This thread is for anyone working on personal projects to share their progress, and hold themselves somewhat accountable to a group of peers.
Post your project, your progress from last week, and what you hope to accomplish this week.
If you want to be pinged with a reminder asking about your project, let me know, and I'll harass you each week until you cancel the service
Jump in the discussion.
No email address required.
Notes -
At the very basic end of things, it seems the easiest way to get started would be Docker or VMs. It's maybe a bit dated at this point, but when I took a CS course on security quite a while back, Google's Gruyere ("Swiss cheese, get it?") was a good toy target application, and there are a number of easily-searchable links for getting that running locally.
I don't directly work in pentesting, so I can't really point you at specific resources, but I think like most folks in tech I've at least had to see the other side of things ("security policy requires these changes"). The concern I'd have for you is that cybersecurity is a rabbit hole both wide and deep: I doubt there are many folks that truly understand all the details of cryptography and implementations (Debian SSH key generation, Heartbleed, Shellshock) and hardware implementation details (Spectre, Meltdown, Rowhammer), or any of a number of other relevant details (rubber hoses). If you just want to try out some fun SQL/JS injection attacks and browser development tools, Gruyere is probably a good starting point, but not being directly in the pentest side of the industry I can't speak to how useful those skills are these days given automated scanning tools for code. I can tell you that I'm pretty careful to sanitize my inputs.
More options
Context Copy link