Develop your Cyber Security skills and knowledge with these cool projects

Photo by Scott Graham on Unsplash

Pentesting

First things first: Cybersecurity is not just pentest. Most guides, courses, and labs will focus on the penetration side of things, it’s a sexy area, and everyone would like to be a hacker as shown in Hollywood movies but if it’s not for you don’t fill pressured to practice it, focus in what you like.

Application Security

To get started in app sec, you should first understand how web applications work and the common vulnerabilities that exist in them. A great way to learn about these things is by looking at OWASP Top 10. Once you have a good understanding of the risks involved in web application development, you can start playing with some tools and scenarios.

Photo by Oskar Yildiz on Unsplash

Cloud

Start deploying basic infrastructure on your chosen cloud. Cloud providers, for example, AWS, have several labs and lessons where you can practice as you go. Learn how to deploy components using the native solution, terraform, and API. Take a look at CIS and CSA standards for cloud security, learn how flaws and misconfigurations occur, and try to repair them (be careful about putting vulnerable stuff on the internet). Most clouds provide a free tier where you can use most services for free.

Blue Team

Is defending your main concern? If you want to build on a defensive foundation, you may replicate any of the above projects, but instead of going for exploitation, go for adding monitoring tools like IDS/IPS, endpoint protection, telemetry, and SRE tooling so that all alarms are sent to a SIEM/SOAR. Try setting up native security tooling and auto-remediation actions in cloud environments. It’s a bit of a risk but you might as well spin up a honeypot and study the attacks that come into it.

Malware/Forensics/Reversing

There are a plethora of crackme problems on the internet, so get all of the tools you’ll need and attempt to solve them once you’ve learned the basics. You may also attempt to breach old and simple software (IP protection laws might apply here; be cautious). Spin up a virtual machine and test an old malware when you’re ready.

Photo by Amélie Mourichon on Unsplash

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
David Luchi

David Luchi

Head of Information Security | AWS Community Builder | CISSP | I love all things nerdy, especially Star Wars and anything to do with security.