cybersecurity

3157 readers

2 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 1 year ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

How to get past theoretical knowledge? (infosec.pub)

submitted 10 months ago by adzsx@infosec.pub to c/cybersecurity@infosec.pub

5 comments fedilink hide all child comments

I am currently trying to learn cyber security, specifically pentesting. I also do blue team things now and then, but not too often. I've started about 2 years ago with programming in python, later golang. I feel like I am decent in both. However when it comes to pentesting and security in general. It doesn't feel like I'm doing progress whatsoever. I know about theoretical Linux, networking, programming and that stuff, but when it comes to the hands on tasks, I fail miserably. I know know how HTTP works, but can't do easy Hack the Box CTFs without a complete writeup (not just little hints). I solved a few CTFs on different platforms with the help of writeups because I thought I just lacked the creative thinking part, but I don't see any progress. And when I feel like doing CTFs, I quickly loose motivation because I don't get anything done. Can anyone relate? How can I overcome this?

you are viewing a single comment's thread
view the rest of the comments

[–] cmg@infosec.pub 2 points 9 months ago

Read, reproduce, understand. Think of how the programmer was solving a problem and left a problem. Did they probably didn’t understand the problems. The synthetic challenges are often a skill to themselves.

Re attention span, consider different expectations. Professional product engagements are often 2 ftes/2 weeks. Getting a few good findings out in that time is the goal.

Sometimes they run out of time on a thread they are looking at. Sometimes they pull on a thread only to find out there’s no way from here. Sometimes years later there’s an insight that x could work.

Building up that last skill is what makes you more effective. Find someone to bounce ideas off of that’s in the learning curve with you.