Aller au contenu principal

Cheminement

Par où devrais-je commencer?

Feuille de route

Roadmap.sh propose une excellente infographie assez exhaustive qui vous permet de vous situer selon vos connaissances.

Roadmap.sh

Cyber Security Expert: Step by step guide to becoming a Cyber Security Expert in 2025

Apprendre en participant à des CTF

Les compétitions CTF sont une bonne façon de développer ses connaissances comme le souligne cette vidéo par LiveOverflow.

Details

The video discusses how to approach Capture The Flag (CTF) competitions for learning purposes. Here are the key points:

  1. Use CTFtime.org to find upcoming CTFs, focusing on online Jeopardy-style competitions[1].

  2. Look for CTFs with a weight score, as they are generally more established and have more participants[1].

  3. Set aside at least two hours to participate in a CTF[1].

  4. During the CTF:

    • Choose 1-2 interesting challenges
    • Research and attempt to solve them
    • Take extensive notes on your thought process and attempts[1]

  5. It's okay if you don't solve any challenges; the goal is to learn[1].

  6. After the CTF:

    • Wait a few days to a week
    • Look for write-ups on CTFtime, Google, GitHub, or Twitter
    • Study the write-ups and compare them to your notes[1]

  7. Focus on learning rather than scoring points or solving many challenges[1].

  8. Aim for challenges that are slightly beyond your current skill level to maximize learning[1].

  9. Don't be discouraged if you're playing alone; many people start this way before joining a team[1].

The video emphasizes that CTFs are an excellent way to learn hacking skills through practical experience and motivation from competition[1].

Citations: [1] https://www.youtube.com/watch?v=Lus7aNf2xDg

Details

This video, titled "CTFs are TERRIBLE", presents arguments against the effectiveness of Capture The Flag (CTF) competitions for learning hacking and IT security skills. Here are the main points:

  1. CTF challenges often involve unrealistic scenarios that don't reflect real-world security issues[1].

  2. Many challenges rely on guesswork and thinking like the challenge creator rather than developing practical skills[1].

  3. CTFs can teach a wrong mindset, as participants know there's always a solution, unlike real-world scenarios[1].

  4. The short timeframes of CTFs (usually a weekend) don't reflect the longer periods often needed for real security work[1].

  5. CTFs may cover limited topics, focusing on areas like web, crypto, and pwn, while neglecting common real-world issues like misconfigured Windows environments[1].

  6. Advanced CTF challenges, especially in binary exploitation, often involve highly specialized techniques that have little practical application[1].

  7. The competitive nature of CTFs can lead to unhealthy practices, such as working long hours without breaks[1].

  8. Many CTF challenges become repetitive for experienced players, reducing their educational value over time[1].

  9. The pressure to solve challenges quickly can lead to counterproductive behaviors, such as copying solutions without understanding them[1].

  10. Designing good CTF challenges is difficult, and many end up being either too frustrating or too easy to be truly educational[1].

The video argues that while CTFs might have some value for absolute beginners, they quickly lose their educational benefit and may even teach habits and skills that aren't applicable to real-world IT security work[1].

Citations: [1] https://www.youtube.com/watch?v=lxJpKUoX-6E

Les différents styles d'apprentissage

Apprentissage pratique (Learning by doing)

  • Plateformes de CTF
  • Labs pratiques (HackTheBox, TryHackMe)
  • Construction de son propre lab
  • Projets personnels
  • Reproduction des tutoriels

Apprentissage visuel

  • Tutoriels vidéo
  • Démonstrations techniques
  • Diagrammes et schémas
  • Conférences enregistrées
  • Live hacking

Apprentissage théorique

  • Documentation technique
  • Livres spécialisés
  • Articles de blog
  • Papers académiques
  • Cours en ligne

Ressources recommandées

Chaînes YouTube incontournables

  • John Hammond : Résolutions de CTF et tutorials
  • LiveOverflow : Analyses techniques approfondies
  • IppSec : Write-ups détaillés HackTheBox
  • David Bombal : Réseau et sécurité
  • NetworkChuck : Tutoriels accessibles
  • STÖK : Bug bounty et pentest
  • The Cyber Mentor : Formation complète

Éditeurs et livres de référence

No Starch Press

  • "The Linux Command Line"
  • "Practical Binary Analysis"
  • "Black Hat Python"
  • "Real World Bug Hunting"
  • "Serious Cryptography"

Autres éditeurs

  • O'Reilly pour les fondamentaux
  • Manning pour les sujets avancés
  • Packt pour les guides pratiques

Conseils pour optimiser son apprentissage

  1. Combinez les approches

    • Théorie pour comprendre
    • Vidéos pour visualiser
    • Pratique pour maîtriser

  2. Établissez un planning

    • Sessions régulières
    • Objectifs réalistes
    • Progression mesurable

  3. Rejoignez des communautés

    • Discord thématiques
    • Forums spécialisés
    • Meetups locaux

  4. Documentez votre progression

    • Blog personnel
    • Notes techniques
    • Portfolio de projets

La clé est de trouver l'équilibre qui vous correspond entre théorie et pratique, tout en maintenant une progression constante.

Trouver sa communauté

Faire partie d'une communauté, comme un club universitaire, aide à trouver des camarades avec qui apprendre et faire du progrès tout en s'amusant.