When I began my journey into cybersecurity, I assumed my learning path would focus on technical exploits like brute-force attacks, Cross-Site Scripting, and bug bounties. These buzzwords dominate initial searches about cybersecurity. However, discovering the Search Skills Room on TryHackMe reshaped my perspective. I realized the critical importance of refining search skills to navigate the overwhelming sea of online information. For instance, a simple search for “cybersecurity” yields over 419,000,000 results! Filtering and identifying trustworthy sources quickly is a vital skill for cybersecurity professionals.
Here are some valuable techniques I learned from this room:
1. Evaluate information sources
When searching online, you’ll come across countless blogs, articles, and social media posts. Not everything you read can be trusted, so it’s important to evaluate the quality of the information. Here are some simple steps to help you:
- Who Wrote It? Check the author or organization publishing the information. Are they reputable and knowledgeable in cybersecurity?
- Is There Evidence? Look for claims supported by facts or reliable sources. Avoid relying on opinions or unverified information.
- Is It Balanced? Make sure the information is impartial and considers multiple perspectives. Watch out for content promoting a specific agenda.
- Can It Be Verified? Cross-check the facts with other reliable sources to ensure accuracy.
For example, I was given a challenge to find the term used to describe a cryptographic product that is considered fraudulent or fake. After some research, I learned the term is “Snake Oil.” The history of this term is fascinating.
According to thesslstore.com, the phrase comes from the “snake oil salesmen” of the past who sold fake medical cures. These salesmen promised that their products could cure all sorts of illnesses, but in reality, the remedies were just water mixed with pepper or other cheap ingredients. By the time people realized they’d been scammed, the salesmen had already moved on to the next town.
Today, the term “snake oil” is used in cybersecurity to describe software or tools that make big promises but fail to deliver. It’s a reminder to always evaluate products critically and avoid falling for exaggerated claims.
2. Advanced Search Techniques
One of the most eye-opening lessons was learning how to use search engines more effectively. I’d seen tips about advanced search methods before, but I hadn’t put them into practice. Now, I realize how useful these techniques can be:
File Type (filetype:): Find specific types of files, such as PDFs or PowerPoint presentations. For example, filetype:ppt cybersecurity will locate PowerPoint presentations about cybersecurity.
Exact Phrase (“exact phrase”): Use quotation marks to search for an exact phrase. For example, searching for “passive reconnaissance” will show results with that specific phrase.
Site Search (site:): Restrict results to a specific website. For example, site:tryhackme.com success stories will find success stories on TryHackMe.
Exclude Terms (-): Exclude results containing certain words. For example, pyramids -tourism will show results about pyramids but exclude tourism-related content.
3. Exploring Specialized Search Engines
Beyond Google, specialized search engines provide powerful tools tailored for cybersecurity needs:
Shodan: A search engine for internet-connected devices like servers, routers, webcams, and IoT devices. For instance, searching for apache 2.4.1 reveals servers running this version, sorted by country.
Censys: Focuses on internet-connected hosts, websites, and certificates. It’s ideal for enumerating domains, auditing open ports, and discovering rogue assets.
VirusTotal: Scans files or URLs using multiple antivirus engines. It’s invaluable for identifying malware and checking file hashes against existing results.
Have I Been Pwned: Alerts users if their email addresses appear in leaked data breaches, helping identify exposed private information and passwords.
4. Leveraging Vulnerabilities and Exploits Databases
Common Vulnerabilities and Exposures (CVE): Acts as a comprehensive dictionary for known vulnerabilities. Each vulnerability is assigned a unique ID, enabling consistent references.
Exploit Database: An excellent resource for finding exploits and understanding how vulnerabilities are weaponized.
GitHub: I’m exploring how GitHub repositories can assist with implementing and testing known vulnerabilities. It seems promising for hands-on practice and understanding.
5. Technical Documentation
Technical documentation is a goldmine for understanding complex tools and commands. For example:
- Documentation for tools like Nmap, Metasploit, and others can significantly improve practical skills.
- In Linux, the
mancommand displays manuals for various commands, offering invaluable insights.
Conclusion Completing the TryHackMe Search Skills Room taught me essential techniques to find, filter, and verify information efficiently. These skills are indispensable for any aspiring cybersecurity professional. Next, I’ll explore the Linux Fundamentals room, a topic I’m eager to revisit and deepen my knowledge of.
Stay tuned for more insights from my cybersecurity journey!