EH-Net

Howdy to all. I've been a "guest" on EH for about 3-4 months now and finally decided I'd regester. I'm just starting my journey into Pen testing, exploitation, and forensics. I've been tinkering with BT since BT4 came out, so not very long lol. My end goal is to become a Pentester/ CEH and I'm really excited to become a sponge for all the knoledge out there. At this point I have a fairly good grasp on Linux (I run Ubuntu and CentOS) and some basic knowledge of SOLARIS. I also have started to learn the wonders of programming with Python.

If there is anyone out there looking to mentor or chat with a newbie and help guide me in the right direction I'd be most grateful. Keep on tinkering :)

As I'm sure you expect, having lingered around for a while, we're all anxious to welcome you to the community.

Sounds like you're well on your way and starting down a path. Do you currently work in IT or is this just a hobby/interest of yours that you'd like to eventually make a career?

Feel free to shout with any questions. All sorts of people willing to help out here.

Bill

I am currently in the Army where I work on Satallite communacations systems as well as computer/voip networks. I also am certified to do fiber optic cable. I’m going to be getting out in the next year and would like to give myself a leg up before I finish my service. 

Hi deadpool614,

First of all welcome to the forums and feel free to drop me a line I am happy to try help you with advice even tho my advice is tailored towards UK pen testing. I would say get ready to learn lots ask lots question breaking into pen testing is no easy task and is upwards battle. I would say try get some certs behind you depending on money and experience. If you looking for a cheap cert to start you off OSWP is cheap if you have a bit more money I would recommended elearsecurity they just update it and its well worth the money. I would not attempt OSCP until you have a bit of experience. If you are based in the UK then you defo want get rather the Tiger QSTM or CREST CRT cert.

Jamie,

Thanks for the warm welcome :) I'm going to have to wait a few more months before I can do any hands on work with certs as I am currently deployed :/ . Aside from that I have done a good amount of the course work for Sec+ and Net+ and was looking to test for those when I get back to the US. I was also looking to get my CCNA (a buddy and I are going to split the cost of a CCNA lab kit when we get back). I have been looking at Hackingdojo.com as well as the OSWP but I want to see if I can get the military to pay for it as "professional training."

cool makes sense there also course from mile 2 what i believe offer special discounts to personal in the army.

I'll have to look into that, I'm trying not to break the bank as I'll be getting out of the service in about a year and would like to have a bit saved up for when I go to college.

You should have access to various DoD-related training material. If you're current position qualifies or considers you as IA then there are different things out there. You may want to look into the CERT VTE as well. Lots of good training there that may be free for you (CISSP, SSCP, Sec+, Net+, CEH and a whole host of others).

In my previous unit I was an IMO so I do have my Centcom IA and ISSO certs as well as nearly finishing up the Linux+ training (my prefered server OS). I started the C|EH but the program is kinda buggy and my internet connection right now leaves much to be desired.

Thanks for joining us, but more importantly, thank you for your service.

There's some great advice already given on how to get free or inexpensive training, so if there's anything else you need now or when you get back, just let us know.

Don

Don,

 Thank you for the support. I have already gained a lot of knowledge just by going through the forums and the links to other sites. I've also almost finished the army's version of C|EH thanks to some of the information found from those links. I just wish I would have had this drive to learn before I deployed.

I'm new to this forum and


I have a couple of questions.

I'm also starting to learn how to hack   :) and I want to learn how to become a future ethical hacker...

Can someone please help me and answer these questions


1.  Which programming languages should I learn to become a hacker?

2. Do I have to know database management to become a hacker?

3. What scripting languages and web designing languages do I have to know?

4. What is the best book for learning the basics of netowrking?
 
PLEASE help this aspiring newbie
Thanks in advance :)

@Novice Hacker

this link seems to answer a lot of ur queries
http://www.infiltrated.net/pentesting101.html

and yeah, learning about databases will certainly help a lot, good place to start would be, free classes by Stanford.
http://www.db-class.org/course/auth/welcome

I would recommend to start with TCP/IP Illustrated 2nd edition(Kevin Fall) or any good CCNA book for networking basics.

@hurtl0cker

Thank you very much for your kind advice and your time spent on answering my queries! I am sure it will help me  a great deal  :)

Could you please also take the time to answer the following questions as well?

1) What are the certifications required to get a job as an ethical hacker?

2) What scripting languages and web designing languages do I have to know? (I know I already asked but it wasn't addressed in the website that you recommended

3) Do I have to be an elite programmer or is it ok if I just know basic programming?

Thanks in advance :)

Eagerly awaiting your reply......

1.) Certifications vary by the job.  Headhunters look for different things, and even if you get by those, the truly technical folks might expect other certs.  There's no 'right or wrong' list.  If I were to interview you, I'd want to see that you were dedicated to learning (by seeing some of the certs,) but would then question you to see what your true / retained / practical knowledge was.

2.) Any / all languages are good, to at LEAST have base knowledge of.  You don't have to be an 'uber programmer' or anything, but understanding program flow, the stack, and scripting are definitely a plus.  Get familiar with Python, bash and 'some' assembly.  After that, it's a matter of choice / preference (C, Ruby, Perl, others...)

3.) See #2

Oh OK thanks.   :)

But a more clear list would help me more. So could anyone please help clarify the answers

I'm rephrasing the questions a bit.

1) Which certifications would help me to get a job as an ethical hacker?

(Other than C| EH)  (I know that you said that there's no 'right' way but if you mentioned some certifications then I could choose the ones which suit me best)

2) Can you actually name some of the scripting languages and web-designing languages that would help? (like Javascript, PHP or something like that)


3) PLEASE also include a good list of must-read books (not to expensive ) that one should read to become a hacker and also the order in which to read them

Thanks everyone for contributing to this aspiring hacker's development...............:)

Please reply as soon as possible
Thanks again.

Professional Penetration Testing - Tom Wilhelm

Definitely a good book I would recommend to a new comer, after all hacking isn't all about using metasploit to compromise a target by looking at all possible entry points and not relying on a single tool for the job.

In the book he states how to perform a professional pentest as well as the setup for corporate and home pentest labs in order to gain experience, which can be used by tools like metasploit and development of your hacker methodology by forcing you to think outside of the box when attacking certain scenarios.

http://www.amazon.co.uk/Professional-Penetration-Testing-Creating-Operating/dp/1597494259/ref=sr_1_2?ie=UTF8&qid=1334068828&sr=8-2

good recommendation TheXero might be worth knowing that I think Tom working on version two where he plans to add more about the labs and introduce some hardware.

Ok thanks,

               Do you know any follow up books to read after that? Please answer my other 2 questions also.


Awaiting your wisdom........

Read everything you can.  Read other hacking books--Hacking Exposed, Counter Hack, Hacking: The Art of Exploitation.  Read networking books--TCP/IP Illustrated, Odom's CCNA guides.  Read programming books (pick a language).  Read other security books--The Web Application Hacker's Handbook, The Shellcoder's Handbook, Inside Network Perimeter Security, Network Intrusion Detection by Northcutt and Novak, The Tao of Network Security Monitoring, Applied Cryptography, Understanding Cryptography by Paar and Pelzl. 

For certs, the CISSP is required/desired for a lot of positions, especially if you push toward management but it requires five years of experience so it's something to look at down the road but not now.  Many postings ask for the CEH so it's worth getting for that reason alone.  The SANS certifications probably don't show up in as many postings as the CEH but they are generally more respected by tech folks.  Look at GSEC, GCIH, and GPEN.  The OSCP is one of the most respected certs among pen testers as far as I can tell, but it won't help you much with HR/business folks since they don't seem to know what it is.

Learn Python to start with.  It's easy to learn, powerful, and great for developing small scripts, automating tasks, and parsing data.  You'll also need to develop some knowledge of Javascript and C, at least to be able to read code snippets.  You should know how to do basic SQL queries.  It's hard to be proficient in multiple languages unless you program a lot.  Focus on getting good with one (again, Python) and then learn to read and make small tweaks in others.  If you get to where you feel like you're really good with Python and want to start working on a second language in earnest, go ahead.

great list but i would also insert Perl somewhere in there. a lot of positions are starting to ask for it.

I used to do my scripting with Perl, but I switched to Python.  There's nothing wrong with learning both but if someone is only going to learn one I'd suggest Python.

Welcome Deadpool614.  Good luck with your studies.
Another suggestion/idea for a scripting language to learn: Lua.  I don't know it myself, but may be worthwhile, for Nmap scripting.  Python is great and I much prefer it to Perl.  Not sure how good it is, but there's a book Dive Into Python available free online.

Thank you for the welcome. A lot fo the more recent posts in here asking for help is from Hacker Newbie, who kinda just shanghai'd my thread instead of making his own.

As far as programming goes, I'm working on Python right now. I've been self teaching myself for the last few months and I really enjoy its ease of use and forgiving run mode to let me know where I screwed up lol.

Sorry, deadpool.

But, I didn't know how to create a new thread until recently so that's why I posted on your thread.

No offense meant.

@Novice hacker - I'm sure no offense taken.

Thanks for your statement but I expressed my regrets because the last post I had posted was deleted. (@haybusa)

Anyways, sorry for the misunderstanding.(@deadpool)

It's all good, no offense taken.