Leveling up your studies
Today, we are going to discuss notes regarding the most important lesson that I believe directly affects your early stages in learning offensive-based security. I want to emphasize that these topics are not exclusive to offensive security; they can be applied to any aspect of learning a new subject.
Growing pains:
Before we get into some advice, I’d like to briefly discuss my early study methodology—or the lack thereof.
During my early study of the eJPT, I would review some of the subjects, but my approach was essentially to take screenshots of materials, paste them onto a GitBook page, and move on. I didn’t add any annotations or context. I would just breeze through the material and move on to the next chapter. The notes I made on the boxes I had down were not much better—usually just a page of screenshots with a single sentence.
These notes were awful, and attempting to look back on them to see what I had done or what the topics were was ineffective. During my eJPT exam, I spent more time reviewing the course material than my own notes, which should have been a major red flag.
The storm of my slowly growing, incorrect methodology swiftly hit me when I attempted the PNPT exam. As mentioned in my review, this was the exam that forced me to change my approach for the better.
Corrective actions:
Okay, so we know where the bottom was, and you might be in the same place or a similar situation. My next piece of advice to correct this is simple: just start from scratch.
You might say, "Hey, I worked hard on these—why would I do that?" and I completely understand. However, a book that's a thousand pages long is only effective at telling a story if it's properly written. You can keep the old copy to reference, or you can do as I did and delete it altogether.
Time to learn:
Alright, now that we’re back at the beginning, let’s talk about how to properly create notes and study.
- Choose a solid note-taking platform.
Now, this can be whatever platform you prefer, as everyone has their own preferences, and I'm not here to tell you what to use. Test them all out and choose the platform you truly prefer, because changing after putting a few hundred hours into an index can be painful.
- Take detailed notes on the subject in a manner that allows you to both reference and understand them.
This will increase the time it takes to write your notes, but you’re ultimately helping your future self. A great way to write your notes is to ask yourself, "What items did I struggle with understanding, and how can I ensure I will remember them?"
- Write notes for the methodology, not just the course you are studying.
When making these notes and outlining methodologies, refrain from using basic comments and examples. Instead, structure your notes in a way that they can be applied to multiple situations, not just the examples within the coursework.
- Isolate subjects within your notes and methodologies.
This advice is fairly straight forward but having notes on recon and persistence in the same place will just confuse you in the end. Trust me I have been there. For example you can have multiple notes with different phases and focuses. Below is generic idea of how you can set your notes up:
- Attack methodology
- Recon
- Prep
- exploitation
- Attacker-side
- Client-side
- Privilege escalation
- Persistence
- Misc
- Development
- Python
- C
- Rust
- Box write ups
- Tryhackme
- Hackthebox
- Offsec
- Create backups!
You don't want to one day lose all your progress, so find a way to back it up and keep it offline!