Teach Yourself Information Security

Inspired by Teach Yourself Computer Science, this guide intends to provide a basic (and generally, free) set of resources for getting started with learning computer security while also answering the following questions:

tl;dr:

The consensus is that to build a strong foundation for infosec, you will want to start by studying networking, operating systems fundamentals (Windows & Linux), and some sort of scripting/programming language like Python or Bash. Study these first, and then dive into another subject (some of which are listed here) that piques your interest, if you want. There are many domains of infosec to explore.

Subject Why Study? Resources Exercises/CTF
Networking Learn how computers talk to each other and how the Internet 'works'. Computer Networking: A Top-Down Approach Malware Traffic Analysis
Operating Systems This is the 'computer' in 'computer security'. Nand2Tetris & Linux Journey & Windows Internals OverTheWire: Bandit
Programming Automate tasks and write your own tools, and be able to 'get' what a program does (even if you don't know the language). Harvard CS50 &
Automate the Boring Stuff w/Python
Try making your own tools!
Open Source Intelligence Augment everything you do by being able to find all of the info you need, online. Open Source Intelligence Techniques & OSINTCurious Quiztime & SourcingGames
Cryptography This is key to confidentiality, integrity, and non-repudiation (e.g. 'no-takebacks') - i.e. the stuff vital to security. Online Cryptography Course CryptoHack
Digital Forensics & Incident Response Be able to stop bad stuff from happening and figure out what happened. 13Cubed Videos & Incident Response and Computer Forensics CyberDefenders Labs
Malware Analysis & Reverse Engineering Figure out how programs really work and make them do things they weren't designed to. Practical Malware Analysis & Pwn.college Nightmare
Pentesting Exploit vulnerabilities and navigate around an environment like an attacker, so that you can better defend. Penetration Testing, INE Penetration Testing Student TryHackMe & HackTheBox
Web App Exploitation Most of how you interact with the Internet is through web apps, so you should know how they can be broken. PortSwigger Web Security Academy

§ The most important skill

Being able to research effectively is the most important skill that a learner can have. No one knows everything, you will inevitably forget things, and as your knowledge/experience increases, you will inevitably need to research questions that do not have a straightforward answer.

Bottom line: If you know how to find the answer to a question, you know the answer to the question.

Basic research guide coming soon, but some quick tips in the meantime:

If you have made a good faith effort to answer your question using available resources and still haven't found a satisfactory answer, it might be time to ask other people. This LiveOverflow Video goes over how to ask a technical question.

§ Networking

Networks facilitate communication between computers and understanding how they work is critical for nearly every other subject on this list.

Resources:

§ Operating Systems

This is admittedly a large topic which consists of understanding the following, for both Windows and Linux operating systems:

Like networking, learning how operating systems function is fundamental as the OS manages processes, memory, software, network connections, and hardware on the computer.

Resources for System Administration:

Resources for OS functionality:

§ Programming

If there is a particular language you'd like to learn, go for it! However, Python is generally viewed as the best programming language for beginners to learn, as it is:

In particular with programming, focus on understanding how to program with sockets, and make network connections with your scripts. Check out modules like Impacket and try using them in your scripts.

Resources:

The C/C++ programming language is also recommended for beginners after Python, and is "lower-level", and are less abstracted from machine code compared to Python. In C, programmers directly interact with low-level infrastructure like memory and buffers. This makes C more challenging to learn. An understanding of C will be helpful if you want to do disassembly / reverse engineering, or otherwise have a better grasp on reading and understanding programs and how they interact with the operating system.

§ Open Source Intelligence (OSINT)

OSINT refers to collection and analysis of publicly available information, generally available on different parts of the Internet. Within the context of infosec, OSINT is used across multiple domains: incident responders may use it to identify the type of flaw exploited in a system, malware analysts may research domains and code snippets in an effort to attribute malware, and so on. Unlike other domains, the resources for OSINT are somewhat scattered because there are so many types of OSINT, which extends beyond the scope of research specific to infosec.

Resources:

Tool Collections:

Hands-On Practice:

§ Cryptography

Cryptography is built around mathematical problems/concepts. If you don't have a strong foundation in math, consider reading / skimming Mathematics for Computer Science, a free MIT OpenCourseWare textbook that has an accompanying online course. Reading through the Number Theory section is recommended for Cryptography, specifically.

Resources:

§ Digital Forensics & Incident Response (DFIR)

Incident response involves immediate triage and response to a security incident (e.g. 'stopping the bleeding') whereas forensics typically involves retroactively 'stepping through' data in order to develop a comprehensive picture of what happened. These two fields are intertwined (and malware analysis may also be part of this), hence we are presenting them together.

Resources:

If you are doing DFIR, depending on the size of your organization, you may also be interested in Cyber Threat Intelligence (CTI). Intelligence-Drive Incident Response (Roberts, Brown) explains different CTI cycles/models and how they can be implemented into the incident response process.

§ Malware Analysis & Reverse Engineering (RE)

A prerequisite for malware analysis and RE is setting up an environment where you can safely detonate and analyze malware, and reset the environment back to 'normal' once you're done. This is generally done through the use of virtual machines (VMs), which are essentially emulated computers that you can run from your own machine (host OS) or the cloud (You can also use Docker containers). FireEye's FLARE VM is a Windows 10 environment that comes with a ton of preinstalled tools for both dynamic and static analysis. Note that you will need a Windows 10 ISO for it. REMnux is a Linux-based toolkit for malware analysis, and is especially helpful for analyzing malicious documents (maldocs)

When disassembling a sample, the disassembler will display machine language in Assembly language format, hence it will also be helpful to learn Assembly language (like x86), particularly for RE / binary exploitation. UoV's x86 Assembly Guide offers a straightforward overview.

Resources:

Resources for Researching Malware:

For a more detailed discussion of resources for RE & malware analysis (including specific recommendations for learning about different types of malware techniques), see Hasherezade's How to start guide.

§ Pentesting

Penetration testing involves finding and exploiting vulnerabilities across an organization's computer infrastructure, which includes networks, operating systems, identity infrastructure like Active Directory, and applications/services. Emulating the different steps that an attacker can take as they move through a system is helpful for understanding how to defend against malicious activity.

Resources:

To practice penetration testing techniques, try exploiting some hosts on a CTF platform like TryHackMe or HackTheBox.

§ Web App Exploitation

Web apps represent a major part of how people interact with computers and the Internet on a day-to-day basis. Exploitation of them involves understanding different types of flaws in authentication/authorization and the way data is stored.

Resources:



§ FAQ

§ What computer / operating system / tools do I need to get started?

Use what you have. You don't need any specific hardware or operating system to learn. This includes Kali or Parrot Linux, two penetration testing-focused Linux distributions.

It will be helpful to have some sort of Linux command line interface from which you can install and run tools.

§ What if I want something that will give me a bit of everything?