I think ethics are largely in the eyes of the beholder. I know your ethics differ from mine. Of course as a prior service person i also know I'd do anything to keep the country headed on course. Is State Sponsored hacking ethical? Who knows, but it's legal if thats your job, and therefore your  not going to get in trouble for it. Personally I like the concept, I've been waiting for my recruitment call... It just hasnt come yet . Too much red tape anyway!

One comment though made me consider the rant from good will hunting. There would be the indirect results from your actions. I mean indirect in the sense you'd never see them but this is just priceless and kind of applicable.I really wish I could come up with something like this.

Why shouldn't I work for the NSA? That's a tough one. But I'll take a shot. Say I'm working at the NSA, and somebody puts a code on my desk, somethin' no one else can break. Maybe I take a shot at it and maybe I break it. And I'm real happy with myself, cus' I did my job well. But maybe that code was the location of some rebel army in North Africa or the Middle East and once they have that location, they bomb the village where the rebels are hiding... Fifteen hundred people that I never met, never had no problem with get killed. Now the politicians are sayin', "Oh, Send in the marines to secure the area" cus' they don't give a shit. It won't be their kid over there, gettin' shot. Just like it wasn't them when their number got called, cus' they were off pullin' a tour in the National Guard. It'll be some kid from Southie over there takin' shrapnel in the ass. He comes back to find that the plant he used to work at got exported to the country he just got back from. And the guy who put the shrapnel in his ass got his old job, cus' he'll work for fifteen cents a day and no bathroom breaks. Meanwhile he realizes the only reason he was over there in the first place was so that we could install a government that would sell us oil at a good price. And of course the oil companies used the little skirmish over there to scare up domestic oil prices. A cute little ancillary benefit for them but it ain't helping my buddy at two-fifty a gallon. They're takin' their sweet time bringin' the oil back, of course, maybe even took the liberty of hiring an alcoholic skipper who likes to drink martinis and fuckin' play slalom with the icebergs, it ain't too long 'til he hits one, spills the oil and kills all the sea life in the North Atlantic. So now my buddy's out of work. He can't afford to drive, so he's walking to the fuckin' job interviews, which sucks because the shrapnel in his ass is givin' him chronic hemorrhoids. And meanwhile he's starvin' cus' every time he tries to get a bite to eat the only blue plate special they're servin' is North Atlantic scrod with Quaker State. So what did I think? I'm holdin' out for somethin' better. I figure fuck it, while I'm at it why not just shoot my buddy, take his job, give it to his sworn enemy, hike up gas prices, bomb a village, club a baby seal, hit the hash pipe and join the National Guard? I could be elected President."

I'm not saying having permission is BS, I'm saying It's like people have a script running in the background:

for post in forum;do echo "unethical `cat /dev/urandom` && `tienes permission`">> forum?post=$post;done;

open every howto "`cat /dev/random`" and within the first three posts of the thread inevitably there will be a "do you have persmission." You might as well modify the php on your board to automatically include it after the author submits the post.

If you give advice to someone who then acts in malice, no one can take litigation towards you as the site owner. You are providing a service to 'ethical hackers', I'd imagine you have that in your disclosures and within the terms of service agreement. Ergo, you are more than covered legally. Furthermore, the way our justice system works is the burden of proof lies on the prosecution. Having been through a few law classes I understand that one of the elements the prosecution would have to prove beyond a reasonable doubt is the contributor acted with malice.  So, I don't understand why it's such a big deal. Personally I see it as an immediate cop out to answering a question regardless of how poorly it is asked. Now, there are the immediately obvious posts from skiddies just looking for a ./ to get in to a box. The post from the other day was an excellent example. The one im talking about is the "help me hack whatever the hell it was .com"

From my perspective CS if for developers, SE is for developers that want to go much further into development such as kernel/os development even embedded systems. Most of the people I work with have SE degree's and their focus was on embedded systems. IS is more of an Administration degree with a touch of business. This is just my personal opinion but the IS degree is good for someone who wants to do management in an IT environment. They will be able to speak the lingo, and have the business classes to go along with it.

My Bachelors is in CS and my Masters (in process) is in Information Assurance Engineering.

The IS degree programs I've seen have some programming mainly introductions but programming is left to CS/EE, and SE majors. But like everyone in Don's network has already stated it's entirely up to the direction your headed. One last comment I have is backing up what g00d... said about already having a Mastes. It's really not going to do you any good to go back and obtain a bachelors. You will really have to weight the return on investment both monetarily and in terms of time spent on obtaining it. You may put yourself into a position where your experience is entirely academic which sometimes works out, but can cause problems and lead to an uncomfortable feeling when you leave an interview.

not for nothing but with my sarcasm aside, I was trying to provide the dude with a valid path of research. Billv has a point about bad questions but in my year + of lerking I constantly see threads get bashed without any answer given. Think about how irritating that must be for people..

And everyone wonders where the white hat hate comes from...

That's the problem in SA. Last time I went to a 2600/defcon meeting was about 6 years ago and it had a bunch of kids. That's not bad but they were all "How do I hack."


I've found alternate means of keeping up. One of my primary means is sitting on silc / EFNET and sitting in certain channels. You tend to pick up quite a few things and I've established a few friendships through those means.

As for reading materials. I'd recommend old phrack articles. Some of the stuff you find may not be applicable anymore but things like Fyoders TCP/IP articles are excellent in starting to understand fingerprinting beyond a command line level of running nmap and hping.

I actually posted up a book list over on LSO: It's somewhere in this thread:

http://learnsecurityonline.com/index.php?option=com_mamboboard&Itemid=69&func=view&id=2867&catid=20

I had no certs no experience, before the dot com bubble burst (I really hate that name) I saw an overwhelming amount of bootcamps starting to form and people were primarily after money. Somehow at 15 I saw this trend coming. When I was 17 I had my parents sign a waver and I joined the military. The military didn't ask for experience, degrees or anything. It's not for everyone but I have no regrets.

After 3 years and 4 months of service I left the AF, with 80% of a degree in CS, and about 3 years of experience working tier 3 administration. I was able to leverage that experience into a penetration testing job. Now, 7 years after I originally signed up I've got a degree that I didnt pay a dime for (monetarily wise) tons of experience, and im working through a masters degree that I've only paid about 1k for thus far. IT's an option I recommend. Navy /  AF is the way to go for tech jobs, Army is wierd with Tech which they call Communications. With the Army you are a soldier first...

yep my bad

Here is a better piece of advice than going and obtaining n^n-1 amount of certifications. GET EXPERIENCE!

That's right get a job, Ask most people in a management position what they are looking for and it's experience. Your degree will carry you, and SECURITY+ is kind of IMHO a useless certification. 100 question, 13 minutes to take the exam and it tests your ability to memorize a security dictionary.

Experience will carry you much further than the certifications. However, if you want to play in the DOD arena you will need certain certifications. but the best advice is to get in and get experience under your belt.

What I'm amazed at is everyone is so quick to point out the non accessibility to access a mac if its not on the same subnet, yet no one has pointed out the ease in which a MAC address can be spoofed.

Bottom line on your laptop. Forget about it, you'll never see it again. I've had 5 stolen! If you have renters or home owners insurance you can claim it and get a new one!

I've been using python for a few months now and I love it. I've even recently fell in love with SCAPY.

I've found you will pick up quite a bit of the language if you hang out in #python in efnet.

There's also a free ebook for it.

http://www.diveintopython.org/

Aside from the overwhelmingly insightful advice everyone gave previous to this comment, Ethics, legality, ROE and "Do you have permission" bs replies aside. Let me start by stating your vague question draws no mercy from everyone fievershly fighting for the chance to up their post/reply count.


In theory the target is a web server that you are attacking with a firewall placed between the cloud and it. Your objective should first be to obtain as much information as possible about what is running on port 80. You will want to perform banner grabs, fingerprinting the Web Server and seeing what else it supports. These day's apache is the majority, and it's pretty solid. However, if your lucky enough to find extension/plugins there may be hope yet. After you figure out the server you want to start looking at the actual webpage/web application. If it's a webpage what is the content? Ideally though you hope for a web application of some sorts that you can then determine the logic and start attacking it from there. From your question I can only guess you are knew at penetration testing and web assessments. Ergo, I recommend you read the following libro's:

http://www.amazon.com/Professional-Pen-Testing-Applications-Programmer/dp/0471789666/ref=sr_1_1?ie=UTF8&s=books&qid=1212704329&sr=8-1

http://www.amazon.com/Web-Application-Hackers-Handbook-Discovering/dp/0470170778/ref=sr_1_1?ie=UTF8&s=books&qid=1212704355&sr=8-1

You can also look into the Hacking Exposed Version 1 and 2 for web applications. Although I stray away from them they are decent introductory material and usually outline an excellent flow chart in which you can base your methodology.