Здесь росписаны основные скилы (проверенные в ходе первого личного интервью) крупной, очень заметной компанией в InfoSec.
Я думаю, что это хороший список базовых скилов для всех, кто хочет начать карьеру в Infosec (со специализацией, некоторые навыки программирования/написания сценариев) или изучите кибербезопасность либо хакерство как хобби:
Networking:
> Good understanding of OSI layer model
> Understating of communication flow through each layer
> Good understanding of functions of each layer
> Understanding of major protocols in each layer
> In-depth understanding Layer 3 & Layer 4 protocols
- IP, ICMP Protocols (layer 3)
- TCP, UDP Protocols (layer 4)
Overview of TCP/IP Layer model:
> ARP
> Understanding of Client & Server communication model
> Ports common services run on
> Ephemeral port vs Well known ports
Understanding of major (everyday Layer 7) services/protocols:
> DNS
> DHCP
> HTTP HTTP Header Fields HTTP Status Codes
> How HTTP maintains state - HTTPS vs HTTP
> FTP
Active vs Passive data transfer
> SSH / SSH handshake
> Telnet /Telnet Handshake
> SMTP / SMTP handshake (Mail from/ rcpt to)
> How attachments are handled Network
Troubleshooting Methodology:
> Understanding of Network Address Translation (NAT)
> Understanding of Port Address Translation (PAT)
> Understanding of Proxies / Overview of Virtual Private Networks (VPNs)
How to read packet headers - Know common packet header information for IP, TCP, UDP +
Understand which device operates at which OSI layer:
> Hub
> Switch
- Managed vs Unmanaged
> Firewall
> IDS/IPS
Ability to read devices logs:
> IDS/IPS
> Firewall
> Windows
Advanced Concepts (Possible Self Study Topics):
> Content Delivery Networks (CDNs)
> HTTP Pipelining
> IPv4 vs IPv6 addressing scheme
> IPv4 and IPv6 differences
Security Security Device Operations :
> Understanding of IDS/IPS technologies
- Signature based vs Anomaly based
- HIDS vs NIDS
How Snort works / How IPS systems prevent attacks >
> Drop packets
> TCP reset
Security Attacks:
> Detailed understanding of common web attacks o SQL Injection
> Blind o Cross Site Scripting
- Stored
- Reflected
- DOM
> Cross Site Request Forgery
> Local File Inclusion
> Remote File Inclusion
> Basic understanding of buffer overflow
> Denial of Service
> Remote Code Execution / PHP attacks
> Heartbleed
> Shellshock
> Brute Force attacks
Understanding of the Malware Kill Chain:
> Worm vs Trojan
> Phishing email/Landing redirect page
> Exploit Kit
> Malware Download
> Malware Install
> Phone Home
> Data Exfiltration
> Command and Control
Linux Overview of file structure:Knowledge of filesystems used: NTFS, FAT vs ext2/3/4 - Overview of a journaling filesystem
+ The Shell:
> Executing commands and command options
> Interactive features: job control, history
> File Utilities (cp, mv, rm, etc.) Editors: vi/vim o vimtutor (Homework)
> Process Utilities (ps, kill, wait, sleep)
> Filters: cat, head, tail, sort, uniq
Как читать справочные страницы: man против info / apropos + man -k <ключевое слово>
+ Инструменты командной строки для общих задач SOC
Детальное знание tcpdump / Детальное знание grep / Обзор: o sed o awk o cut o screen o nohup
Я думаю, что это хороший список базовых скилов для всех, кто хочет начать карьеру в Infosec (со специализацией, некоторые навыки программирования/написания сценариев) или изучите кибербезопасность либо хакерство как хобби:
Networking:
> Good understanding of OSI layer model
> Understating of communication flow through each layer
> Good understanding of functions of each layer
> Understanding of major protocols in each layer
> In-depth understanding Layer 3 & Layer 4 protocols
- IP, ICMP Protocols (layer 3)
- TCP, UDP Protocols (layer 4)
Overview of TCP/IP Layer model:
> ARP
> Understanding of Client & Server communication model
> Ports common services run on
> Ephemeral port vs Well known ports
Understanding of major (everyday Layer 7) services/protocols:
> DNS
> DHCP
> HTTP HTTP Header Fields HTTP Status Codes
> How HTTP maintains state - HTTPS vs HTTP
> FTP
Active vs Passive data transfer
> SSH / SSH handshake
> Telnet /Telnet Handshake
> SMTP / SMTP handshake (Mail from/ rcpt to)
> How attachments are handled Network
Troubleshooting Methodology:
> Understanding of Network Address Translation (NAT)
> Understanding of Port Address Translation (PAT)
> Understanding of Proxies / Overview of Virtual Private Networks (VPNs)
How to read packet headers - Know common packet header information for IP, TCP, UDP +
Understand which device operates at which OSI layer:
> Hub
> Switch
- Managed vs Unmanaged
> Firewall
> IDS/IPS
Ability to read devices logs:
> IDS/IPS
> Firewall
> Windows
Advanced Concepts (Possible Self Study Topics):
> Content Delivery Networks (CDNs)
> HTTP Pipelining
> IPv4 vs IPv6 addressing scheme
> IPv4 and IPv6 differences
Security Security Device Operations :
> Understanding of IDS/IPS technologies
- Signature based vs Anomaly based
- HIDS vs NIDS
How Snort works / How IPS systems prevent attacks >
> Drop packets
> TCP reset
Security Attacks:
> Detailed understanding of common web attacks o SQL Injection
> Blind o Cross Site Scripting
- Stored
- Reflected
- DOM
> Cross Site Request Forgery
> Local File Inclusion
> Remote File Inclusion
> Basic understanding of buffer overflow
> Denial of Service
> Remote Code Execution / PHP attacks
> Heartbleed
> Shellshock
> Brute Force attacks
Understanding of the Malware Kill Chain:
> Worm vs Trojan
> Phishing email/Landing redirect page
> Exploit Kit
> Malware Download
> Malware Install
> Phone Home
> Data Exfiltration
> Command and Control
Linux Overview of file structure:Knowledge of filesystems used: NTFS, FAT vs ext2/3/4 - Overview of a journaling filesystem
+ The Shell:
> Executing commands and command options
> Interactive features: job control, history
> File Utilities (cp, mv, rm, etc.) Editors: vi/vim o vimtutor (Homework)
> Process Utilities (ps, kill, wait, sleep)
> Filters: cat, head, tail, sort, uniq
Как читать справочные страницы: man против info / apropos + man -k <ключевое слово>
+ Инструменты командной строки для общих задач SOC
Детальное знание tcpdump / Детальное знание grep / Обзор: o sed o awk o cut o screen o nohup