This week I have been slowly, but surely working through TryHackMe's SOC Level 1 and Junior Penetration Tester to prepare for CompTIA's CySA+ as well as Pentest+.
I know that learning about frameworks is extremely boring, it's a lot of reading, taking notes, and trying to keep so much information in your brain. But I appreciate how TryHackMe tries to break the monotony of reading by giving you sample logs and asking questions, as well as giving you access to virtual machines so you can snoop around until you find the answer and "catch the flag".
There are many blogs out there that do full writeups for each room, and give you the answers, but I suggest not looking at those unless you are stuck and have no idea what the questions are asking of you.
In the struggle of it all is how we learn and become better at our jobs.
After kind of jumping around a bit, I decided to focus on Metasploit. I've kind of read from people on the internet that CySA+ and Pentest+ do have a lot of overlap, especially when it comes to the tools used, and Metasploit is one of them.
I have Kali Linux running on WSL, as well as VirtualBox, and have been doing labs trying to learn the msfconsole, learning different modules such as exploiting a vulnerability, scanning a target etc.
I am using a book called 101 Labs: CompTIA PenTest+, which has a lab that will teach you how to use nmap with Metasploit. You can find an outline of the labs here! I bought the book off Amazon and I highly recommend it to anybody.
Since I am going to take my CySA+ pretty soon, I am also working through this book. It has around 1,000 practice questions, divided by domain, and I believe it has two complete practice exams. Since this book only contains practice questions, which include the answers and explanations, I am using CompTIA's official study book, as well as CompTIA CySA+ Study Guide, 3rd Edition.
Maybe unrelated, maybe not! But, I am also learning LDAP and Active Directory.
I am trying to get better at system management, and I'm currently studying how to link files and directories on Linux. Once I have a firm grasp on what I'm doing, I will do a write-up!
As always, I will report back once I have taken the exam and share how well I did using these resources to study!