Welcome to Red Team General! Here we discuss everything relating to offensive security, pentesting, social engineering and anything else you that might fit the bill!

1. Where to start?

If you’re new and looking to get started, feel free to post! If you’re looking for resources, there are a few listed below. Keep in mind that being a good sysadmin does not make you a good pentester. Everyone starts at zero!

2. Certifications

2.1. CEH - Certified Ethical Hacker

Good resume buff, not great for much else.

2.2 ECSA - EC-Council Certified Security Analyst

You’ll have to know what you’re doing, this one’s the next step from CEH.

2.3. LPT - Licensed Penetration Tester

This one’s more focused on documentation and ethics. Worth mentioning, but not super valuable. Builds on ECSA.

2.4. OSCP - Offensive Security Certified Professional

This is the one you want. 24 hours to own 5 systems and another 24 hours to write a detailed report. Not easy, very rewarding.

3. Resources

3.1. Guides/information

3.1.1. http://www.abatchy.com/2017/03/how-to-prepare-for-pwkoscp-noob

Zero to hero guide for OSCP. More of an outline, points you in the right direction.

3.1.2. http://niiconsulting.com/checkmate/2017/06/a-detail-guide-on-oscp-preparation-from-newbie-to-oscp/

Another OSCP outline.

3.1.3 https://www.cybrary.it/0p3n/prep-guide-offsecs-pwkoscp/

Cybrary is a good resource for all things IT. Free courses, not all that complete though.

3.2. Tools

3.2.1. Kali Linux

Your one stop shop for pentesting.

3.2.2 BackBox

Pentesting Distro, similar to Kali, haven’t personally used it.

3.2.3 Parrot

Security focused Linux distro, also provides a lot of pentesting/forensics tools.

3.2.4. Metasploit

Starting point for most noobs, swiss army knife, automates the hard stuff. Freemium model, community variant should be enough for anyone.

3.2.5. Burp Suite

Web Exploitation toolkit. Freemium model. Helps automate most things.

3.3. Youtube

3.3.1. IppSec - youtube

Walkthroughs of retired HTB vms.

3.3.2. Hak5 - youtube

They’re the ones behind the Rubber Ducky, Pineapple, Lan Turtle, Packet Squirrel and Bash Bunny. All this can be found at https://hakshop.com

3.3.3. LiveOverflow - youtube

Binary exploitation, web hacking, angular security.

3.4. Talks

3.4.1. Jason E Street

One of my favorites. This guy is the epitome of the plebian hacker. Talks in the spoiler.

3.5. CTFs

3.5.1. Hack The Box

Need to hack the invite code. Hard enough to keep the skids out.

3.5.2. Over The Wire Wargames

Simple CTF wargames. Recommended order:

1. Bandit
2. Natas
3. Leviathan
4. Narnia
5. Behemoth
6. Krypton
7. Utumno
8. Maze
9. all the rest, doesn’t really matter.

3.5.3. VulnHub

Pre-broken images to have your fun with.

I recommend Mr Robot or any of the kioptix images, so far.

Found a good resource? @ me and I’ll add it to the OP!

Responsibility disclaimer: All this can add up to a person who’s able to do really bad things. Please only break into networks on which you’re authorized to do so. If we find out you’re breaking into networks or systems that you aren’t authorized for, you’ll be escorted off the premises by security.

Is another youtuber that does hacking stuff. Has a tutorial on binary exploitation

I guess I should start off by asking if anyone else is on HTB. I got in last week, so I haven’t had a whole lot of time to do work on it yet. Hoping to get a KVM switch in tomorrow that will allow me to do more.

I’m also working on getting a small lab up. Hopefully it will be up shortly. Who knows how long that will actually take though.

Great topic @SgtAwesomesauce. I will have to check out some of these sources. have dabbled in pen-testing before mostly with WiFi and some network stuff on my own hardware but overall still fairly new to it. Looking forward to where this goes and will definitely report back with my exploits in this.

Glad to hear you like it. If you have any questions, definitely hit me up. I’m far from a pro, but I’m aiming to get some certs by years end.

Thank you can count on it.

Ive got some experince in all 3 types of hacking black,gray and white and i want to continue learning. Need to get a dedicated laptop that is good to go for a dedicated thing. Might just keep kali on its own partition with my new laptop

OneTwo things to note: I’ve had difficulty dual-booting kali with Solus, Pop OS and Fedora. Only ever tested UEFI, so I can’t say for sure if it’s a uefi or a Kali issue. I just gave up and left my elitebook with Kali installed. Also, they removed the broadcom STA drivers from the repo, so you’re SOL if you want to use them.

Ive never had a issue with kali linux but its been a few years since ive used it.

neat keeping kali on a separate partition is a pretty good idea. I’m not sure what approach I’ll take with this, In the past I had kali on a usb flash drive but thinking about having a dedicated kali install on a portable ssd attached to a sata-to-usb adapter instead so I can switch it between my desktop/laptop or whatever machine I want and still get decent performance.

General rule of thumb: either run kali in a VM, or run it on a machine you’re willing to have compromised. Especially if you’re taking part in a CTF. You never know if someone’s going to be watching for a connection to put a backdoor on your system.

Good to know. I might stick to using it in VMs in that case.

Yeah, I have a laptop that I don’t mind wiping every now and again, so I use that one. It’s served me well but I happen to be one of those lucky bastards surrounded by hardware, so I understand if you don’t have access to dedicated hardware.

Well I still have my old 4690k machine I could use for that but also want kali on something portable for when I’ve got no access to my desktop, only device I have is the laptop I’m currently in the process of fixing but it’ll be my main travel device. In future I might see if I can pickup a fairly cheap laptop for messing around with.

https://www.amazon.com/HP-EliteBook-840-Notebook-Professional/dp/B01LXP2XW8/ref=sr_1_2?ie=UTF8&qid=1518484337&sr=8-2&keywords=elitebook+840

I’ve got the G3 model of this. Damn good price if you ask me. Clit mouse, intel wireless, low-res screen is a minus, but that’s what you get for $300. You’ll be spending most of your time in a terminal anyways, so it’s not a bad option.

I may have just talked myself into buying a $300 laptop. LOL

Thats not too bad, I’ll have to see what I can find in my area. realistically I’ll likely end up getting a better laptop than my current one as my main and use the old one for kali instead, its from 2010 and fairly dated

Ah, that’s a good idea. Kali really doesn’t need a ton of horsepower. It can run on lxde (or xfce, I always confuse those two), so it’s not super demanding out of the box, and the only time you’ll ever need horsepower is when you’re bruteforcing, but you should really SSH into a machine that has a GPU for that.

or just rent a VM designed for that.

Those are expensive, but yeah. Since I already run linux on the system with a 1070, I just SSH to that and I’ve manually installed jumbo john.