Construa seu laboratório de Segurança da Informação e desenvolva suas habilidades

Que tal aprender desenvolver suas habilidades em segurança da informação?

Nesse artigo eu dou dicas de como você pode montar seus laboratórios de segurança defensiva e segurança ofensiva. Vamos lá?

Segurança Defensiva


Vamos primeiro montar um laboratório de segurança defensiva, vale ressaltar que na parte de Defesa vai de Hardening a Implementação de dispositivos de segurança.

Máquinas Virtuais (Linux: https://ubuntu.com/download/server / https://servidordebian.org//pt/start / https://www.centos.org/download/ / Windows Server 2019 https://www.microsoft.com/pt-br/cloud-platform/windows-server / Windows Server 2016 https://www.microsoft.com/pt-br/evalcenter/evaluate-windows-server-2016)

Firewall (PfSense: https://www.pfsense.org/download/) – Documentação: https://docs.netgate.com/pfsense/en/latest/ / (IPFire: https://www.ipfire.org/download) – Documentação: https://wiki.ipfire.org/

VPN (OpenVPN: https://openvpn.net/) – Documentação: https://www.devmedia.com.br/montando-uma-vpn-com-o-openvpn/26670

Virtualização (ESXI/VMWARE: https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6) – Documentação: https://docs.vmware.com/en/VMware-vSphere/index.html

SIEM (Qradar: https://www.ibm.com/support/pages/downloading-ibm-security-qradar-v732 / Splunk: https://www.splunk.com/en_us/download/splunk-enterprise.html / OSSIM: https://cybersecurity.att.com/products/ossim)


IDS/IPS (OSSEC: https://www.ossec.net/ / Snort: https://www.snort.org/ / Suricata: https://suricata-ids.org/ / Wazuh: https://wazuh.com/ / Zeek: https://www.zeek.org/)

Gestão de vulnerabilidade (Nexpose: https://www.rapid7.com/products/nexpose/ / Nessus: https://pt-br.tenable.com/products/nessus / Qualys: https://www.qualys.com/)

Cofre de senhas (https://www.keepersecurity.com/pt_BR/personal.html / https://senhasegura.com/ / https://www.lastpass.com/pt)

Monitoramento (Wireshark: https://www.wireshark.org/ / Zabbix: https://www.zabbix.com/ / PRTG: https://www.br.paessler.com/PRTG)

Segurança Ofensiva
Vamos montar um laboratório de segurança ofensiva para você fortalecer suas habilidades de exploração de vulnerabilidades

Máquinas virtuais necessárias (Kali Linux: https://www.kali.org/ / Parrot: https://parrotlinux.org/download.php)
Laboratórios básicos (Metasploitable: https://sourceforge.net/projects/metasploitable/ https://www.vulnhub.com/entry/basic-pentesting-1,216/ / https://www.vulnhub.com/entry/basic-pentesting-2,241/ / Windows 7: https://www.microsoft.com/pt-br/software-download/ / Windows 10: https://www.microsoft.com/pt-br/software-download/windows10 / Linux: https://ubuntu.com/download/server / https://servidordebian.org//pt/start / https://www.centos.org/download/ / Windows Server 2019 https://www.microsoft.com/pt-br/cloud-platform/windows-server / Windows Server 2016 https://www.microsoft.com/pt-br/evalcenter/evaluate-windows-server-2016)
Virtualizador (Vmware: https://www.vmware.com/br/download.html / Virtualbox: https://www.virtualbox.org/)
Laboratório Buffer Overflow: https://www.vulnhub.com/entry/stack-overflows-for-beginners-101,290/ – https://www.vulnhub.com/entry/smashthetux-101,138/ – https://www.vulnhub.com/entry/wintermute-1,239/ – https://www.vulnhub.com/entry/goldeneye-1,240/ – https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/ – https://medium.com/bugbountywriteup/chatterbox-hack-the-box-writeup-dacb2ee8593d
Laboratório Desenvolvimento de Exploit (Exploit writing): https://0xrick.github.io/hack-the-box/wall/ – https://medium.com/@klockw3rk/htb-lightweight-walkthrough-90ad8cbd034c – https://medium.com/bugbountywriteup/hackthebox-writeup-2978c1639fb4 – https://medium.com/@mrhenrike/vulnhub-symfonos-1-walkthrough-fdd94a1de4db – https://medium.com/@mrhenrike/vulnhub-zeus-1-walkthrough-7e2ad46c9ab9
Laboratório Exploração de vulnerabilidades Avançada: https://www.vulnhub.com/series/norzhctf,191/ – https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ – https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ – https://www.vulnhub.com/entry/kioptrix-level-12-3,24/ – https://www.vulnhub.com/entry/kioptrix-2014-5,62/ – https://www.vulnhub.com/entry/mr-robot-1,151/ – https://www.vulnhub.com/entry/hacklab-vulnix,48/ – https://www.vulnhub.com/entry/vulnos-2,147/ – https://www.vulnhub.com/entry/sickos-12,144/
Laboratórios Gameficados: https://www.hackthebox.eu/ / https://pwn2win.party/ / https://shellterlabs.com/pt/ / https://pentesterlab.com/ / https://www.virtualhackinglabs.com/labs/penetration-testing-lab/
Aonde eu posso estudar?

https://www.cybrary.it/

http://udemy.com/

https://www.packtpub.com/

https://www.eduonix.com/

https://www.pentesteracademy.com/

http://esecurity.com.br

https://www.elearnsecurity.com/

https://acaditi.com.br/

https://www.offensive-security.com/

https://www.hackerone.com/

Canais no YouTube

https://www.youtube.com/user/cursosemvideo

https://www.youtube.com/user/daybsonbruno

https://www.youtube.com/channel/UC70YG2WHVxlOJRng4v-CIFQ

https://www.youtube.com/user/ricardolongatto

Roadsec: https://www.youtube.com/channel/UCxHzA-Z97sjfK3OISjkbMCQ

Papo binário

https://www.youtube.com/channel/UCuQ8zW9VmVyml7KytSqJDzg

https://www.youtube.com/user/Hak5Darren

https://www.youtube.com/user/BlackHatOfficialYT

https://www.youtube.com/user/DEFCONConference

Michael lá salvia

https://www.youtube.com/user/genxweb

https://www.youtube.com/user/cristivlad25

https://www.youtube.com/user/Computerphile

DC Cybersec

https://www.youtube.com/channel/UC3sccPO4v8YqCTn8sezZGTw

The Cyber Mentor

https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw

Grant collins

https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA

https://www.youtube.com/user/TWiTSecurityNow

https://www.youtube.com/user/InfoSecInstitute

I.T Career Questions

https://www.youtube.com/user/PCSimplest

Prof. Joas Antonio

https://www.youtube.com/channel/UCFvueUEWRfQ9qT9UmHCw_og

Security Cast

https://www.youtube.com/user/securitycast

Hits: 73

Leave a Reply

Your email address will not be published. Required fields are marked *