carpi/Seguridad-Informatica
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

poco texto

Browse Source
This commit is contained in:
Lil_Carpi
2025-11-28 15:55:46 +01:00
commit d717c49f58
220 changed files with 3599 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
EXPERIENCIA/Certificados/CAPE/desktop.ini Executable file
View File

Binary file not shown.

43
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Atencion.md Executable file
View File

@@ -0,0 +1,43 @@
# [[Preparación para la CPTS|CPTS]]
# Attention
It can be said that attention is the perception of a specific topic with a higher level of interest in order to gather specific data an information from it.
Our attention chamges with our experience and the information we gain from the contest and its clarity.
==Attention is influenced by your interests, needs, personal attitudes, beliefs, orientations, goals, and experiences.==
We have already approached this module with a confident attitude, expectation, orientation and goal. Attention is an independent ==mental process== that takes place subconsciously.
So when we talk about concentration, we mean the maintenance of our attention on a specific topic. This means that as long as we are interested in a given topic, we keep working until we have achieved the desired result for our well-being. Again, attention goes hand in hand with concentration and focus.
We will already know that our attention will began to decrease at some point, and we will no longer be able to absorb information effectively. We are getting stuck at this point, forcing ourselves to keep trying, and learning ends up with ==problems== of understanding, and therefore, with higher ==frustration==.
Information security is a vast subject, as we have already discussed. We will not be able to absorb all the information at once. We will often come back to topics an repeat what we are missing. This is a normal process. We must understand how to divide our attention.
There is no general formula that we can use to learn how to divide our attention correctly. This is an individual process that cannot be categorized yet without diving too deep into psychology studies. There are far too many personal characteristics and experiences of each individual to be taken into account.
We know that attention takes place and the moment an therefore has a limited duration to maintain it. It will be a great advantage to find out how long our emotional state and our attention span last the longest.
We can document it, and after one week, we will be able to see an interesting pattern. if we want to approach this on a more scientific level, we can add the following points to our documentation to get a better insight into it:
- Current emotional state
- The previous flow of the day so far
- Place of work
- Working hours
- Duration
- Sleep
- Inserted breaks
- Duration of the breaks
- and anything else we can think of.
These are phases for which we must invest at least one hour of our attention. Make it fun, and we will be surprised ourselves with the discoveries that we make. We can create a simple list or even a table for us to document this quickly and easily. We do not have to document it every time we start something, but we could relate it to the current module/course/path.
Once we know how our attention span is behaving, we will also get an idea of how we can split it up. However, this does not mean that if we have an attention span of 60 minutes, we can divide it between 3 other topics for 20 minutes each. Remember that the amount of attention we can devote to a particular topic depends on too many factors.
Experiment with this, Change our place of work, working hours, duration of work if possible. Listen to a different music and try out different things that might help us.
It would be besti if we did not force ourselves to focus on a specific topic because it will have a negative effect and, as mentioned before, can end up in frustration, which we will discuss in another section.
Make sure that you feel confortable and ready to learn new things.

39
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Confort.md Executable file
View File

@@ -0,0 +1,39 @@
# Comfort
[[Preparación para la CPTS|CPTS]]
==Confort== is an ==emotional state== of a person's mind, which, among other aspects, has a strong influence on behaviour, thinking, focus, attention, and the ability to concentrate. This is the feeling of well-being in the form of comfort and the attitude of risk-free behaviour. This is also ofthen referred to as the so-called ==comfort zone== in which the person ==thinks== he/she is located.
There is a so-called ==Yerkes-Dodson== law, which describes the cognitive performance as a function of the level of stress/nervousness. The performance curve for this is also very individual, as it depends strongly on emotional and motivational factors and is divided into four sections.
The most used presentation of this law and the performance process is the Hebbian version.
![[NEW_yerkes-dodson-law.png]]
When it comes to comfort, it depends heavily on whether we have a healthy level of stress or have already crossed the threshold, leading to a reduction in our performance. It is very individual here where our center is. We are in an area that we are used to and that we consider comfortable. Mostly these are situations and fields in which we have already gained a certain amount of experience and know-how to find our way there.
When we leave the so-called ==comfort zone==, we enter a situation or field where we have litle or no experience. This kind of uncertainly lowers our ability to think and has a powerful impact on our thought process, which, in turn, slows us down.
The fact that small children do not exhibit such uncertainly is interesting.
==They love to try out something new all the time and are not afraid or uncertain of making mistakes.==
After all, ==mistakes are an essential part of the learning process==, and we should always keep it in mind.
An interesting question is that arises here is: "Why small children, unlike adults, do not feel such uncertainty?"
Let us firs look at the following diagram:
![[NEW_The-Comfort-Zone-diagram.png]]
Now imagine that you are standing at the entrance in front of a massive dark fores in the middle of the night. this forest is so dense that no daylight can get through the treetops. To the left and right of this forest, some cliffs are much too steep to climb down, and we know that somewhere in this forest, is the one thing we want to have.
Will you go inside an look for it?
Common sense would do anything not to.
But what if the thing you want is a hundred meters further into the forest, and is brightly lit?
That is the thing that will fulfill you the way we have always wanted it to.
Would you risk it now?
Those who chose to leave the comfort zone would reach their destination faster than they thought they would. They would never have sprinted at such speed before in their lives.
Now we should understand the progression between decisions to step out of our comfort zone or stay in it. However, we will always learn something new, and it will become more comfortable each time.

36
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Enfocate.md Executable file
View File

@@ -0,0 +1,36 @@
# [[Preparación para la CPTS|CPTS]]
# Focus
Let us dive a little deeper. This time we will talk about ==focus==, which is a vital skill that we need. However, like many other abilities, it is a double-edged sword. When we talk about focus, we are talking about focusing on a subject for a specific time. When we focus on a subject, we concentrate the most of our thinking and attention on the chosen topic. In doing so, all other thoughts concerning other topics will be completely faded out.
Have we ever wondered why most frustrated people go to the gym after a stressful day instead of just lying down and doing nothing? Why do they feel better afterward? Often we hear from them that they absolutely need it to calm down again. If you think about it a bit, it seems illogical at first because these people need additional physical energy in an exhausted state.
This raises again the question: "==Why further physical effort helps them to calm down?=="
On the one hand, so-called endorphins (happiness hormones) are produced by the body when doing workouts. These have different effects on the body, and one of them is the reduction of pain. Also, the chemical transmitters have a calming effect and ensure a restful sleep. Another function is the formation and regulation of hunger. We probably know the latter from sports. As soon as we have exhausted ourselves, the feeling of hunger comes. Another beneficial effect of endorphins is the strengthening of the immune system, not only the physical but also on the psychological level.
This may explain why we start to feel better afterward, but after all, the most significant stress is not in the body but in the mind. We know that after sports, the body is exhausted, but why does our mind start to relax? We are entirely focused on the physical exercises during the workout since these usually require a large amount of energy that also requires our entire focus. As the focus turns away from the actual stress, we let go of the situations that have stressed us so much, and these are ==subconsciously== processed and, for the most part, solved. here is an excellent example of such a situation that you have probably experienced by yourself:
You probably forgotten where you put something, or you can't think of a specific term that is so obvious to you. Have you ever asked yourself why you can suddenly remember it after a short time?
We distracted ourselves and focused on a different topic. With that, we gave our subconscious the possibility to solve the problem by itself.
It is essential to differentiate between ==focus== and ==attention== because they are not the same. ==Attention== refers at the **momentum**, as it is happening right now, and you are reading this text. However, the ==focus== is on the topic you are dealing with at the momentum. When we return to the example of the misplaced keys, try to remember what was going on through your mind. Most likely, it was something like:
"Where did I put the keys" or "Where did I last see them?"
If these were the questions we were asking ourselves, we could see from the questions alone it is the subject of the keys, and therefore our ==focus was on finding== the keys.
If you have been in this situation where you said to yourself at the same time:
"Ok, the keys are not here..."
Then we had our complete ==attention on searching== for the keys. However, what if we are in a hurry?
Then we look at our watch every 5 seconds, and our thoughts are already on where we expected to be soon. We will hardly be able to ==concentrate== on the search for the keys because your focus is on "**being late**" and not on "==finding your keys==". It should have become clearer that ==focus== and ==attention== is not the same and that attention is influenced by focus.
The focus is based on our will and what we want to achieve. It can be a ==conscious decision== and a ==subconscious decision== guided by external influences.
> ==Focusing is the purposeful and deliberate alignment to a specific goal==.

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Manejar la frustración.md Executable file
View File

@@ -0,0 +1 @@
# [[Preparación para la CPTS|CPTS]]

96
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Obstaculos.md Executable file
View File

@@ -0,0 +1,96 @@
## [[Preparación para la CPTS|CPTS]]
Besides all effective qualities we have come to know so far, many obstacles slow us down or even completely prevent us from reaching our goals, solving specific tasks, or acquiring and mastering skills. These are all factors that prevent us form leaving our comfort zone and daring to try something new.
---
# Fear
People are often afraid of something new, or something they don't know, and cannot evaluate if could harm them somehow.
There are many different types of fear. For us, however, only two are relevant for the time being. First, we need to distinguish between fear and dangeorus situations and interpreted fear for the learning process. Fear in dangeorus situations is necessary, and serves to protect one's own live or those loved ones. However,, interpreted fear belongs to an imaginary state of fear. This means that we can feel fear without us being in a life-threatening situation, which the human body can even signal as pain because the fear is an emotional feeling (and therefore, subconsious) that, in extreme cases, can even lead to malfunction of the heart muscle (Broken Heart Syndrome).
An excellent example of such a fear behaviour in human nature, wich everyone knows, is the alien moviues which humanity fights against aliens. In most movies, aliens land on earth, and the "relationship problems" start. A more common example is when suddenly someone unknown bangs our front door, At this moment we are surprised and get scared. After all, we do not know if it is a criminal or someone who needs help.
Imaginary fear is directed at events we imaginate with consequences that we calculate. However, there is one crutial aspect that we cannot leave out:
- People fear what might happen in the future while not considering the present.
Fear in non-live-threatening situations lies in the thoughts of the 'imaginary' future. In a future that we imagine and imagine ourselves. The more detailed we imagine it, the greater the fear becomes. Will Smith has also reported his experience with the confrontation with his fear.
![[Will_smith_skydiving_and_fear.mp4]]
Imaginary fear is an emotional state that keeps us from having the best experiences and prevent us from moving foward on the desired path. Even if we want to be excellent petetration testers, most begginers are afraid to put their maximum energy into it because of the imaginary fear of failure. This is due to many other factors that we will go into shortly.
However, if we find ourselves feeling such fear, then we should answer the following question in as much detail as possible:
- "Wich of the mentioned reasons are actually real right now?"
Another factor that reinforces this imaginary fear and makes us think we will fail is our previous failures. One thing we should remember in advance, weite it down wnd hang it on the wall where we can always see it:
- ==The difference between a winner and a loser is that the winner has lost more often than the loser.==
Failure is essential to learning and unavoidable. No one has ever acquired a skill without making a single mistake. Is quite the opposite. Our failures are crucial in our learning curve, because they give us momentum to climb higher. In doing so, we reach a point where we have been before but already know what to expect at the higher level.This makes it easier for us to master this uphill climb because we have already slipped once at this point and know that we have to take a different path to get higher.
Many people give up here. We can think of it as just sitting there, hoping we will get higher without moving. Even if a rope is handed to us from above, which we can use to pass the spot, it will not do any good if we don't move.
---
# Mindset
It is in these situations that our excuses come up, like:
- I cannot do this
- This is not for me
- I do not understand this
- etc.
This comes from our mindset and how we thing about situations and certain things. The mindset consist of thought process we unconsciously acquire to avoid difficult situations or efforts. Such thought process are also formed during our upbringing. For example, a child constantly criticized for their success and failures will find it challenging to dare and try something new. However, the lack of criticism makes the child overconfident, which can lead to misjudgment of their abilities.
A mindset can also be described as a set of different (not only culturally conditioned) beliefs. An example is a belief that eye contact is a sign of interest and openness everywhere. However, in Japan, this is considered an invasion of privacy and is considered rude.
It is advisable to be aware of such thought process. Once we understand our own way of thinking, we have more information to work with and thus known better what we can or would like to change. For example, when we can catch ourselves thinking thoughts like "I cannot," we can easily change them from bad feelings to good feelings.
The only thing we have to do is to add the word "yet."
- I cannot do this "yet."
- This is not for me "yet."
- I do not understand this "yet."
- etc.
This has the effect of stimulating our beliefs and thus the mindset to pass the obstacle.
All obstacles and feelings that prevent us from doing so are temporary. These feelings pass, but the goal remains.
Another factor often perceived as an obstacle is comparing skill, talent, and passion. However, we have already learned what constitutes talent.
- Talent is a strongly developed skill with high efficiency.
- skill is the ability to manage or solve something well.
- Passion is an emotional commitment to a particular area.
If we take a closer look at these definitions, we will see that they are interrelated and mutually supportive and not, as many believe, holding them back. We all have different talents, thought patterns that make some tasks easier to understand and other a little more complicated, skills we learn, and the passion and dedication to achieve the desired goal. All of this depends on the goal we want to achieve. Not the components that help us achieve it.
---
# Pressure
Pressure can also be described as mental stress, the totality of all detectable external and internal influences. Psychological pressures affect based on a situation. They make demands on their resources. The term "pressure," the term "stress" describes the non-specific reaction of the organism to any form of pressure. The occurrence of stress requires a sensory perception of the stress-triggering stimulus and nervous transmission of such a stimulus to a stimulus-processing region of the body. Accompanying symptoms on the biochemical level are usually the release of stress hormones, such as catecholamines, glucocorticoids, and other secretions.
A distinction is made between internal and external influences. The internal influences include the beliefs of our mindsets but also out attitudes. Such and attitude or character trait is always a two-sided sword that brings advantages and disadvantages. One of such traits can be perfectionism, for example, which awakens in us the desire to do everything flawlessly, perfectly, and above all, quickly.
Is this challenging to dampen such character traits because they occur unconsciously and are reflected in the form of emotions. For example, if we feel uncomfortable and overwhelmed by a task, we unconsciously think we are not top to the task. Often we also ask ourselves:
- "Why should we continue with it at all?"
Since our subconscious governs it, it is necessary to put our brain into a different "mode", forcing our brain to function differently. A specific category of activity that forces our brain to behave differently is called creativity.
One such creative activity is making music or drawing. The reason is that we force the brain to invent something new. At the same time, we cannot focus on the mindset while developing something new as this requires completely different thought processes than dealing with a task.
If we find ourselves in a situation where we do not know what to do, we can pursue some activity requiring to us to do something new. It does not matter what we do, but rather that it requires our creativity.
External influences are what other think and say about us. It can also be that strict deadlines are set for us that we must adhere to. However, it can also be that someone tries to influence us negatively. Many people do this to push their own ego, which has little to do with us and our abilities. Such people often claim to be better at something than we are. However, if we think back to our examples of the mindset we discussed earlier, we can also attach the word "yet" to these sentences and see how quickly we will overtake them.
Knowing that we only feel verbally attacked by people we attribute a high value in essential. For example, there is a big difference between a stranger on the street calling us an "idiot" and one of our loved ones. So if we think highly of the person or their abilities, we will value their statements highly and often even place them above our own opinions. Otherwise, we care little about what that persons says.
We can eliminate external influences more easily than many might think. All we need is our clearly defined goal. If we have such a goal that we follow passionately, hardly anyone will talk us out of it. It is even less likely if we know that we can achieve this goal.
We should remember the following:
- Only the person who has taken the exact same journey as you can evaluate you and your decitions. Everything else is only assumptions.

23
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Organizacion.md Executable file
View File

@@ -0,0 +1,23 @@
# Organization
[[Preparación para la CPTS|CPTS]]
We already seen the overview mentioned several times. To understand how important the term is, imagine the following situation:
You are standing on a big mountain, and at the bottom of the mountain, there is a vast fores. On the horizon, we see another mountain we want to reach. The difficulty here is that we will not see this mountain as soon as we go down into the forest. The only way to reach out the mountain is to orient ourselves using the lakes, rivers, and fields between these two mountains
This means that we should take the necessary tools with us, and all the interim orientation points to avoid getting lost. Because as soon as we get lost, we cannot move through the forest, hoping to reach our goal somehow, or we will have to go back to the first mountain to reorient ourselves.
We can see how the terms depend on each odther and how important it is to have a map to orient ourselves. By completing the previous exercises, we have already made the first drawings on our map. These will help us to understand where are and where we want tp go. Being organized is significant in penetration testing because the entire report writing process has to be structured.
It may take us a single day to take over several systems. So we don't want to keep looking for sources or information we need over and over again. Organization is the bes described in the following example:
An **Inexperienced** woodcutter takes 30 minutes to sharpen his axe and 3 hours to cut down the treee.
An **Experienced** one will sharpen the axe for 3 hours and cut down the tree within 30 minutes.
These are many different management techniques and methods that we can use. Thiese include:
- Scrum
- Agile
- ToDo-List
- Bullet Journal and more.

264
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje--Preguntar.md Executable file
View File

@@ -0,0 +1,264 @@
# [[Preparación para la CPTS |CPTS]]
# Questioning
Learning how to ask the right questions is ant art and a critical skill. It does not matter what situation we are in or whether we are discussing technical or non-technical topics. However, many people do not know the difference between wrong and right questions. Most do not even know what a question is. At the moment, we define questions and see their purpose as gathering information and facts from which we can draw conclusions and make assumptions that will guide our decisions and thus our future course of action. However, this opinion will soon change. Apart from that, questions often serve for orientation. By this, we mean that we can get an overview based on the questions we ask, which helps us to find more information about the topic we are concerned with. Questions represent the view of the situation before we take the step and move in our way.
Metaphorically speaking we use them to see where we want to be or can take our next step.
Especially in our field of cyber security and above all, in penetration testing, we should keep the following in mind:
**The most important and most difficult thing in any situation is not the search for the right answer but the search for the right question.**
A good example is that if an answer to task is already known, the task is no longer necessarily difficult to solve. Many people believe that searching for an answer is one of the most difficult activities that accompany them throughout their lives. However, finding the answer becomes the opposite when the question is asked correctly. It is much more challenging to ask the right questions when we do not understand the concepts or do not have any knowledge of a particular area in the first place. We have all been in a situation where we suddenly did not know what to do and could not even understand what to start with to figure out the situation.
At this point, we should choose 3 to 5 such situations from our lives and write it down one question for each of them. These can be any situation. We can take difficult and obscure situations and then write down a question for them. Throughout this section, we will learn a model that will help us see the difference between the quality of the questions we were asking and the questions we needed to ask. In doing so, we will also quickly become aware of the model's effectiveness and how much it would have helped us at the time. This is the best way to judge the effectiveness based on our personal life experiences. Therefore, we should not skip this step and write down 3 to 5 situations from our lives now.
---
## Question States
First of all, we need to solve a certain myth about questions before we continue at this point. We need to be clear about the following:
- There are no "good" or "bad" questions. End of story.
Let us examine the following question and clear up this myth once and for all:
- `What are "good" questions?`
Let us assume that the answer is `X`, `Y`, and `Z`. Is this question "good" or "bad"?
It does not matter and is irrelevant. "Good" or "bad" is a state we attribute to the question. What influence does this condition have on the answer? - None. The answer remains `X`, `Y`, and `Z`.
If we do something that does not affect the result, it does not matter and is therefore completely irrelevant. This is the same as asking ourselves:
- "What happens if I jump into the water?"
To this question, we then add the following factors:
- "The water is cold/hot/dark/transparent."
How does the water's condition affect the result when we jump into the water? - It does not. Apart from all the other consequences, we get wet either way. The interesting thing is that with the condition, we have even come closer to the actual situation. Because we used it to describe the state of the water, this is much closer connected than the state of the question. How would we influence the result if we set the state of the question and say that it is a "good" question? - We would not.
People use the states "good" and "bad" to describe the profit or loss they expect from the question. If people get an answer that benefits them, they classify the question as a "good" one. However, what if the question leads to a loss or, let us even say, does not help the person? Is the question bad? - Actually, not.
The state we give to the questions does not affect the answers. The state attributed to the question belongs to the answer or the result. The answer can be to some extent "good" or "bad," but not necessarily, depending on our goal and whether we are getting closer to it. If we come closer to the answer/result, moving away from the less ideal goal is good.
We can assign two states to a question; thus, we would describe it as a `rough question` or a `precise question`.
- A `rough question` would be, for example, "How can I hack X?"
- A `precise question` would be: "How can I use the server's SMB service to identify its existing user accounts?"
As we can see from these two examples, this state of precision can greatly affect the result and the answer. Nevertheless, a precise question is still not good. Because `good` or `bad` are irrelevant states, we now know that they do not influence the result or the answer.
---
## Questions in General
We use questions in everyday life more often than we realize at first glance. On average, we ask between 3-5 questions per minute. Of course, this depends on the situation. We can experiment and set a timer for 1 minute and observe our thoughts during this period. Every time we notice that we ask ourselves something or something is unclear to us, we make a mark on a piece of paper until the timer runs out. To do this experiment, we need to take a pen and a piece of paper and set the timer. From now on, the timer should run.
Questions can be asked in many different ways. Because all questions are adapted to the circumstances, situations, and the desired goal. Questions are an essential part of the thinking process in which links are created between information nodes in our brain. Thus, it is also a fixed and unavoidable part of the learning process. Removing questions, therefore, also reduces the learning process enormously. If we do not question anything when we read content, it is like a cooking recipe without any information about how to prepare it. Because a recipe contains a big question from the ground up:
- `How do I cook the dish?`
Two main points are worked through for each recipe:
1. ingredients
2. method of preparation
Learning material content can be equated with the ingredients. The preparation method can therefore be correlated with our questions because the questions determine which step we will take next and define our approach. Finally, how the cook describes the preparation method describes when, how, and what needs to be added and processed to get closer to the finished dish. The cook or author's approach may have worked 100%, but anyone who has ever cooked from a recipe knows that a written down recipe alone will not make the dish tasty.
- We must prepare and practice it, using the means at our disposal.
A professional cook typically has considerable experience and often uses special ingredients that can be very expensive, and we do not know any other use for them. Therefore, this is an essential example that copying and imitating what has been shown and explained will not always produce the desired result.
By now, the timer should have run out, and now we should add up the number of questions that came to mind while reading during this period. For comparison, at least ten questions could have been asked. If more than ten questions came up for us, all the better. The more questions we ask, the better understanding we develop of the whole picture.
To do this, let us briefly imagine the situation where we need to open a lock and follow a methodology that most people use today. The question that can be concluded from this situation is:
- How do we open the lock?
The question is unnecessary if it is a standard door lock because we have enough experience and knowledge to open the door with the appropriate key. In this case, the key is the known tool that we use to unlock or lock the door. The situation is different if we have a vault in front of us that requires a combination of numbers. What questions do we need to ask to get the answers that will allow us to find the right tools or methods and use them accordingly?
Once we know the goal (`The Goal`) to which we are attracted (`Willingness`), we can use various principles, such as the Pareto Principle or Occam's Razor, to develop our talents (`Talent`) and skills and make our decisions (`Decision Making`) to pass the obstacles that fall across our path by asking the right questions (`Questioning`).
We can all ask questions. However, not many know how to ask the right questions. Because some significant differences and influences can greatly affect the answers we want to receive. The goal of the question is one of the most important aspects that determine our approach and the question we ask. Let us look at a few things that we currently use in our everyday lives. Such goals that we have just talked about can be, for example:
- To understand the reason for an event (`past`)
- To experience something completely new and to understand the way something works (`present`)
- to predict the effect of an event (`future`)
Every question is based on three aspects with which we build our questions every day:
1. origin
2. process
3. result/goal
These questions can be of any kind and can relate to duration, reason, action/reaction, location, specification, and many others. They can be as varied as our imagination. Almost every question is based on our needs, time, type, and place.
So far, everything seems to be accurate and logical. However, it is not. At this point, a few questions arise that we need to clarify.
1. What is a question?
2. Regardless of the form, what purpose does a question serve?
The official definition of a question is as follows:
- `A question is a sentence worded or expressed to elicit information.`
This definition has two core elements: `sentence` and `information`. So what is a `sentence`?
The definition of `sentence` is as follows:
- `A sentence is a set of words that is complete in itself, typically containing a subject and predicate, conveying a statement, question, exclamation, or command, and consisting of a main clause and sometimes one or more subordinate clauses.`
Moreover, here comes the exciting part; a collision that will change many things for us.
How many words must be used to ask the shortest question?
The answer to that is `a single word`. Here are a few examples:
- "Why?"
- "How?"
- "Where?"
Is it an actual question? - Yes. Is it the shortest question or one of the most straightforward questions? - Yes.
Of course, these questions need context, like any other question, but this does not exclude the fact that these questions in this form with a single word represent a real question. Thus, the official definition of a question does not fit anymore.
Next, the definition of a question explains its purpose. Therefore, according to the definition, the purpose is to obtain or acquire `information`.
Let us, therefore, create a situation with a question to test this statement. Let us assume we see `host A` and `host B`. To do this, we can ask the following question, which we will also ask during our penetration tests:
- `How is Host A connected to Host B?`
Our goal was to obtain or acquire information with the help of the question posed. Did we obtain or acquire any information from this question? - No. Regardless of the form of the questions asked, strictly speaking, the official definition of the question also missed the point. This is an example of how we can question certain things. As we see, the effect and the surprise can make one wonder. After all, we have just discovered that the official definition does not apply to a question.
Of course, a deep discussion can be started about the question's meaning, purpose, and how it should be asked. But furthermore, here is where the question arises:
- `How should we then define a question if the official definition does not apply?`
Here we see the global scale when the goal has been set incorrectly.
What goal could we set for ourselves if the previous goal "to obtain information" can be constantly missed?
---
## Relationship-Oriented-Questioning Model
To do this, we must consider what our questions have in common. All our questions have a commonality: the `relationship` between the individual components. So let us take a quick look at a model we have developed, which we call the `Relationship-Oriented-Questioning Model` (`ROQ`), and see how it looks and works.
![[Questioning1.webp]]
This model represents five components:
| **Component** | **Description** |
| ------------------- | ------------------------------------------------------------------------------------------------------------------------- |
| `Your Position` | This describes the position we are in and our view. |
| `The Object` | The object is the core element of the question. The main component of our sentence takes the meaning out of the question. |
| `Known` | This information is known to us. |
| `Unknown` | This information is not known to us. |
| `Other Position(s)` | This component describes the position of other persons. |
We need these components to be able to ask any question correctly. To do this, we ask any question we are interested in and break it down using the `ROQ` model. Certain aspects must be considered with this model, as with all others.
1. We need to find out the core element of the question and insert it as the object.
2. We must have at least two components defined in the model. More than two components are optional.
The good thing is that we always already have one component:
- Our position in the question.
So even for questions that do not directly concern us or about situations we are not involved in, we still have a position and view on the object. So let us look at an example using the following question:
- `What are all the methods available to remotely access Windows operating systems?`
Once we have asked our question, we can break it down into its constituent parts in the `ROQ` model:
![[Questioning2.webp]]
| **Component** | **Question Part** | **Description** |
| ------------------- | ----------------- | ------------------------------------------------------------------------------------------------------------------------- |
| `Your Position` | | Our position where we are situated. |
| `The Object` | Windows | The Object is the core element of the question. The main component of our sentence takes the meaning out of the question. |
| `Known` | Methods | This information is known to us. |
| `Unknown` | Methods | This information is not known to us. |
| `Other Position(s)` | | This component describes the position of other persons. |
Based on the parts assigned to the components, we now have to define in which relationship they act among each other. In the graphic, we see solid and dashed lines.
- `Solid line`: Connection - How is X connected to Y?
- `Dashed line`: Affection - How does Y influence the state of component X?
#### Connecting the Components
With this, we can go through the individual relationships and establish them between the individual components. It is recommended to always start with the object, which in this case is the Windows operating system. First, we need to establish and understand our position on the object.
- What is the purpose for us to use Windows?
Mainly we use the operating system to use its functions to solve our tasks. We describe this as `Operating on`.
- How does Windows influence our state in our position?
Windows is the most used operating system in the world and has the most compatibility and many user-friendly functions. Therefore, we can also summarize this and call it `Provides functionality`.
![[Questioning3.webp]]
Now we can connect the relations between Windows and the methods we know.
- What must Windows do or offer to be managed by remote access methods?
A service must allow remote access over the Internet or network. We know for sure `WinRM`, `Remote Desktop`, and a few more. (If not, it does not matter. We will learn about these in other modules). Otherwise, we would not be able to access it remotely. We call this connection `Listening Service`.
Next, the following question comes up:
- How do the remote access methods affect Windows and thus change the state of Windows? What do these methods provide us with?
Here the answer and the purpose are already in the description - these allow `Remote Access`.
![[Questioning4.webp]]
Now let us look at what we know about the known remote access methods.
- What is the purpose of remote access methods?
The purpose is to be able to manage Windows in different ways remotely. So all we do with it is to use it. So, therefore, we call this connection `Using`.
- How do the different remote access methods that we know affect us?
Apart from the different services these methods are designed for, they all have one thing in common. They allow us to interact with Windows. Therefore we call this connection `Allow to interact with`.
![[Questioning5.webp]]
Since we already know some remote access methods, we know how they are connected to Windows. Before Windows can be accessed remotely, the corresponding service must be running.
- Which services must Windows have running to use methods unknown to us?
We can not know this because the methods are unknown to us. Therefore we name it like this: `???`
Now the same question arises again.
- How do the remote access methods affect Windows and thus change the state of Windows? What do these methods offer us?
The different methods offer different ways to access Windows. Because the purpose of the methods, in this case, has not changed. Therefore we call it again: `Remote Access`.
![[Questioning6.webp]]
Now that we know and understand the relationships between all the individual components, we know exactly what information we are missing and what we should focus on. In this case, we can use `Windows services` to find the unknown remote access methods. Therefore, if we look closely at all possible services that allow remote access, we can probably even find our own ways to use the service for remote access.
The special thing about this model is that it is stackable. For example, if we have identified such Windows services and found unknown methods, the field `Unknown` becomes `Known` and would look like this:
![[Questioning7.webp]]
---
## Practice
The model may be unusual at first, and from experience, I can say that many people have difficulties in the beginning to apply this model. You will be using this model subconsciously after practicing five to ten times. You will not have to think about it much, and you will see the difference in a very short time when you have practiced this model. In fact, with these few practice sessions, you will internalize this model so much that you will even begin to use it automatically during conversations. This is the recipe that I have given you, and now you must learn to prepare the dish yourself.
Now take the 3 to 5 questions from the situations we had to write down at the beginning of this section and apply this model. You will be amazed at the conclusions you will come to.
However, this model has one special feature. If applying this model to your question is unsuccessful, you will have to rephrase it and make it more precise. Because this feature of the `ROQ` model will not allow us to ask questions to which there is no clear answer.
Now, let us settle one last question.
- So, what is the right question?
`A right question is a precise question that allows us to establish the relationships between the components, to understand them, and to take us one step further to the required answer.`

44
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/1_Proceso de aprendizaje.md Executable file
View File

@@ -0,0 +1,44 @@
# Way of Thinking
[[Preparación para la CPTS|CPTS]]
Imagine that you want to become a programmer, and you know that there are more than 200 different programming languages that can be used to create applications that can be cracked by debugging or reverse engineering. If we learned every programming language within 100 hours, we would spend 20,000 hours or 2,500 days (8 hours per day) or, in other words, almost seven years to learn all of these programming languages. As a result, we spend seven years learning all these languages and never tried to debug or reverse engineer the program we created. Great! Let us spend another seven years learning to debug an reverse engineering.
The field of information security is massive, making it impossible for anyone to learn everything. For example, if we wanted to learn over 200 programming languages in 100 hours each, it would take almost 7 years—without even practicing debugging or reverse engineering. Then, we would need another 7 years to learn those skills. This is clearly inefficient and unnecessary.
Each programming language has strengths and weaknesses, but mastering one makes it easier to learn others. All languages follow common principles defined by R. D. Tennent:
- **The Principle of Abstraction**
- **The Principle of Correspondence**
- **The Principle of Data Type Completeness**
In cybersecurity, we must quickly learn these principles and adapt to different environments. Often, we wont understand how something works, and thats when we need to investigate.
Learning-focused cybersecurity communities, such as Hack The Box, provide free resources, vulnerable machines, and guides. In these communities, there are two types of people:
1. Those who know nothing.
2. Those who think they know nothing.
This can be frustrating, but its part of the learning process. Respectful communication is key—everyone starts from zero. You can engage with the community through:
- **Forum**: [https://forum.hackthebox.com](https://forum.hackthebox.com)
- **Discord**: [https://discord.gg/hackthebox](https://discord.gg/hackthebox)
Many people dont know their actual skill level. A penetration tester must understand many technologies, making specialization difficult. We can either learn about everything without mastering anything or specialize in a specific area.
Another approach is to develop an efficient learning methodology. Success depends on knowing how to search for information and learn quickly. But first, we must learn how to learn.
There are no shortcuts—practice is essential. Reading about programming helps understand code (passive learning), but writing and testing code (active learning) is necessary for improvement.
A common question is: **When is a penetration tester good enough?**
Since no one knows everything, the key is to find, select, and adapt information effectively.
And one crucial concept is missing: **LEARNING**.
Learning how to learn is not easy. In school, we were taught only one way to solve problems without exploring alternatives. For example, try solving this equation:
**20 * ________ + ________ = 65535**
Now reflect: why did you solve it that way and not differently? Write it down and analyze your thought process.
----

53
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/Organizacion_Exer1.md Executable file
View File

@@ -0,0 +1,53 @@
[[Preparación para la CPTS|CPTS]]
Create a list of different management techniques and methods that you can find and list all their negatives an positives. Experiment with the ones that suit you best and choose/create a method for yourself.
----
# **Scrum**
(USO: INVESTIGACIÓN Y DESARROLLO DE SOFTWARE)
Es un marco de trabajo de gestion de proyectos de metodologia agil que ayuda a los equipos a estructurar y gestionar el trabajo mediante un conjuto de valores. Basicamente hablando, es enfocarse de 1 a 4 semanas (llamadas SPRINT) en tareas planificadas sin desviarse:
Pasos:
1. Se define qué se va a hacer (Sprint planning)
2. Se trabaja en ello sin cambios de última hora.
3. Se revisa el progreso en reuniones diarias cortas (Daily Scrum).
4. Al final del sprint, se presentan los avances (Sprint Review)
5. Se analiza que se puede mejorar para la siguiente iteracion (Sprint Retrospective).
---
# **Agile**
(USO: DESARROLLO DE SOFTWARE)
Agile es una metodologia la cual se basa en la flexibilidad, la mejora constante y la entrega de los proyectos de forma constante. Se usa principalmente en desarrollo de software, pero tambien en otras areas donde se requiera adaptabilidad.
### Principios
Agile se basa en el **Manifiesto Ágil**, que establece 4 valores fundamentales:
1. **Individuos e interacciones** sobre procesos y herramientas.
2. **Software funcionando** sobre documentacion extensa.
3. **Colaboracion con el cliente** sobre negociacion de contratos.
4. **Respuestas ante el cambio** sobre seguir un plan rígido.
---
# **Bullet Journal (BuJo)**
(USO: GENERAL)
El Bullet Journal (o **BuJo** pa los colegas) es un sistema de organizacion manual y es en el cual tengo mas experiencia. Lo he usado durante mas de 8 años y es el que mejor me sirve. Consiste en la organizacion manual que combina listas de tareas, calendario, notas y diario en un solo cuaderno. Fue creado por Ryder Carroll y se basa en el uso de simbolos y estructuras simples para organizar la informacion de manera eficiente
### Registros:
**Future logs**: Aqui se apunta los eventos o tareas que deben terminarse en los proximos meses.
**Monthly logs**: Se divide el mes en una lista con fechas y tareas importantes.
**Daily log**: Cada dia se anotan tareas, eventos y notas.
### Bullet System
- · (Punto): Tarea.
- X (Tachado): Tarea completada.
- > (Flechita): Tarea pospuesta (va acompañada del dia en el cual se pospuso).
- - (Guión): Nota o idea.
- O (Círculo): Evento.
## List Collection
Se pueden añadir paginas personalizadas como lista de libros por leer, habitos, metas, etc.

348
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/RAW_SPANISH/RAW_SPANISH (M1_Pre-Compromiso).md Executable file
View File

@@ -0,0 +1,348 @@
[[Preparación para la CPTS|CPTS]]
-------------
## La manera de pensar
La seguridad informática es un campo enorme, imposible de abarcar completamente. Un ejemplo: si quisiéramos aprender los más de 200 lenguajes de programación en 100 horas cada uno, tardaríamos casi 7 años en solo eso, sin haber practicado depuración o ingeniería inversa. Y luego, necesitaríamos otros 7 años para aprenderlas. Es evidente que esto no es eficiente ni necesario.
Cada lenguaje tiene fortalezas y debilidades, pero entendiendo bien uno, aprenderemos otros más rápido. Todos siguen principios comunes, definidos por R. D. Tennent:
- **Principio de abstracción**
- **Principio de correspondencia**
- **Principio de completitud de los tipos de datos**
En seguridad informática, debemos aprender rápidamente estos principios y adaptarnos a distintos entornos. A menudo, no sabremos cómo funciona algo, y ahí es cuando debemos investigar.
Las comunidades de aprendizaje en ciberseguridad, como Hack The Box, ofrecen recursos gratuitos, máquinas vulnerables y guías. En estas comunidades, hay dos tipos de personas:
1. Los que no saben nada.
2. Los que creen que no saben nada.
Esto puede ser frustrante, pero es parte del proceso. Es clave mantener el respeto y recordar que todos empezamos desde cero. Podemos interactuar con la comunidad en:
- **Foro**: [https://forum.hackthebox.com](https://forum.hackthebox.com)
- **Discord**: [https://discord.gg/hackthebox](https://discord.gg/hackthebox)
Muchos desconocen su verdadero nivel de conocimiento. Un pentester necesita manejar muchas tecnologías, lo que hace difícil especializarse. Podemos aprender sobre todo sin ser expertos en nada, o profundizar en un área específica.
Una alternativa es desarrollar una metodología de aprendizaje eficiente. El éxito depende de saber buscar información y aprender rápido. Pero para lograrlo, primero debemos aprender a aprender.
No hay atajos: la práctica es esencial. Leer sobre programación ayuda a entender código (aprendizaje pasivo), pero escribir y probar código (aprendizaje activo) es fundamental para mejorar.
Una pregunta común es: **¿Cuándo un pentester es lo suficientemente bueno?**
Dado que nadie lo sabe todo, la clave está en saber encontrar, seleccionar y adaptar la información.
Y falta un concepto clave: **APRENDER**.
Aprender a aprender no es fácil. En la escuela nos enseñaron un solo método para resolver problemas, sin explorar alternativas. Por ejemplo, intenta resolver esta ecuación:
**20 * ________ + ________ = 65535**
Ahora reflexiona: ¿por qué la resolviste de esa manera y no de otra? Escríbelo y analiza tu proceso de pensamiento.
-------------------
# Organización
Ya hemos visto el panorama general mencionado varias veces. Para comprender qué tan importante es el término, imagina la siguiente situación:
Estás de pie en una gran montaña, y al pie de la montaña hay un bosque inmenso. En el horizonte, vemos otra montaña a la que queremos llegar. La dificultad aquí es que no veremos esa montaña en cuanto bajemos al bosque. La única forma de llegar a ella es orientándonos usando los lagos, ríos y campos entre estas dos montañas.
Esto significa que debemos llevar con nosotros las herramientas necesarias y todos los puntos de orientación intermedios para evitar perdernos. Porque, en cuanto nos perdamos, no podremos simplemente avanzar por el bosque con la esperanza de alcanzar nuestro objetivo de alguna manera, o tendremos que volver a la primera montaña para reorientarnos.
Podemos ver cómo los términos dependen unos de otros y lo importante que es tener un mapa para orientarnos. Al completar los ejercicios anteriores, ya hemos hecho los primeros trazos en nuestro mapa. Estos nos ayudarán a comprender dónde estamos y hacia dónde queremos ir. Estar organizados es fundamental en las pruebas de penetración porque todo el proceso de redacción del informe debe estar estructurado.
Podemos tardar solo un día en tomar el control de varios sistemas, por lo que no queremos perder tiempo buscando una y otra vez las fuentes o la información que necesitamos. La organización se describe mejor con el siguiente ejemplo:
Un **leñador inexperto** tarda 30 minutos en afilar su hacha y 3 horas en talar el árbol.
Un **leñador experimentado** afilará el hacha durante 3 horas y talará el árbol en 30 minutos.
Existen muchas técnicas y métodos de gestión diferentes que podemos utilizar. Estos incluyen:
>- Scrum
>- Agile
>- Listas de tareas (To-Do List)
>- Bullet Journal y más.
---
# Enfocate
Vamos a profundizar un poco más. Esta vez hablaremos sobre el **enfoque**, una habilidad vital que necesitamos. Sin embargo, como muchas otras habilidades, es un arma de doble filo. Cuando hablamos de enfoque, nos referimos a concentrarnos en un tema durante un tiempo determinado. Al hacerlo, dirigimos la mayor parte de nuestro pensamiento y atención al tema elegido, dejando de lado por completo otros pensamientos relacionados con otros asuntos.
¿Alguna vez nos hemos preguntado por qué la mayoría de las personas frustradas van al gimnasio después de un día estresante en lugar de simplemente tumbarse y no hacer nada? ¿Por qué se sienten mejor después? A menudo escuchamos que lo necesitan absolutamente para calmarse. Si lo pensamos un poco, al principio parece ilógico, porque estas personas necesitan energía física adicional cuando ya están agotadas.
Esto nos lleva nuevamente a la pregunta: **"¿Por qué un esfuerzo físico adicional les ayuda a calmarse?"**
Por un lado, el cuerpo produce las llamadas endorfinas (hormonas de la felicidad) al hacer ejercicio. Estas tienen diferentes efectos en el organismo, y uno de ellos es la reducción del dolor. Además, los neurotransmisores tienen un efecto calmante y favorecen un sueño reparador. Otra función es la regulación del hambre. Probablemente lo hayamos experimentado en el deporte: en cuanto nos agotamos, sentimos hambre. Otro efecto beneficioso de las endorfinas es el fortalecimiento del sistema inmunológico, tanto a nivel físico como psicológico.
Esto puede explicar por qué empezamos a sentirnos mejor después del ejercicio, pero después de todo, el estrés más significativo no está en el cuerpo, sino en la mente. Sabemos que después de hacer deporte el cuerpo está exhausto, pero ¿por qué nuestra mente empieza a relajarse? Durante el ejercicio, nos concentramos completamente en la actividad física, ya que suele requerir una gran cantidad de energía y, por lo tanto, nuestra total atención. Al desviar el enfoque del estrés real, dejamos ir las situaciones que nos han agobiado y estas se procesan de manera **subconsciente**, resolviéndose en su mayoría.
Aquí hay un excelente ejemplo de una situación similar que probablemente hayas experimentado:
Seguramente has olvidado dónde pusiste algo o no puedes recordar un término específico que en otro momento te resultaría obvio. ¿Alguna vez te has preguntado por qué de repente puedes recordarlo después de un corto tiempo?
Nos distraemos y nos enfocamos en otro tema. De esta manera, le damos a nuestro subconsciente la posibilidad de resolver el problema por sí mismo.
Es importante diferenciar entre **enfoque** y **atención**, ya que no son lo mismo. La **atención** se refiere al **momento presente**, como ahora mismo, mientras lees este texto. Sin embargo, el **enfoque** está en el tema con el que estamos lidiando en ese momento.
Si volvemos al ejemplo de las llaves perdidas, intenta recordar qué pasaba por tu mente. Lo más probable es que fuera algo como:
_"¿Dónde puse las llaves?"_ o _"¿Dónde las vi por última vez?"_
Si estas eran las preguntas que nos hacíamos, podemos ver que el tema central eran las llaves, por lo que nuestro **enfoque estaba en encontrarlas**.
Si alguna vez has estado en esta situación y has dicho algo como:
_"Ok, las llaves no están aquí..."_
Entonces teníamos nuestra **atención completamente en la búsqueda** de las llaves. Sin embargo, ¿qué pasa si tenemos prisa?
Entonces miramos el reloj cada 5 segundos y nuestros pensamientos ya están en el lugar al que deberíamos llegar pronto. Difícilmente podremos **concentrarnos** en la búsqueda de las llaves porque nuestro enfoque está en **"llegar tarde"** y no en **"encontrar las llaves"**.
Debería quedar más claro que **el enfoque y la atención no son lo mismo**, y que la atención está influenciada por el enfoque.
El enfoque se basa en nuestra voluntad y en lo que queremos lograr. Puede ser una **decisión consciente** o una **decisión subconsciente** guiada por influencias externas.
> **Enfocarse es la alineación intencional y deliberada hacia un objetivo específico.**
----
# Atencion
Se puede decir que la atención es la percepción de un tema con un mayor nivel de interés para recopilar información y datos específicos sobre él.
Nuestra atención cambia con nuestra experiencia y la información que obtenemos del contexto y su claridad.
> **La atención está influenciada por nuestros intereses, necesidades, actitudes personales, creencias, orientaciones, objetivos y experiencias.**
Hemos abordado este módulo con una actitud confiada, con expectativas, orientación y un objetivo. La atención es un **proceso mental independiente** que ocurre de manera subconsciente.
Cuando hablamos de concentración, nos referimos al mantenimiento de nuestra atención en un tema específico. Esto significa que, mientras estemos interesados en un tema determinado, seguiremos trabajando en él hasta lograr el resultado deseado para nuestro bienestar. Nuevamente, la atención va de la mano con la concentración y el enfoque.
Sabemos que nuestra atención comenzará a disminuir en algún momento y que ya no podremos absorber información de manera efectiva. Llegamos a un punto de estancamiento, nos forzamos a seguir intentando y el aprendizaje termina en **problemas** de comprensión y, por lo tanto, en una mayor **frustración**.
La seguridad informática es un tema muy amplio, como ya hemos comentado. No podremos absorber toda la información de una sola vez. Volveremos a menudo sobre los temas y repetiremos lo que no entendemos. Este es un proceso normal. Debemos comprender cómo dividir nuestra atención.
No existe una fórmula general para aprender a dividir nuestra atención correctamente. Es un proceso individual que aún no se puede categorizar sin profundizar demasiado en los estudios psicológicos. Hay demasiadas características y experiencias personales a considerar.
Sabemos que la atención ocurre en el momento y, por lo tanto, tiene una duración limitada. Será una gran ventaja averiguar cuánto tiempo pueden durar nuestro estado emocional y nuestra capacidad de atención.
Podemos documentarlo y, después de una semana, observaremos un patrón interesante. Si queremos abordarlo de manera más científica, podemos agregar los siguientes puntos a nuestra documentación para obtener una mejor visión:
- Estado emocional actual
- Flujo del día hasta el momento
- Lugar de trabajo
- Horas de trabajo
- Duración
- Calidad del sueño
- Pausas insertadas
- Duración de las pausas
- Cualquier otro factor relevante
Estas son fases para las que debemos invertir al menos una hora de nuestra atención. Hagámoslo divertido y nos sorprenderemos con los descubrimientos que hagamos. Podemos crear una lista simple o incluso una tabla para documentarlo de manera rápida y sencilla. No es necesario documentarlo cada vez que comencemos algo, pero podemos relacionarlo con el módulo, curso o camino de aprendizaje en el que estemos.
Una vez que comprendamos cómo se comporta nuestra capacidad de atención, también tendremos una idea de cómo podemos dividirla. Sin embargo, esto no significa que, si tenemos una capacidad de atención de 60 minutos, podamos dividirla en tres temas de 20 minutos cada uno. Recordemos que la cantidad de atención que podemos dedicar a un tema depende de muchos factores.
Experimentemos con esto. Cambiemos nuestro lugar de trabajo, nuestros horarios, la duración del trabajo si es posible. Escuchemos música diferente y probemos cosas nuevas que puedan ayudarnos.
Lo ideal sería que no nos obligáramos a enfocarnos en un tema específico, ya que esto tendría un efecto negativo y, como mencionamos antes, podría terminar en frustración, un tema que trataremos en otra sección.
> **Asegurémonos de sentirnos cómodos y preparados para aprender cosas nuevas.**
---
# Confort
[[Preparación para la CPTS|CPTS]]
==Confort== es un ==estado emocional== de la mente de una persona que, entre otros aspectos, tiene una gran influencia en el comportamiento, el pensamiento, el enfoque, la atención y la capacidad de concentración. Es la sensación de bienestar en forma de comodidad y la actitud de comportamiento libre de riesgos. A esto también se le conoce como la llamada ==zona de confort==, en la que la persona ==cree== que se encuentra.
Existe la llamada ==ley de Yerkes-Dodson==, que describe el rendimiento cognitivo como una función del nivel de estrés/nerviosismo. La curva de rendimiento de esta ley es muy individual, ya que depende en gran medida de factores emocionales y motivacionales, y se divide en cuatro secciones.
La representación más utilizada de esta ley y su proceso de rendimiento es la versión de Hebb.
![[NEW_yerkes-dodson-law.png]]
Cuando hablamos de confort, depende en gran medida de si tenemos un nivel saludable de estrés o si ya hemos cruzado el umbral, lo que lleva a una disminución en nuestro rendimiento. El punto de equilibrio es muy individual. Nos encontramos en una zona a la que estamos acostumbrados y que consideramos cómoda. Generalmente, estas son situaciones y áreas en las que ya hemos adquirido cierta experiencia y sabemos cómo desenvolvernos.
Cuando salimos de la llamada ==zona de confort==, entramos en una situación o área donde tenemos poca o ninguna experiencia. Esta incertidumbre reduce nuestra capacidad de pensar y tiene un impacto significativo en nuestro proceso mental, lo que nos ralentiza.
Es interesante notar que los niños pequeños no muestran esta misma incertidumbre.
==Les encanta probar cosas nuevas todo el tiempo y no tienen miedo o dudas sobre cometer errores.==
Después de todo, ==los errores son una parte esencial del proceso de aprendizaje==, y siempre debemos recordarlo.
Aquí surge una pregunta interesante: "¿Por qué los niños pequeños, a diferencia de los adultos, no sienten esta incertidumbre?"
Veamos primero el siguiente diagrama:
![[NEW_The-Comfort-Zone-diagram.png]]
Ahora imagina que estás parado en la entrada de un bosque oscuro y denso en plena noche. Es tan espeso que la luz del día no puede atravesar las copas de los árboles. A la izquierda y a la derecha del bosque hay acantilados demasiado empinados para descender, y sabemos que en algún lugar de ese bosque se encuentra aquello que deseamos.
¿Entrarías a buscarlo?
Nuestro instinto nos diría que evitáramos hacerlo.
Pero, ¿y si lo que deseas está solo cien metros más adelante en el bosque y está brillantemente iluminado?
Es aquello que te llenará de la forma en que siempre lo has deseado.
¿Te arriesgarías ahora?
Aquellos que eligen salir de su zona de confort llegarán a su objetivo más rápido de lo que pensaban. Se moverán más rápido de lo que jamás imaginaron.
Ahora deberíamos comprender mejor la progresión entre tomar la decisión de salir de nuestra zona de confort o permanecer en ella. Sin embargo, siempre aprenderemos algo nuevo, y cada vez será más fácil salir de ella.
---
### **Miedo**
A menudo, las personas sienten miedo de algo nuevo o desconocido y no pueden evaluar si podría perjudicarlas de alguna manera. Existen muchos tipos de miedo, pero por ahora solo nos interesan dos. Primero, debemos diferenciar entre el miedo en situaciones peligrosas y el miedo interpretado en el proceso de aprendizaje.
El miedo en situaciones peligrosas es necesario, ya que sirve para proteger nuestra vida o la de nuestros seres queridos. Sin embargo, el miedo interpretado pertenece a un estado imaginario de temor. Esto significa que podemos sentir miedo sin estar en una situación que ponga en riesgo nuestra vida. De hecho, el cuerpo humano puede llegar a manifestarlo como dolor, ya que el miedo es una emoción (y, por lo tanto, subconsciente) que, en casos extremos, puede incluso provocar un mal funcionamiento del músculo cardíaco (síndrome del corazón roto).
Un excelente ejemplo de este comportamiento en la naturaleza humana es el miedo a los extraterrestres en las películas. En la mayoría de las películas, los alienígenas aterrizan en la Tierra y comienzan los "problemas de relación". Un ejemplo más común es cuando alguien desconocido golpea repentinamente nuestra puerta principal. En ese momento, nos sobresaltamos y nos asustamos, porque no sabemos si se trata de un criminal o de alguien que necesita ayuda.
El miedo imaginario está dirigido a eventos que imaginamos, con consecuencias que calculamos. Sin embargo, hay un aspecto crucial que no podemos pasar por alto:
- Las personas temen lo que podría suceder en el futuro sin considerar el presente.
El miedo en situaciones que no ponen en peligro la vida se encuentra en nuestros pensamientos sobre el futuro imaginario. Mientras más detallado lo imaginemos, mayor será el miedo. Will Smith ha hablado sobre su experiencia enfrentando sus propios miedos.
![[Will_smith_skydiving_and_fear.mp4]]
El miedo imaginario es un estado emocional que nos impide vivir experiencias únicas y nos frena en nuestro camino. Incluso si queremos ser excelentes pentesters, la mayoría de los principiantes temen dar el máximo esfuerzo por el miedo imaginario al fracaso. Esto se debe a muchos otros factores que analizaremos más adelante.
Si nos encontramos sintiendo este miedo, debemos responder con el mayor detalle posible a la siguiente pregunta:
- "¿Cuál de estas razones es realmente cierta en este momento?"
Otro factor que refuerza este miedo imaginario y nos hace pensar que fracasaremos son nuestras experiencias pasadas de fracaso. Algo que debemos recordar, escribir y colgar en la pared donde siempre podamos verlo:
- **La diferencia entre un ganador y un perdedor es que el ganador ha perdido más veces que el perdedor.**
El fracaso es esencial en el aprendizaje y es inevitable. Nadie ha adquirido una habilidad sin cometer errores. De hecho, ocurre lo contrario. Nuestros fracasos son cruciales en nuestra curva de aprendizaje porque nos impulsan a llegar más alto. Cuando volvemos a un punto donde fallamos antes, ya sabemos qué esperar, lo que nos facilita superar la dificultad.
Muchas personas se rinden en este punto. Podemos imaginarlo como si estuvieran sentadas esperando subir sin moverse. Incluso si alguien les lanza una cuerda para ayudarlas a pasar el obstáculo, no servirá de nada si no hacen el esfuerzo de escalar.
---
### **Mentalidad**
Es en estas situaciones cuando aparecen nuestras excusas, como:
- No puedo hacer esto.
- Esto no es para mí.
- No entiendo esto.
- Etc.
Esto proviene de nuestra mentalidad y de cómo interpretamos las situaciones y ciertos desafíos. Nuestra mentalidad está formada por procesos de pensamiento inconscientes que desarrollamos para evitar situaciones difíciles o esfuerzos. Estos procesos también se moldean durante nuestra infancia. Por ejemplo, un niño constantemente criticado por sus éxitos y fracasos tendrá dificultades para atreverse a probar cosas nuevas. Por otro lado, la falta de crítica puede hacer que el niño sea demasiado confiado, lo que podría llevarlo a sobrestimar sus capacidades.
La mentalidad también puede describirse como un conjunto de creencias (no solo culturales). Un ejemplo de esto es la creencia de que el contacto visual es señal de interés y apertura en todas partes. Sin embargo, en Japón, esto se considera una invasión de la privacidad y es visto como una falta de respeto.
Es recomendable ser conscientes de estos procesos de pensamiento. Una vez que comprendemos nuestra forma de pensar, tenemos más información para trabajar y podemos decidir qué queremos cambiar. Por ejemplo, cuando nos encontramos pensando =="No puedo"==, podemos cambiar esta idea agregando una sola palabra:
- No puedo hacer esto **todavía**.
- Esto no es para mí **todavía**.
- No entiendo esto **todavía**.
- Etc.
Este pequeño cambio estimula nuestras creencias y mentalidad para superar los obstáculos.
Todos los sentimientos y obstáculos que nos impiden avanzar son temporales. Estos sentimientos pasarán, pero el objetivo permanecerá.
Otro factor que a menudo se percibe como un obstáculo es la comparación entre habilidad, talento y pasión. Sin embargo, ya hemos aprendido qué significa realmente cada uno de ellos:
- **El talento** es una habilidad altamente desarrollada con gran eficiencia.
- **La habilidad** es la capacidad de manejar o resolver algo de manera efectiva.
- **La pasión** es el compromiso emocional con un área en particular.
Si analizamos estas definiciones, veremos que están interrelacionadas y se apoyan mutuamente, en lugar de ser factores que nos limitan. Todos tenemos diferentes talentos, patrones de pensamiento que facilitan unas tareas y dificultan otras, habilidades que podemos aprender y la pasión necesaria para alcanzar nuestro objetivo. Lo importante no son los componentes individuales, sino el objetivo que queremos lograr.
---
### **Presión**
La presión también puede describirse como estrés mental, la suma de todas las influencias externas e internas detectables. La presión psicológica surge según la situación y demanda nuestros recursos.
Se distingue entre influencias internas y externas. Las influencias internas incluyen nuestras creencias y actitudes. Estas pueden ser una espada de doble filo. Por ejemplo, el perfeccionismo nos hace querer hacerlo todo perfectamente y rápido, lo que puede volverse en nuestra contra.
Es difícil controlar estos rasgos de carácter porque ocurren inconscientemente y se manifiestan en forma de emociones. Si nos sentimos incómodos o abrumados por una tarea, inconscientemente pensamos que no estamos a la altura. A menudo nos preguntamos:
- "¿Por qué debería seguir con esto?"
Como esto está gobernado por nuestro subconsciente, necesitamos cambiar nuestro enfoque mental. Una manera de hacerlo es a través de actividades creativas, ya que nos obligan a usar el cerebro de una manera diferente.
Una de estas actividades creativas puede ser la música o el dibujo. La razón es que al crear algo nuevo, no podemos enfocarnos en nuestra mentalidad negativa al mismo tiempo.
Las influencias externas incluyen lo que otros piensan y dicen de nosotros. Puede tratarse de plazos estrictos o de personas que intentan desmotivarnos. Muchas veces, estas personas lo hacen para inflar su propio ego y no tienen nada que ver con nuestras habilidades reales.
Debemos recordar lo siguiente:
- **Solo la persona que ha recorrido exactamente el mismo camino que tú puede evaluar tus decisiones. Todo lo demás son suposiciones.**
---
# Cuestionamiento
Aprender a hacer las preguntas correctas es un arte y una habilidad crítica. No importa en qué situación estemos ni si estamos discutiendo temas técnicos o no técnicos. Sin embargo, muchas personas no conocen la diferencia entre preguntas correctas e incorrectas. De hecho, la mayoría ni siquiera sabe qué es una pregunta. Actualmente, definimos las preguntas y vemos su propósito como la recopilación de información y hechos a partir de los cuales podemos sacar conclusiones y hacer suposiciones que guiarán nuestras decisiones y, por lo tanto, nuestro futuro curso de acción. Sin embargo, esta opinión pronto cambiará. Además de eso, las preguntas suelen servir para orientarnos. Con esto queremos decir que podemos obtener una visión general basada en las preguntas que hacemos, lo que nos ayuda a encontrar más información sobre el tema que nos interesa. Las preguntas representan la visión de la situación antes de dar el paso y avanzar en nuestro camino.
Metafóricamente hablando, las usamos para ver dónde queremos estar o cuál puede ser nuestro próximo paso.
Especialmente en nuestro campo de la ciberseguridad y, sobre todo, en las pruebas de penetración, debemos tener en cuenta lo siguiente:
**Lo más importante y difícil en cualquier situación no es la búsqueda de la respuesta correcta, sino la búsqueda de la pregunta correcta.**
Un buen ejemplo es que, si ya se conoce la respuesta a una tarea, la tarea deja de ser necesariamente difícil de resolver. Muchas personas creen que buscar una respuesta es una de las actividades más difíciles que los acompañará a lo largo de su vida. Sin embargo, encontrar la respuesta se vuelve lo contrario cuando la pregunta se plantea correctamente. Es mucho más complicado hacer las preguntas adecuadas cuando no comprendemos los conceptos o cuando no tenemos conocimiento de un área en particular. Todos hemos estado en situaciones en las que, de repente, no sabíamos qué hacer y ni siquiera entendíamos por dónde empezar para resolver la situación.
En este punto, debemos elegir de 3 a 5 situaciones similares de nuestras vidas y escribir una pregunta para cada una de ellas. Pueden ser cualquier tipo de situación. Podemos tomar situaciones difíciles y confusas y luego escribir una pregunta para ellas. A lo largo de esta sección, aprenderemos un modelo que nos ayudará a ver la diferencia entre la calidad de las preguntas que hacíamos y las preguntas que necesitábamos hacer. Al hacerlo, también nos daremos cuenta rápidamente de la efectividad del modelo y de cuánto nos habría ayudado en su momento. Esta es la mejor manera de juzgar su efectividad en base a nuestras propias experiencias de vida. Por lo tanto, no debemos omitir este paso y escribir de 3 a 5 situaciones de nuestra vida ahora.
---
## Estados de las Preguntas
Antes de continuar, debemos aclarar un mito sobre las preguntas. Debemos tener claro lo siguiente:
- No existen preguntas "buenas" o "malas". Fin de la historia.
Examinemos la siguiente pregunta y aclaremos este mito de una vez por todas:
- `¿Qué son las "buenas" preguntas?`
Supongamos que la respuesta es `X`, `Y` y `Z`. ¿Es esta pregunta "buena" o "mala"?
No importa, es irrelevante. "Bueno" o "malo" es un estado que atribuimos a la pregunta. ¿Qué influencia tiene esta condición en la respuesta? - Ninguna. La respuesta sigue siendo `X`, `Y` y `Z`.
Si hacemos algo que no afecta el resultado, no importa y, por lo tanto, es completamente irrelevante. Es como preguntarnos:
- "¿Qué pasa si salto al agua?"
A esta pregunta, agregamos los siguientes factores:
- "El agua está fría/caliente/oscura/transparente."
¿Cómo afecta el estado del agua al resultado de saltar al agua? - No lo hace. Aparte de todas las demás consecuencias, nos mojamos de cualquier manera. Lo interesante es que al agregar la condición, nos acercamos más a la situación real, ya que hemos usado esta descripción para definir el estado del agua. Sin embargo, ¿cómo influenciaríamos el resultado si estableciéramos el estado de la pregunta y dijéramos que es una "buena" pregunta? - No lo haríamos.
Las personas usan los términos "bueno" y "malo" para describir el beneficio o la pérdida que esperan obtener de la pregunta. Si obtienen una respuesta que les beneficia, clasifican la pregunta como "buena". Pero, ¿y si la pregunta conduce a una pérdida o, incluso peor, no ayuda a la persona? ¿Es la pregunta mala? - En realidad, no.
El estado que atribuimos a las preguntas no afecta las respuestas. El estado atribuido a la pregunta pertenece a la respuesta o al resultado. La respuesta puede ser "buena" o "mala" hasta cierto punto, pero no necesariamente, dependiendo de nuestro objetivo y de si nos estamos acercando a él. Si nos acercamos a la respuesta o al resultado, alejándonos de un objetivo menos ideal, es algo positivo.
Podemos asignar dos estados a una pregunta; así, podemos describirla como una `pregunta imprecisa` o una `pregunta precisa`.
- Una `pregunta imprecisa` sería, por ejemplo: "¿Cómo puedo hackear X?"
- Una `pregunta precisa` sería: "¿Cómo puedo usar el servicio SMB del servidor para identificar sus cuentas de usuario existentes?"
Como podemos ver en estos dos ejemplos, el nivel de precisión puede afectar enormemente el resultado y la respuesta. No obstante, una pregunta precisa sigue sin ser "buena" o "mala", ya que estos términos son irrelevantes y no influyen en el resultado.
---
## Preguntas en General
Usamos preguntas en la vida cotidiana más a menudo de lo que nos damos cuenta a primera vista. En promedio, hacemos entre 3 y 5 preguntas por minuto. Por supuesto, esto depende de la situación. Podemos experimentar configurando un temporizador durante 1 minuto y observando nuestros pensamientos en ese período. Cada vez que notemos que nos hacemos una pregunta o que algo no nos queda claro, marcamos un punto en una hoja de papel hasta que se acabe el tiempo. Para realizar este experimento, necesitamos un bolígrafo, una hoja de papel y configurar el temporizador. A partir de ahora, dejamos que el temporizador corra.
Las preguntas pueden formularse de muchas maneras diferentes, ya que se adaptan a las circunstancias, situaciones y objetivos deseados. Son una parte esencial del proceso de pensamiento, en el que se crean conexiones entre nodos de información en nuestro cerebro. Así, también son una parte fija e inevitable del proceso de aprendizaje. Eliminar las preguntas, por lo tanto, reduce enormemente el aprendizaje. Si no cuestionamos nada mientras leemos contenido, es como una receta de cocina sin información sobre cómo prepararla. Porque una receta contiene una gran pregunta desde el principio:
- `¿Cómo cocino el plato?`
Cada receta tiene dos elementos clave:
1. Ingredientes
2. Método de preparación
El contenido del material de aprendizaje se puede equiparar con los ingredientes. El método de preparación se correlaciona con nuestras preguntas, ya que determinan qué paso tomaremos a continuación y definen nuestro enfoque. Finalmente, cómo el cocinero describe la preparación nos indica cuándo, cómo y qué agregar y procesar para acercarnos al resultado final.

BIN
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/RAW_SPANISH/desktop.ini Executable file
View File

Binary file not shown.

BIN
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/1_Proceso de aprendizaje/desktop.ini Executable file
View File

Binary file not shown.

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/2_Linux.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/3_Windows.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/4_Introducción a redes.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/5_Introduccion a aplicaciones Web.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/6_Solicitud Web.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/7_Ofuscamiento de JavaScript.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/8_Introducción a Active Directory.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

1
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/9_Empezar.md Executable file
View File

@@ -0,0 +1 @@
[[Preparación para la CPTS|CPTS]]

BIN
EXPERIENCIA/Certificados/CPTS/M1_Pre-Compromiso/desktop.ini Executable file
View File

Binary file not shown.

BIN
EXPERIENCIA/Certificados/CPTS/M2_Recopilacion_de_informacion/desktop.ini Executable file
View File

Binary file not shown.

BIN
EXPERIENCIA/Certificados/CPTS/M3_Evaluacion_de_vulnerabilidades/desktop.ini Executable file
View File

Binary file not shown.

BIN
EXPERIENCIA/Certificados/CPTS/M4_Explotacion_de_vulnerabilidades/desktop.ini Executable file
View File

Binary file not shown.

67
EXPERIENCIA/Certificados/CPTS/Preparación para la CPTS.md Executable file
View File

@@ -0,0 +1,67 @@
![[cpts.webp]]
El [Certified Penetration Testing Specialist](https://academy.hackthebox.com/exams/3/) (Especialista Certificado en Pruebas de Penetracion) Es un certificado de nivel Bajo / Medio. Es un buen certificado para aquellos que quieran comenzar en el mundo del pentesting. Consiste de 28 modulos en los cuales se tratan diversas materias.
Al final del curso, se debe examinar al alumno con un examen de 10 dias de duracion, en el cual deberá de vulnerar 3 maquinas cliente y un servidor de Active Directory ademas de escribir un WriteUp en el cual debera de detallar todos los pasos seguidos durante el examinamiento.
El CPTS puede ser completado por alguien experimentado en un total de 48 Dias (1152 horas). Yo tengo planeado terminarlo mas o menos en un total de 8 a 12 meses (Estudiando entre 4 a 5 horas diarias).
Se debe tener en cuenta que yo tengo cierta experiencia en programacion con Python. Llevo programando por al menos 3 años para cosas basicas como proyectos para el ciclo, por ejemplo.
Este será mi horario:
De hora 1 a hora 2 -> Teoria y lectura (redes, sistemas, tecnicas de pentesting).
De hora 2 a hora 3 -> Practica en plataformas como HTB, THM, ProvingGrounds o creacion de labs propios.
De hora 3 a hora 4 -> Repaso general del dia y/o repaso de temas dificiles.
-------
==💡 NOTA: Al ser un campo en el cual predomina el ingles, todas las notas y apuntes estarán en ingles. Vease "RAW SPANISH" de cada modulo para verlo todo en castellano. Tenga en cuenta que la informacion puede no estar bien estructurada o bien traducida. Se deben verificar las anotaciones importantes.==
# Modulos:
### ==M1_Pre-Compromiso==
- [ ] [[1_Proceso de aprendizaje]]
- [ ] [[2_Linux]]
- [ ] [[3_Windows]]
- [ ] [[4_Introducción a redes]]
- [ ] [[5_Introduccion a aplicaciones Web]]
- [ ] [[6_Solicitud Web]]
- [ ] [[7_Ofuscamiento de JavaScript]]
- [ ] [[8_Introducción a Active Directory]]
- [ ] [[9_Empezar]]
### ([[RAW_SPANISH (M1_Pre-Compromiso)]])
### ==M2_Recopilacion de informacion==
- [ ] 10_Enumeracion de redes con NMAP
- [ ] 11_Huella
- [ ] 12_Recopilacion de informacion - Edicion Web
- [ ] 13_OSINT - Reconocimiento corporativo
### ==M3_Evaluacion de vulnerabilidades==
- [ ] 14_Evaluacion de vulnerabilidades
- [ ] 15_Transferencia de ficheros
- [ ] 16_Shells y payloads
- [ ] 17_Estructura de Metasploit
### ==M4_Explotacion de vulnerabilidades==
- [ ] 18_Ataque de contraseñas
- [ ] 19_Ataque a servicios comunes
- [ ] 20_Pivotaje, tunelizacion y reenvio de puertos
- [ ] 21_Enumeracion de Active Directory y Ataques
---
Tags:
[[Ciberseguridad]]

BIN
EXPERIENCIA/Certificados/CPTS/desktop.ini Executable file
View File

Binary file not shown.

BIN
EXPERIENCIA/Certificados/desktop.ini Executable file
View File

Binary file not shown.