Ethical Hacker Community Forums

..Whats your opinion?

<-- Complete n00b to the ethical hacking community and I've been on a windows computer all my life.  I'm in IT and I want to be more learned on security and everything that is involved.

So far I know that you need 

-->

Basic/Advanced Linux Knowledge



Add to my list!

Why not start out reading a book on hacking, like Hacking for Dummies, Hacking Exposed, any Kevin Mitnick book?  This could give you an overview of the fundamentals of hacking, and the Mitnick books have good stories, and history on hacking.

There are too many elements to consider on where to start.

Welcome by the way.

Thanks,

I've read Mitnik's art of deception... Really cool what you can do with social engineering.

I'll check out the two other books you mentioned.

Welcome to the forum! There are lots of nice people here.  ;D

I agree with Dengar13 about starting with a couple of books.

I also agree with you about basic Linux knowledge. But, I would not start right off with a hacking distribution, I would get to know the basics. Start with something like Ubuntu. Learn how to use the terminal, install programs, etc.

Since you are already in IT... If you don't already know, I would suggest learning about the TCP/IP protocol, and learn the differences between a hubbed network and a switched network.

There are a lot of aspects to learn about, but those are good to start with.

I'm completing my MCSA at the moment for my position here and theN i'm going to go into CCNA training, get some switches/routers and set up a virtual network.  In the meantime, work with linux at home and get a handle on the OS and go from there I think.

Always feel free to ask questions here.

A lot of the people here really know their stuff, and they are always helpful.

Necessary ethical hacker skills, the starter edition:
TCP/IP
OS basics for M$ and the *IX distro of your choice
Internal network basics (switches, hubs, firewalls)
A sense of humor (preferably dirty but manic is also acceptable)
External network basics (routing, IP, interaction with internal networks, etc)
Relationship between services, ports, and how exploits work
Washboard abs
Some familiarity with coding (not expert, but can muddle through)
Understanding of general web application construction (front/back end, etc)
A WOW account (maybe EverQuest if you roll like that)
Some level of business sense (need to explain business impact of your findings)
A comfort level with your skin tone being 3 shades more pasty than your racial peers

Well put, pseud0.

I think that is an excellent start for a new ethical hacker. ;D

lol, I've got a lot of that on the list.... Working on the distro basics and washboard abs atm....

The coding part is what scares me... I took a weed out java class in college and I think that scarred me for life regarding programming... I've been thinking of picking up C Primer Plus and working through that...


Oh if I only had 40 hour days it would be so much easier to go through everything I want to learn.

As far as programming goes, you should really just learn scripting for now. Not even writing scripts, yet, but just be able to read a bash script, VBScript, etc. and have a general idea of what it does.

Later, it will become very useful to be able to write scripts, and programs, or at least be able to modify source code.

pretty good replies

where the F were you guys when this was going on

http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1821.0/

as far as programming. if you are new, start incorporating it into your learning plan NOW, if you stick with this field and you cant code or script you will hit a point where you cant put your ideas into code (or not easily) and that just sux

Chris,

It seems like the one guy on that post was more of a fan of tools than actual knowledge. Being new and having sat through various exams, I agree that you need knowledge of TCP/IP and how it works. Any one can run a tool and get a shell. Even I have done that. And I got a thrill from that. I also recognize that I still have a lot to learn. That being said, I also think that you need to understand the output a tool gives you. Thanks for posting that thread.

BigTone82,

first off welcome to the forum.

Only thing I'd add to the list is that before you get any of the things previously listed you need one thing, patience.

From my experience it take a lot of time and a lot more work to be an 'ethical hacker'. I've been around IT and security for a while and don't come close to what I'd class as a hacker (leaving the holy-wars out of it  ;) ) but I'm learning fast, have the ethical part and I'm still here wanting to improve.

As others have said learning the basics first helps (TCP/IP etc.) but don't expect to learn everything instantly. Most importantly though if you want to remain interested in the field for the long game, ignore all the advice here and study whatever makes you go 'ooooh, hows that work?' be it IDS, shellcode, scanning, etc. I found this has helped keep up motivation to learn through the 'do I really need this?' moments.

If you dive in wherever you're most motivated you'll find the basics come through time as and when you need them. (at least I'm finding that).

Good luck, and don't be afraid to ask the questions when necessary (just ask google first  ;D )

Thanks guys,

Yes I'm a smart guy so the n00b questions shouldn't slip out into here.  I'm so tired of reading cert forums and seeing "OMG CAN I UZE A+ FOR A MCSA ELECTIVE"



Thanks for all your help.  I'm going through the Redhat Linux CBT's right now.  The power of the shell compels me :)

Plus I see videos later on with nmap and snort and thats something I really want to get into so I'm excited.

The Penetration field is quite deep and wide, you can specialize in Windows pentesting, or databases, or web application security, what ever floats your boat. if you are very comfertable with Windows and know how to secure it well and have read the hacking exposed books or similar and would like to know more about Linux I would reccomend that you check the Linux documentaion project, and howtos, try to setup a server and secure it, and pen test it, scripting in Linux/Unix world is a must to understand the start/stop scripts, and to automate most of your work, In brief use what you already got, and develop yourself in the areas you enjoy most

here read this

http://seclists.org/pen-test/2008/Mar/0029.html

Chris,
Well done, I will capture some of them in here
That's what i like about security it consolidates the above knowledge together or it makes you think out of the box if i can use this words in here. that is think differently about the systems/networks/applications you are trying to run/manage. In brief it is approcable from all different angles, just work your way through from the angle you love most

ChrisG,

thanks for the link, nice to know the time I've spent as an admin, writing wobbly little apps isn't going to waste ;)

Washboard abs?!  Well, that disqualifies almost everyone I know in IT.  :)  The skin complexion though?  Got that one nailed...

I'm probably a bad hacker because I don't have a WoW account or an EverQuest account. lol

glad you like it, that post was by the founder of LearnSecurityOnline.com Joe McCray

Does CS Count?

=/

ahahahahaaaa

nice :)

Thanks for making my day....  ;D

Bit of late input here and you may already know of this, but check out GNS3 - http://www.gns3.net/ . As the site says, it's a graphical network simulator. There's a few of these floating around and they're excellent for practising your network skills without shelling out for actual physical kit. Hope this is helpful.

Rob

Rob,

cheers for the link. Haven't come across this in the past, I've used (and paid for) Boson Netsim which is decent. I'm downloading now, hopefully should be good (and hopefully the Win Binaries will run under Vista ;) ).

RR