Foreword

A lot of people have a very clear misconception on what it takes to excel in off-sec, what off-sec is comprised off, and what to do to learn off-sec. I won’t read you a defenition, but know that if you find the idea of writing constantly and reading constantly boring this is the wrong proffession. A friend of mine who works as a red teamer summarizes this neatly, “Its half writing and half doing, but mostly writing.” This doesn’t even encompass how much reading/learning you’ll be undertaking on your own to finally get to that stage in your off-sec career. If your reading this post you’re at least somewhat interested into what this field has to offer, so here is a plan to go from 0 to hero off-sec style.

Absolute basics.

If you already work in the IT field or have these down (so you think right) you can skip this. Hacking systems requires complete knowledge on what comprises them to even get started exploiting. I like to refer to the five pillars when talking to people who are completely new. (https://dfirmadness.com/getting-into-infosec/the-five-pillars/). You also want to connect yourself into the community, trusted sec has a good list of resources for immersion purposes (https://www.trustedsec.com/blog/breaking-into-infosec-a-beginners-guide-part-1/). Discord is right now the most modern way to connect with like-minded indiviuals, you can go IRC if your’re feeling nostalgic, here is a good list of discord servers (https://medium.com/@KillSwitchX7/cyber-security-discord-servers-7d9c0b7cd7cb).

Off-Sec Basics

We’ll go over some practical stuff before we get into the learning:

1. Set up your dedicated machine for working. This should be virtualized using your chosen software (vmware, virtual box, or kvm if you have no clue what I’m talking about). You have your choice of linux flavors to use. I’d reccomend parrot OS, kali linux, or for you to setup your own based on debian. I have my personal work machine detalied on my git (https://github.com/LimeIncOfficial/Black-Box)
2. Set up your notes. Like I side before you’ll be writing a lot, so lets keep it organized and readable. I use Obsidian and Cherrytree since they’re stored on disk only and are relatively secure. You can also use trillium, notion,and zim. I also use graph.io for mind maps and libre office for anything more serious.
3. Secure/Harden your system. Based on your OS steps to do this vary, so search up guides based on your system and follow them. Practices you should follow are universal. Use a password manager (KeePass), Secure Email Client (ThunderBird), VPN, Good Browser (TOR and hardened LibreWolf), update constantly, and don’t do sketchy shit.
4. Set up your digital profile. Create a new email without any ties to yourself. Same thing with your discord, and any new online account you’ll be making in the future. OpSec and off-sec go hand in hand. Learn good habits now. Only thing that should be public are: your linkedIn. If you create content this varies. Also create a github and if your feeling brave create a blog (it can be hosted on github for ease of use).

Off-Sec Learning

Obviously you’ll be hitting the books for quite a bit. Shoot for the EJPT when starting out, you can do the free course work at INE. Once your done with that, get comfortable doing CTF(s). Here is a good list of sites (https://ctfsites.github.io). Make sure whenever your doing CTF(s) you are writing up the engagement. Here is an outline for obsidian (https://github.com/Twigonometry/OSCP-Notes-Template), A good doc creator (https://github.com/noraj/OSCP-Exam-Report-Template-Markdown), and a markdown template (https://github.com/d0n601/HTB_Writeup-Template/blob/master/HTB_Writeup-TEMPLATE-d0n601.md)

I cannot stress how important doing CTF(s) and writing them up is. Next shoot for some certs, here is a good article outling some (https://redteamer.tips/so-you-want-to-be-a-pentester-and-or-red-teamer/). The OSCP is a good one, but the popularity is diminishing so keep your eye on emerging industry certs. I’d still get it if you had the chance nonethless.

Start networking too. Make friends, form groups, compete in teams and learn how to work together on challenges and engagements outside of just yourself. People forget a lot of the times that its not always just you working on assignment.

Start creating stuff too. I know this vauge, but it has to be said. The more you produce, the more you have to show. Have some projects running in tandem with your learning or even better to supplement. For example, if you are learning malware analysis, try writing your own POC on a concept your diving into.

Create a home lab too. This can be done very easily and lets you accumulate experience that you can put on a resume, along with your writeups and certs I may add. You can do this via virtualization or just buy some rasberry pis and create a mini server to work with. If you have the money, invest in a server.

Closing

That should be enough to get the ball rolling. Hopefully. Keep at it, don’t give up and you’ll be in the ranks soon enough.