HackerCon.com is a project dedicated to Cyber Security, Vulnerability Assessment, Penetration Testing, Malware, Hacking, and other related cyber Security articles, tools and news to keep you aware of what’s happening in the cyber space.
What you need to know to become an effective Cyber Security Professional? In my humble opinion, you need a little bit of programming, networking, TCP/IP, managing servers, problem solving, analytic skills (analyst), cyber, basically a little bit of everything. Then you need to specialized in Penetration Testing, Information Assurance, Cyber Analyst, Risk Management and other cool stuff securing your network environment. I’ll take it back, you need to build up your experience then specialization will follow.
For example, if you want to be a Penetration Tester (or PenTest) you start reading the Penetration Testing Execution Standard (PTES). It consists of seven (7) main section for you to learn.
- Pre-engagement Interactions
- Intelligence Gathering
- Threat Modelling
- Vulnerability Analysis
- Post Exploitation
Once comfortable with these topics and you still want to learn more. I highly recommend reading the NIST 800-53 Security and Privacy Controls and NIST 800-171. The document will reference other 800 series, read them too. For web security, strongly recommended reading the Open Web Application Security Program (OWASP) Top 10. If you want to learn and share your knowledge, post in our message forum or leave a comment at the end of this article.
List of tools updated by KING.NET
Open Source Vulnerability Assessment Tools. Test them all and see what fit to your work environment. I removed tools that is not a Open Source or Free for community use.
- Metasploit Framework Managed by Rapid7. You can download and install it using Linux/Mac OS X or Windows. You can download it through github.
- Retina Community managed by BeyondTrust, gives you powerful vulnerability management across your entire environment for up to 256 IPs FREE. Identify network vulnerabilities (including zero-day), configuration issues, and missing patches across operating systems, applications, devices, and virtual environments. You need to fill out the form to receive your FREE 256 IP license.
- OWASP Zed Attack Proxy Project a free tools to automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Also another toolkit for pentester to use for manual security testing.
- Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated.Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software. Scan items and plugins are frequently updated and can be automatically updated. Continue reading here and download it github.
- Burp Suite Free Edition is a software toolkit that contains everything needed to carry out manual security testing of Web applications. The community edition is a limited feature, I think the Professional Edition ($399/yr) will be ok to start if the additional fee is not an issue. The Enterprise Edition cost is $3,999/year.
Penetration Testing Books for your references. Register your own domain name at Moscom.com website.
Must have security tools.
- Kali Linux in USB.
- check back for update.
Please come back again, we are continuously updating this page. Don’t hesitate to add your favorite tools not mention here. Use the form below to comment or use the message forum.