Lately, the information security space seems to be overwhelmed by an influx of new tools and advancements due to AI, especially ChatGPT, which is taking over all news headlines. The certification industry has transformed into a cash grab (except for a few good companies). The path to getting a good education is muddied, and it is hard to decipher what to focus on.
I decided to try and pick a few books, courses, labs, and certifications that might be worthwhile to pursue.
On top of the priority list is APIsec's new course on API Penetration Testing. I am halfway through the program and this is challenging and informative. The course is up-to-date and has good explanations for every video in the description area.
If you have watched any of John Hammond's videos on YouTube, you will feel the joy of pulling apart malware and trying to reverse-engineer it. I purchased this TCM course a while ago and I plan to go through the course to understand this topic at a deeper level.
This web application security course developed by the creators of BurpSuite has received overwhelmingly positive feedback. Many bug bounty hunters recommend this course as a starting point for newcomers, given that it is free of charge.
This site has launched recently but has gotten a lot of attention and I think the Azure (and generally the cloud) security testing knowledge is highly valuable in the upcoming years.
Hackthebox has been my long-time favorite and I've spent countless hours hitting my head against a wall trying to figure out why my exploits won't work. Jokes apart, I still think this is a fun way to learn new skills and Hackthebox has also upgraded and added a ton of new learning paths and its very own certification program. Although I personally wouldn't try for their certification, I'm interested in learning more about their Pro labs, like Dante and Rastalabs, in the coming months.
I would write a mid-year update post to check the progress and make changes to this list, if needed :)