Software Developer. Bitter Leaf & Gin-Tonic enthusiast.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams