Que tal aprender desenvolver suas habilidades em segurança da informação?
Nesse artigo eu dou dicas de como você pode montar seus laboratórios de segurança defensiva e segurança ofensiva. Vamos lá?
Segurança Defensiva
Vamos primeiro montar um laboratório de segurança defensiva, vale ressaltar que na parte de Defesa vai de Hardening a Implementação de dispositivos de segurança.
Máquinas Virtuais (Linux: https://ubuntu.com/download/server / https://servidordebian.org//pt/start / https://www.centos.org/download/ / Windows Server 2019 https://www.microsoft.com/pt-br/cloud-platform/windows-server / Windows Server 2016 https://www.microsoft.com/pt-br/evalcenter/evaluate-windows-server-2016)
Firewall (PfSense: https://www.pfsense.org/download/) – Documentação: https://docs.netgate.com/pfsense/en/latest/ / (IPFire: https://www.ipfire.org/download) – Documentação: https://wiki.ipfire.org/
VPN (OpenVPN: https://openvpn.net/) – Documentação: https://www.devmedia.com.br/montando-uma-vpn-com-o-openvpn/26670
Virtualização (ESXI/VMWARE: https://my.vmware.com/en/web/vmware/evalcenter?p=free-esxi6) – Documentação: https://docs.vmware.com/en/VMware-vSphere/index.html
SIEM (Qradar: https://www.ibm.com/support/pages/downloading-ibm-security-qradar-v732 / Splunk: https://www.splunk.com/en_us/download/splunk-enterprise.html / OSSIM: https://cybersecurity.att.com/products/ossim)
IDS/IPS (OSSEC: https://www.ossec.net/ / Snort: https://www.snort.org/ / Suricata: https://suricata-ids.org/ / Wazuh: https://wazuh.com/ / Zeek: https://www.zeek.org/)
Gestão de vulnerabilidade (Nexpose: https://www.rapid7.com/products/nexpose/ / Nessus: https://pt-br.tenable.com/products/nessus / Qualys: https://www.qualys.com/)
Cofre de senhas (https://www.keepersecurity.com/pt_BR/personal.html / https://senhasegura.com/ / https://www.lastpass.com/pt)
Monitoramento (Wireshark: https://www.wireshark.org/ / Zabbix: https://www.zabbix.com/ / PRTG: https://www.br.paessler.com/PRTG)
Segurança Ofensiva
Vamos montar um laboratório de segurança ofensiva para você fortalecer suas habilidades de exploração de vulnerabilidades
Máquinas virtuais necessárias (Kali Linux: https://www.kali.org/ / Parrot: https://parrotlinux.org/download.php)
Laboratórios básicos (Metasploitable: https://sourceforge.net/projects/metasploitable/ https://www.vulnhub.com/entry/basic-pentesting-1,216/ / https://www.vulnhub.com/entry/basic-pentesting-2,241/ / Windows 7: https://www.microsoft.com/pt-br/software-download/ / Windows 10: https://www.microsoft.com/pt-br/software-download/windows10 / Linux: https://ubuntu.com/download/server / https://servidordebian.org//pt/start / https://www.centos.org/download/ / Windows Server 2019 https://www.microsoft.com/pt-br/cloud-platform/windows-server / Windows Server 2016 https://www.microsoft.com/pt-br/evalcenter/evaluate-windows-server-2016)
Virtualizador (Vmware: https://www.vmware.com/br/download.html / Virtualbox: https://www.virtualbox.org/)
Laboratório Buffer Overflow: https://www.vulnhub.com/entry/stack-overflows-for-beginners-101,290/ – https://www.vulnhub.com/entry/smashthetux-101,138/ – https://www.vulnhub.com/entry/wintermute-1,239/ – https://www.vulnhub.com/entry/goldeneye-1,240/ – https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/ – https://medium.com/bugbountywriteup/chatterbox-hack-the-box-writeup-dacb2ee8593d
Laboratório Desenvolvimento de Exploit (Exploit writing): https://0xrick.github.io/hack-the-box/wall/ – https://medium.com/@klockw3rk/htb-lightweight-walkthrough-90ad8cbd034c – https://medium.com/bugbountywriteup/hackthebox-writeup-2978c1639fb4 – https://medium.com/@mrhenrike/vulnhub-symfonos-1-walkthrough-fdd94a1de4db – https://medium.com/@mrhenrike/vulnhub-zeus-1-walkthrough-7e2ad46c9ab9
Laboratório Exploração de vulnerabilidades Avançada: https://www.vulnhub.com/series/norzhctf,191/ – https://www.vulnhub.com/entry/kioptrix-level-1-1,22/ – https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ – https://www.vulnhub.com/entry/kioptrix-level-12-3,24/ – https://www.vulnhub.com/entry/kioptrix-2014-5,62/ – https://www.vulnhub.com/entry/mr-robot-1,151/ – https://www.vulnhub.com/entry/hacklab-vulnix,48/ – https://www.vulnhub.com/entry/vulnos-2,147/ – https://www.vulnhub.com/entry/sickos-12,144/
Laboratórios Gameficados: https://www.hackthebox.eu/ / https://pwn2win.party/ / https://shellterlabs.com/pt/ / https://pentesterlab.com/ / https://www.virtualhackinglabs.com/labs/penetration-testing-lab/
Aonde eu posso estudar?
http://udemy.com/
https://www.pentesteracademy.com/
http://esecurity.com.br
https://www.elearnsecurity.com/
https://www.offensive-security.com/
Canais no YouTube
https://www.youtube.com/user/cursosemvideo
https://www.youtube.com/user/daybsonbruno
https://www.youtube.com/channel/UC70YG2WHVxlOJRng4v-CIFQ
https://www.youtube.com/user/ricardolongatto
Roadsec: https://www.youtube.com/channel/UCxHzA-Z97sjfK3OISjkbMCQ
Papo binário
https://www.youtube.com/channel/UCuQ8zW9VmVyml7KytSqJDzg
https://www.youtube.com/user/Hak5Darren
https://www.youtube.com/user/BlackHatOfficialYT
https://www.youtube.com/user/DEFCONConference
Michael lá salvia
https://www.youtube.com/user/genxweb
https://www.youtube.com/user/cristivlad25
https://www.youtube.com/user/Computerphile
DC Cybersec
https://www.youtube.com/channel/UC3sccPO4v8YqCTn8sezZGTw
The Cyber Mentor
https://www.youtube.com/channel/UC0ArlFuFYMpEewyRBzdLHiw
Grant collins
https://www.youtube.com/channel/UCTLUi3oc1-a7dS-2-YgEKmA
https://www.youtube.com/user/TWiTSecurityNow
https://www.youtube.com/user/InfoSecInstitute
I.T Career Questions
https://www.youtube.com/user/PCSimplest
Prof. Joas Antonio
https://www.youtube.com/channel/UCFvueUEWRfQ9qT9UmHCw_og
Security Cast
https://www.youtube.com/user/securitycast
Autor
Views: 753
