One of our great adjunct faculty members, Brian Scavotto, who is teaching CYB 451 Incident Handling and Response this month shared the following note with his class. This is great advice for anyone in the cybersecurity field.

“Class,

I cannot stress enough how important it is for you to be a “tinkerer” and “researcher” as you’re learning about cybersecurity topics. Reading about things and watching videos is great, but you need to actually be putting your hands on the keyboard and doing things yourself. That is where the real practical learning takes place. Not only that, but you then get to say that you have experience doing those things. The good news is, it’s extremely easy to practice with the huge amount of resources online; so I’m sharing some of the ones I like to help you in that endeavor. 

Capture the flag (CTF) events:

This is a great way to practice a large amount of different cyber challenges, many of which are forensics and incident response related. This is very similar to your NCL experience, but there are a TON of them out there. Here are a few examples:

• CTF Time – https://ctftime.org
• Pico CTF – https://picoctf.com
• CTF Learn – https://ctflearn.com/

There are a bunch more of these out there. A fairly long list of them can be found here. The write-ups that people do on the challenges are learning gold!

Practicing offensive security stuff actually makes you a much better defender. There are lots of resources for offensive practice:

• Hack The Box – https://www.hackthebox.eu
• Pentester Lab – https://pentesterlab.com
• Pentester Academy – https://www.pentesteracademy.com
• Udemy  – https://www.udemy.com – Not only useful for offensive stuff, but has practical and cheap courses on tons of cyber topics. 

If you’re not familiar with virtual machines, then you should definitely become proficient. Virtual machines can help you to stand up various operating systems in a virtualized environment on your system that will allow you to test out tools, practice offensive security stuff, and learn your way around various operating systems. You could even make a small virtual network if you wanted. I recommend Virtualbox which has an abundant amount of introductions and getting started videos and guides online. One example is here. As an alternative, you could use cloud-based services to launch machines such as AWS or another I like and use personally – Vultr. 

Virtual machines you can stand up to practice offensive stuff (and responding to/investigating your own attacks):

• DVWA – http://www.dvwa.co.uk/
• Metasploitable – https://github.com/rapid7/metasploitable3 – That is the link to 3, but you can also find 1 and 2 online as well. You can attack these vulnerable machines, then log into them and collect the evidence to learn how it looks from a defenders perspective. If you want to get fancy, stand up an ELK stack or the free version of Splunk and have logs flow there! All for free. 

Learn memory analysis. If you’re not familiar with Volatility, the gold standard in volatile memory analysis, check out their site here. Volatile memory analysis is pivotal in IR investigations and it’s extremely interesting. There are also some really fun CTF challenges involving Volatility that you can find at the links above (especially CTF Time). 

Finally, if you’re not learning Python and Powershell at a minimum for coding/scripting then you will be well behind the curve. There are tons of free sources on line to learn this. Udemy (link above) is great for cheap, well done courses on Python and Powershell. Also, Learning Code The Hard Way has some excellent stuff – https://shop.learncodethehardway.org/.

Have fun and hit me up with questions or if you need help with any of these suggestions. 

Brian”