Hi,
I am considering a midlife career change and would like to get into either pentesting or bug hunting. With little IT experience my intention is to work through compTIA A+ Linux+ Network+ and Security+ (I won’t sit the exams just learn the content) and then move onto the OSCP.
The question I have is is it worth me buying second hand networking equipment and old PCs to build a home network to help me learn or would I be better off using VirtualBox and spending the money on virtual lab memberships?
My goal is to skip the help desk phase if I can and self study while I continue my current job. Not because I am disregarding the experience I could gain, more I have a family with a newborn and mortgage to pay and my current job pays quite well.
1 Like
i loaded ubuntu on my pc, which is an older version , and i started with the websites tryhackme.com, overthewire.org and a lot of youtube videos. I think you dont need pay for any courses. You just need a lot of greedy of knowledge.
Hello,
If you have little IT experience to begin with, I would recommend going through the CompTIA A+ first. You don’t need to get the certification, the training material is good enough.
I would then recommend having a clear understanding of the path that you are interested in, if you are interested in Penetration Testing, I would recommend getting some introductory cybersecurity training, either in the form of CEH or Security+. Security+ being the ideal certification as it is recognized internationally.
As for Linux and networking, you do not need to get the Linux+ and Network+ certifications. For Linux, there are plenty of sites that you can get started with, my personal recommendation is linuxjourney.com. We also have a series on our channel that covers Linux essentials for hackers. If you want to start practicing and getting some real experience, i would recommend the OTW Bandit wargame.
As for networking, you need a solid understanding of the OSI model, TCP/IP, UDP, traffic analysis using tools like Wireshark and tcpdump and the ability to read and analyze packet headers. You also need experience with firewalls and intrusion detection systems. I would recommend learning and mastering the following tools:
- Nmap
- hping3
- Wireshark
- Netcat
You now need to get some practical experience, i would recommend getting started with CTFs and wargames from HTB, TryHackMe or VulnHub.
When you are ready for the OSCP, i would recommend doing the OSCP like boxes on VulnHub and HTB.
Hope this helps.