Que tal aprender desenvolver suas habilidades em segurança da informação?

Nesse artigo eu dou dicas de como você pode montar seus laboratórios de segurança defensiva e segurança ofensiva. Vamos lá?

Segurança Defensiva


Vamos primeiro montar um laboratório de segurança defensiva, vale ressaltar que na parte de Defesa vai de Hardening a Implementação de dispositivos de segurança.

Máquinas Virtuais (Linux: https://ubuntu.com/download/server / https://servidordebian.org//pt/start / https://www.centos.org/download/ / Windows Server 2019 https://www.microsoft.com/pt-br/cloud-platform/windows-server / Windows Server 2016 https://www.microsoft.com/pt-br/evalcenter/evaluate-windows-server-2016)

Firewall (PfSense: https://www.pfsense.org/download/) – Documentação: https://docs.netgate.com/pfsense/en/latest/ / (IPFire: https://www.ipfire.org/download) – Documentação: https://wiki.ipfire.org/

VPN (OpenVPN: https://openvpn.net/) – Documentação: https://www.devmedia.com.br/montando-uma-vpn-com-o-openvpn/26670

Virtualização (ESXI/VMWARE: https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6) – Documentação: https://docs.vmware.com/en/VMware-vSphere/index.html

SIEM (Qradar: https://www.ibm.com/support/pages/downloading-ibm-security-qradar-v732 / Splunk: https://www.splunk.com/en_us/download/splunk-enterprise.html / OSSIM: https://cybersecurity.att.com/products/ossim)


IDS/IPS (OSSEC: https://www.ossec.net/ / Snort: https://www.snort.org/ / Suricata: https://suricata-ids.org/ / Wazuh: https://wazuh.com/ / Zeek: https://www.zeek.org/)

Gestão de vulnerabilidade (Nexpose: https://www.rapid7.com/products/nexpose/ / Nessus: https://pt-br.tenable.com/products/nessus / Qualys: https://www.qualys.com/)

Cofre de senhas (https://www.keepersecurity.com/pt_BR/personal.html / https://senhasegura.com/ / https://www.lastpass.com/pt)

Monitoramento (Wireshark: https://www.wireshark.org/ / Zabbix: https://www.zabbix.com/ / PRTG: https://www.br.paessler.com/PRTG)

Segurança Ofensiva
Vamos montar um laboratório de segurança ofensiva para você fortalecer suas habilidades de exploração de vulnerabilidades

Máquinas virtuais necessárias (Kali Linux: https://www.kali.org/ / Parrot: https://parrotlinux.org/download.php)
Laboratórios básicos (Metasploitable: https://sourceforge.net/projects/metasploitable/ https://www.vulnhub.com/entry/basic-pentesting-1,216/ / https://www.vulnhub.com/entry/basic-pentesting-2,241/ / Windows 7: https://www.microsoft.com/pt-br/software-download/ / Windows 10: https://www.microsoft.com/pt-br/software-download/windows10 / Linux: https://ubuntu.com/download/server / https://servidordebian.org//pt/start / https://www.centos.org/download/ / Windows Server 2019 https://www.microsoft.com/pt-br/cloud-platform/windows-server / Windows Server 2016 https://www.microsoft.com/pt-br/evalcenter/evaluate-windows-server-2016)
Virtualizador (Vmware: https://www.vmware.com/br/download.html / Virtualbox: https://www.virtualbox.org/)
Laboratório Buffer Overflow: https://www.vulnhub.com/entry/stack-overflows-for-beginners-101,290/ – https://www.vulnhub.com/entry/smashthetux-101,138/ – https://www.vulnhub.com/entry/wintermute-1,239/ – https://www.vulnhub.com/entry/goldeneye-1,240/ – https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/ – https://medium.com/bugbountywriteup/chatterbox-hack-the-box-writeup-dacb2ee8593d
Laboratório Desenvolvimento de Exploit (Exploit writing): https://0xrick.github.io/hack-the-box/wall/ – https://medium.com/@klockw3rk/htb-lightweight-walkthrough-90ad8cbd034c – https://medium.com/bugbountywriteup/hackthebox-writeup-2978c1639fb4 – https://medium.com/@mrhenrike/vulnhub-symfonos-1-walkthrough-fdd94a1de4db – https://medium.com/@mrhenrike/vulnhub-zeus-1-walkthrough-7e2ad46c9ab9
Laboratório Exploração de vulnerabilidades Avançada: https://www.vulnhub.com/series/norzhctf,191/ – https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ – https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ – https://www.vulnhub.com/entry/kioptrix-level-12-3,24/ – https://www.vulnhub.com/entry/kioptrix-2014-5,62/ – https://www.vulnhub.com/entry/mr-robot-1,151/ – https://www.vulnhub.com/entry/hacklab-vulnix,48/ – https://www.vulnhub.com/entry/vulnos-2,147/ – https://www.vulnhub.com/entry/sickos-12,144/
Laboratórios Gameficados: https://www.hackthebox.eu/ / https://pwn2win.party/ / https://shellterlabs.com/pt/ / https://pentesterlab.com/ / https://www.virtualhackinglabs.com/labs/penetration-testing-lab/
Aonde eu posso estudar?

https://www.cybrary.it/

http://udemy.com/

https://www.packtpub.com/

https://www.eduonix.com/

https://www.pentesteracademy.com/

http://esecurity.com.br

https://www.elearnsecurity.com/

https://acaditi.com.br/

https://www.offensive-security.com/

https://www.hackerone.com/

Canais no YouTube

https://www.youtube.com/user/cursosemvideo

https://www.youtube.com/user/daybsonbruno

https://www.youtube.com/channel/UC70YG2WHVxlOJRng4v-CIFQ

https://www.youtube.com/user/ricardolongatto

Roadsec: https://www.youtube.com/channel/UCxHzA-Z97sjfK3OISjkbMCQ

Papo binário

https://www.youtube.com/channel/UCuQ8zW9VmVyml7KytSqJDzg

https://www.youtube.com/user/Hak5Darren

https://www.youtube.com/user/BlackHatOfficialYT

https://www.youtube.com/user/DEFCONConference

Michael lá salvia

https://www.youtube.com/user/genxweb

https://www.youtube.com/user/cristivlad25

https://www.youtube.com/user/Computerphile

DC Cybersec

https://www.youtube.com/channel/UC3sccPO4v8YqCTn8sezZGTw

The Cyber Mentor

https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw

Grant collins

https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA

https://www.youtube.com/user/TWiTSecurityNow

https://www.youtube.com/user/InfoSecInstitute

I.T Career Questions

https://www.youtube.com/user/PCSimplest

Prof. Joas Antonio

https://www.youtube.com/channel/UCFvueUEWRfQ9qT9UmHCw_og

Security Cast

https://www.youtube.com/user/securitycast

Autor

  • 8 years of academic and professional experience, Cyber Security Analyst, Cyber and Information Security Consultant, Information Security, Ethical Hacking and PenTester, OWASP Member and Researcher, Cybrary Teacher Assistant, Microsoft Instructor, Web Developer, Bug Hunter by HackerOne and OBB, Python Developer, has over +440 technology courses and +42 certifications, SANS Member, CIS Member and Research, Infosec Competence Leader in Security Awareness, Cyber Security Mentor, Writer Professional in Blog and Magazines, Exploit Developer, EC-COUNCIL Voluntary Blog Writer and IT Lover.

Hits: 634