Hi All

I'm trying to get started in Ethical Hacking/forensics, and wondered that burning question....... how what and where do I get started? I have downloaded quite a bit of literature and am after a  good starting point.

Please help (and be gentle!)

Cerberus

There is so much on this forum! Have  people that ask this really spent time reading here? 

I agree with Dean,  Both TCPIP Illustrated and Internet Core Fundamentals arer good books for noobs, since they provide an understanding of prots

If you are really motivated to be in the security field, then I suggest you to read fyodor's interview published in slashdot. Refer 4th question and his answer to it. If his answer really motivates you to be "THE ONE", then no one can stop you.

http://interviews.slashdot.org/article.pl?sid=03/05/30/1148235&startat=&threshold=4&mode=nocomment&commentsort=3&op=Change

Happy Reading!!!

i started to give my long answer to this question, but its just not worth it.

if you think running nmap, nessus and metasploit  and even getting a shell makes someone a hacker or even a shitty network admin you've got a long way to go...

ironically you tell then in your first steps "anyone can do it" stuff to get a sniffer and capture data and run nmap, if you dont know TCP/IP what good is that going to do? how do you understand why a SYN scan may return different results than a CONNECT scan or even what the differences between the two are? how do they understand what an open or closed port on 21,23,80,443,etc means? as for layer2, explain to them why an arp ping wont work outside of their network without them understanding the differences between layers 2-4.  How do they set up the little VMware network if they dont know networking? in fact, all the stuff you listed REQUIRES TCP/IP knowledge, except for maybe just randomly running tools at IPs.

That’s really good. You made my point better than I could. What you are describing is the importance of understanding the output of tools, which really has more to do with understanding the particulars of that tool.  While it may be interesting to understand that an nmap –sS doesn’t complete the 3 way handshake in TCP/IP, what really matters is the results it gives me and what do I do to that particular tool if I am not getting any results I seek.  What options would I add?  Yes its true the tools I mentioned anyone can learn just like anyone can learn TCP/IP. Not sure what that has to do with it.  What takes time is learning all the aspects of a tool and how to customize if need be. That translates in to working with each tool as much as possible and in every possible situation.  Understanding TCP/IP is more crucial if you are writing your own tools. About 30% of the tools and exploits I run where written by me, but could easily by used by anyone with a little instruction on the particulars of that tool, which has nothing to do with memorizing the 7 layers of the OSI model.  If learning all the theory of every protocol makes hacking more interesting to you, that’s fine. Just don’t tell people that want to learn hacking it’s the crucial place to start. Its just not true. Get going with the common tools and start getting experience. The more experience you get under your belt, the sooner you will no longer be a noob.
 The original meaning of the term "hacker" has nothing to do with what you posted. It had to do with individuals that would "hack" hardware to change it to do something different from what it was intended. Later the press used it for people that would break into computers.  Do you guys really understand what hacking is all about or are you more just bogged down theoretical security guys wearing your little suit and ties? 
  Oh and Dean, I did go look up the term hacker and guess what? There was a picture of me there, Ha Ha!   

Agreed! I am glad I dont either.

Seems to make the same point, doesn't it?

Also, if you are going to troll the forums and try to elicit responses from everyone you might want to make the attempt, when picking your viewpoint, to at least back it up with some facts. This goes for the other threads too.


Idiot.