Created: 2022-06-30
Tags: #literature
Abstract:
In the field of information security,
There will never come a point where you don't need to look things up.
The thing is: no one knows everything.
Everyone (professional, experienced or totally new)
will encounter problems which they don't automatically know how to solve.
In the real world,
you can't ever expect to simply be handed the answers to your questions.
Start with a question;
get an initial understanding of the topic;
then look into more advanced aspects as needed.
The expectation will be, you start from nothing and as you slowly answer a broad question, you get to ask more specific questions and answer those, with the hope of building a complete picture of understanding.
https://nvd.nist.gov/vuln/search
CVEs take the form: CVE-YEAR-IDNUMBER
https://www.exploit-db.com
Contains exploits that can be downloaded and used straight out of the box.
It tends to be one of the first stops when you encounter software in a CTF or pentest.
CLI on Linux for exploit-db.com
Kali comes with "searchsploit"
which allows you to search ExploitDB from your own machine.
This is offline, and works using a downloaded version of the database.