Wow.

It looks really cool.

Thanks for posting this   

I was just re-reading my post and thought I ought to be a bit clearer.


I mean RIGHT NOW. I shouldn't be concentrating on that when I haven't yet mastered the basics.

And I forgot to add this

@MaXe

I wanted to wish you the best of luck in your future ethical hacking travels.       

And just one small question too.

How are pen-testers recruited and will I get a chance to showcase my skills to my employer?

Thanks again,

                                                              -NH

@ajohnson

Thanks for the reply   

It kind of opened my eyes on a lot of matters along with Grendel's post. I'm pretty sure that the book won't help me out regarding performing an actual pen-test or building a hacking lab.......BUT I have decided to buy it       

Like you said, it will give me an overview of what pen-testing is all about. No, I don't have any plans to change my decision but it could serve as a heads up to what I'm getting myself into.


You're right. So I plan to continue with my step by step procedure with slight modifications. I should probably finish creating a foundation before I start cranking up the building. Thanks for making me realize this   

@grendel

Thank you very, very much for your post       

I assure you it really brought me to my senses on some issues.

The prospect of becoming a guru in something interests me a great deal. I''m thinking programming would probably be my choice.

As for the specialty after going into pen-testing. I think networking would probably be my first choice.


I truly consider this to be PRICELESS advice. I also consider myself very lucky to have received this sooner than later. Everything seems to be falling in place now...


I have a feeling of being 'blind' up to this point,
I understand everything you said perfectly.
For probably the first time, I don't have any questions regarding the topics mentioned above.

Once again thank you very much for opening my eyes,

The path to mastery just got a lot brighter.......

Tomorrow has finally come...........

I think I've overdone the smileys in my last few messages so this one isn't going to have any except for the first one.

Anyways,

@unicityd

I think I should clarify to be fair to my family. My dad is OK with me being an ethical hacker (He actually knows what a hacker is) (My Mom won't object to it but will probably be concerned on how much income it generates, while my sister still scorns my capability to become one.....)

Regarding my plan, I am extremely busy but I have still managed to read about 50 pages A+ material and 30 pages python.

So far so good.....

@ MaXe
Thanks!

+1
How about "Cyber Security Expert"  (Kind of sounds cool)
I'm not being greedy or anything but if you check this out you will find why I was going for like $100,000.

You can find the link here:http://ittrainingblog.com/2011/05/16/average-salary-of-someone-with-the-certified-ethical-hacker-ceh-certification/#comment-52
Check it out and please tell me your opinion(s).


That would be "A rant on hacking labs, right? I already pasted the link to a word document called "How to create a Hacking lab". It contains links to pages that instruct about hacking labs.

Will keep that in mind.
I'm pretty sure it will 
I will do that when I get to that point but I will keep that in mind for inspiration.


Regarding choosing a specialization, I will do that as soon as I gain a bit more knowledge of what those specializations really mean. Does anybody have an idea of what specialization will be in demand in 10 years? (I'm not saying I'm going to follow it, its just to get an idea)


Thanks for the good advice    (Couldn't resist)

I know you said that I didn't have to send a long reply but I couldn't  resist.

@Grendel

Wow! I didn't know that you were a part of this community!!

You must have loads of experience with pen-testing and probably worked with top professionals....I don't want to bother you with questions but what would your No:1 advice be to a novice like me?

(I've sent you a pm regarding the book.)

@ajohnson

Thanks for providing the link. It kind of 'cleared up' the matter. Plus, thanks also for providing your opinion on the book. I think that's good enough for me to buy it.

Just one question, can I read it now? Or should I wait until completing any no. of steps?

Once again, thanks a ton for sharing your vast reserves of knowledge guys            (Couldn't resist again)

With each day, I feel I'm inching forward.

Until tomorrow........
                                                                      -NH

Hi!     


Thanks for the great responses again 

@unicityd

Thanks for the advice on the volume selection. It's easier and a great relief to know that I don't have to study material that won't help me.

I consider myself very lucky to have guys like you who are willing to help a newbie out

@MaXe

Thank you very much for that rich post choc-full of information   

I found it answered my questions very specifically and in detail. Though I don't have the time to give your post the special attention it deserves right now, I promise to reply to this post tomorrow 

Looking forward to tomorrow.....

Wow......great responses        

Before I respond, I would like to thank all of you guys for taking the time to help me out                      

Thanks  !      

@ajohnson

Your reply was extra-informative and I realized some of the things that you said just a day before I read your reply......

Thanks for the novice path, I won't strictly adhere to it (read below)
but its useful as a guideline.


This was beginning to dawn on me....I couldn't prevent myself from reading other stuff on that list like kind of simultaneously...

In fact, I started following exactly what you suggested before you suggested it!! I've started reading A+ material    (PC hardware and A+ handbook by Kate Chase was the only book I could find in my town's library, so I've started reading it. Since its a bit outdated I will read some current version of A+ version after I finish it and I've also kind of downloaded a Python library of books and I've started reading one.  (A learner's guide to programming using the python language)

Regarding database management, your advice was also very helpful. As for the salary, read on.....
The pen-testing specializing companies advice was also very interesting so thanks again (once again, read on....)

@ unicityd

Thanks for the info.  

 It gave me a better idea of the current situation.

This is kind of further addressed down the post, so read on

@MaXe

Woah, that's the longest post I've ever seen in my life  

Thank you very very very much for posting all that info    

But, before I address it, I would like to make my position a bit more clear. You have misunderstood me.

I plan to come to the Infosec field purely because of my great interest and passion for hacking and security. I'm not doing it for the money but the reason why I posted those question was because

1) I feel that "rewards stimulate me a great deal".  

2) There will probably be pressure from my family to earn a lot when I choose an 'unconventional' field like ethical hacking. I feel as if i have to prove myself. But other than that, I joined this field ONLY because of the burning desire in my heart to learn hacking and my ULTIMATE dream is to become THE BEST or ONE OF THE BEST.....

I assure you that I am not doing it for the money alone  

On a happier mood,


Thanks! That is very encouraging


I read the table of contents and it looks great but there were a couple of negative reviews saying "Unfortunately, PPT should be called "Professional Pen Testing Project Management." Have you personally read the book? Would you give it the thumbs up?( because it looks good to me)


I went through(skimmed through ) MOS by Andrew Tannenbaum in the library today and it was kind of outdated, but I will talk more about that when I get to that step.  

Which volumes of TCP/IP should I read? (Is the I vol. enough?)


 

And I plan to go for 'corporate hacking' because as you already stated I get to work with it DAILY    



 I will try to do atleast one of these before I apply for a job......
Do you have anymore suggestions to prove my worth? (It would be very useful for me, thanks)


I like that the infosec field is a broad one too      

Oh and I will be ready for all things coming   (Regarding specialization)

And I have to thank you a ton for that mini-SQL lesson. I found that highly instructive as well as interesting to learn. (It was a great analogy, though it took me a few seconds to grasp what it meant)


WOW! That's my idea of a DREAM company! What you described is almost exactly what I want to do!! PLEASE tell me if you can remember the names of those companies and if you can contact your friends for the names. They seem to fit into my interests a lot.....    (Do you work for a similar company?)

Thanks for sharing your interests, it has kind of stimulated me to be more interested in Web App Security...its ok if I learn that last right?


As for correct info, I try to get my info from two sources or so.

@ajohnson

 

My bad.    

Sorry, I meant six-figure sum.

But, I think MaXe has provided some great suggestions regarding that, do you know any more? (other than publishing books and other stuff)

And once again a HUGE thanks is called for:

Thanks!

@ajohnson

Thanks a lot for replying


I think it would be safer to start finishing with the CCNA and then progress onto security later, but thanks for the recommendation.


I'm currently trying to do this.....Do you think my ABSOLUTE FIRST STEP should be to read A+ material? (Assume I have no knowledge other than HTML and basic C,C++...? Thanks please be sure to mention the FIRST STEP.



After I have some knowledge in some thing, I plan to practically apply that and when I actually get to hacking I will build a hacking lab, though I might need some help on that.



Its OK if I study networking and then concentrate on individual OS, right? Or is that a must?


I really think that pen-testers don't get paid as much as they should....

And I think that a six dollar sum comes only with 10 years in pen-testing......

What if I become really good at it but my starting salary is still like only 50,000, right? Is it possible to land a six dollar starting salary?

@MaXe


Yes! Thanks for taking the time to do that It was very kind of you   



Thanks for the info mentioned above and for taking the time to type that.

I don't know EXACTLY what you meant but I've got a good idea, and it really helps in learning something when you know WHY you're learning it


Thanks for the encouragement   

You're explanation of the pen-tester's dream was also very satisfying. I plan to work in whatever I specialize in   

Oh and do you know if learning Microsoft Access is of any use?


Thanks   
As for the 'dream company' do you have any ideas? (I was thinking Microsoft ......?)

 

Thanks for the info unicityd,

Do you think learning Microsoft Access is of any use? (I have an old book and was wondering whether I should take a look at that.

Oh and going back through your replies, does TCP/IP first edition talk about how network traffic goes from a local network to another?

Thanks again,

Oh and does anybody know if "anybody is raking in millions of dollars in pen-testing?"
                             

Oh yeah, when you said I have to learn about databases, do you mean knowing SQL commands is enough?

And is ok to be able to read shellcode or should I be skilled enough to write it too?

Thanks again

@ziggy

          Thanks for that account into your pen-tester life. It helped me to get a better idea of what a pen-tester does.   





Does anybody know if this is even possible?


Thanks a lot for your wishes and help   

@unicityd


I really wanted to hear that 


I'l let that remain a goal along the path but my ultimate interest will always be hacking   


Thanks a great deal for answering my other questions with patience too.     


Do you know any resources for network mapping?

Thanks, I'm going to jump into my plan soon


" A journey of a thousand miles begins with a single step"

@dragongorge

                     Thanks for sharing your wisdom. I found your post pretty useful

And I don't mean to learn actual pen-testing on the forum but the path  to go about it AKA "The path to hacker mastery"
can hopefully be learned.

Hi! This message has been typed in MS-word and then edited. (The auto save feature comes in use some times)


Anyways, like I said I appreciate constructive criticism, so thanks for the suggestions 

@ziggy
Thanks, and I will try to post questions only after searching using Google and the search box in this forum.  If I can’t find an answer or I don’t understand anything, then I will post it here   
(Can you just answer the pen-tester’s dream question? I want an inside view of a pen-testing job, thanks )
@ajohnson
I don’t mean to actually learn Metasploit right now. I set up this thread with an idea of making a plan to become a pen-tester. Right now I’m just collecting details to construct the plan. i.e. I wanted to construct the overall plan and then jump into it. But, do you recommend coming up with the next steps of the plan after completing the initial steps? If so, then I will follow that idea    
Don’t worry; I don’t plan on finishing all of the things on my plan in one year or so. I am perfectly OK with the 10 year plan. Here’s my scenario:
I am currently about to turn 17.
I will not be able to properly study the hacking techniques for the next 1 year approx. (I have important exams that I am pressurized to do well at.) (That leaves me with approx. 9 years to learn hacking before I go into a pen-testing position. I am confident of my learning abilities and I will work hard, so I’m pretty sure that I can achieve all my goals in this gap.
Ok, but I did some research of my own and CCNA cert is not even mentioned here:
http://infiltrated.net/TechnicalSecurityRoadmap.html#   (I still plan on getting it, I just would like your opinion on this)
@unicityd
 I’ve done what you said and I would like to know if you would recommend getting Comp TIA or Microsoft certified in Security +.  Oh and someone once told me that self-study was the best way to become a hacker by researching on the hacking topics…can all the info about hacking topics be found using Google?
Thanks for all the other information posted in your last post too.

Finally, here’s a bit of my plan everyone:   (Master 1 step and then proceed to the next)
1)   Read A+ material.  (To capture the grains of knowledge that have thus escaped my grasp.
Read up on the OSI and its working. Purchase “Operating System Concepts, Seventh Edition” (Why is this more than 3 times cheaper than its successor?)
     
2)   Read up on networking. Master content in Odom’s books.
3)   Proceed to TCP/IP Volume Illustrated, learn as much as I can
4)   ? (Should I read the other Cisco books on routers and stuff now)
5)   Start gaining knowledge of specific OS. Preferably Linux, Windows server, XP, 7)
6)   Learn programming. (I already know the basics of C and C++ and I plan to promote this step up the order, is that ok? And one more q: Which programming language would you recommend for writing tools….I’m thinking Python is the easiest for this purpose.
7& Start learning database management (Is knowing basic SQL commands enough?) and assembler(knowing to read shellcode is enough or do I have to be able to write it too?


Well, this WAS my plan before you said to learn web-app stuff too….Hmmm,

Where do I fit in learning that?

Note: I plan to complete what unicityd said before proceeding to the content included in Sil’s link

So...... any changes to the plan(its not finished)? Or is it OK?

Awaiting your wisdom.........

Hi guys.......

I just nearly finished my reply to this when I experienced a power cut.........................

Unfortunately, I lost ALL my data once again. I thought I saw the worst when I lost my data the last time...

Anyways, thanks for the advice everyone 

I appreciate constructive criticism so you don't have to worry about me taking it the wrong way or anything   

I don't have the time to type up my reply again today so I will post tomorrow.

Once again, thanks everyone for caring for my development as a hacker.     

@ the ethical hacker community

Does anybody know about the requirements of C| EH?

Please also tell me about learning metasploit and how it works.

Also mention the other certification likely to land one as a junior pen-tester....

Thanks everyone for your help   

@ajohnson

                   Thanks. I checked out half.com and it looks pretty good.
Which do you think would be cheaper? Half.com or the used books on Amazon? (No, I don't mean the one's in really bad condition)

@ziggy


So, it depends on HOW the network is configured?


If I gain access to a server then don't I automatically gain access to all its clients?   


If they don't do I have to hack individually?

 Thanks for the rest of the info too   

Oh and could you please tell me a bit about the life of a pen-tester,

The pay(when you start out) (and as you gain experience)

 Every pen-tester's dream (like to get employed in _______________ company(please fill the dash))

And also working hours

Please also mention how(or where)(like which institutes)  to pick up pen-testing skills.

Thanks once again for your help   

@ unicityd

Thanks a lot for the order. I think I've got it figured out.....
OSI, networking, TCP/IP, Specific OS (Windows server, Linux, Windows XP and Windows 7), Programming and then databases.
I left one thing out though. Where does learning shellcode come in this list?

Oh and please also mention if this list consists of a pen-tester's knowledge.....if the list is not complete please edit, or add items to the list.


Ok, thanks. Do you know any good books on databases which will teach me enough?


Yay!  Please mention some of those companies.


Good college? Followed by? A master's degree in Ethical hacking?


I think I've heard of this before. Payload refers to the transfer of the buffer overflow program, right?


Don't web app security testers have to learn all that stuff?
As a pen-tester, won't I only be asked to hack into computers, and stuff like that? Do I also have to hack into web applications? Is it essential I have to learn that too? (My hands already seem kind of full........)

Anyhow, thanks for providing the information in a detailed and clear manner