Security - nimrody/knowledgebase GitHub Wiki

Compliance / Processes

• Starting up security - risk managemnet
• SOC2 starting seven

Hardware

• TPM introduction

Web

• XSS - Cross site Scripting

Cryptography

• the cryptopals crypto challenges

Penetration testing

• Web application penetration testing methodology

  There's quite a few ways to get started with the skills you need for pen. testing and the good news is that a lot of them are free or low cost.

  You should probably start by picking an area that you're interested in (e.g. web, infrastructure, mobile) as whilst there's some commonalities each area has it's own toolset and specific areas of focus.

  For learning there's things like https://pentesterlab.com/ , https://www.offensive-security.com/metasploit-unleashed/

  For practicing legally , a lot of CTF competitions make use of skills which are useful for penetration testers, also places like vulnhub https://www.vulnhub.com/ have downloadable challenge machines that you can run in a VM.

  In terms of meeting up with people in the industry, look out for local Defcon chapters or B-Sides conferences, both of which tend to be free or low cost and have some good content.

• osint for pentesters - password spraying