April 15, 2013 at 2:47 am #8382AkraticParticipant
Good evening. First off, I’d like to say that I am new to the site. It’s a grand archive of resources and opportunity.I’m looking forward to exploring and developing it further.
I am currently a 17-year-old high school student, intimidated by the oncoming future: college, jobs, responsibility, etc.
I have always had an unruly obsession with computers, starting at the age of five with a brick and a command line. Now I have developed this obsession into a full-blown passion.
My ultimate goal as of right now is to eventually work my way into the NSA’ s expert vulnerability analysis / project management group, Red Cell. Far off dream, yes, and many obstacles to overcome before finally realizing that goal, but I am willing to forge myself into a cyber warrior by any means necessary
I do need help. I have a strong understanding of computers, feeble programming skills, a poor mathematical background (incorporated into the computer science field?), and, worst of all, no idea where to begin, even though I do have an A+, Network+, CCNA, and Malware Analysis textbook behind me.
Where/ how did you guys begin your careers / hobbies / passions of being a hacker? What more can I do to get a jump start into the cyberworld of hacking? What basic skills might I need and how do I hone them to the best of my ability? Am I still too young to even enter the field? I have a lot of questions, and I figured professionals like yourselves could point me in the right direction.
P.S. This topic may be in the wrong forum section. If so, I apologize ahead of time. I may not be able to see all of the site, as I am on a kindle fire.
April 15, 2013 at 4:25 am #52643azmattParticipant
Welcome to the site.
There are people on here far more qualified to answer your question than I but I’ll chime in with a few thoughts.
The first thing is to continue reading the types of books you’re reading. The people in this field are unbelievably well rounded. A wise man once told me “don’t learn to hack, hack to learn”. You need understand every phase of computing (networking, TCP/IP traffic, programming etc.) to understand how to exploit it and what to do with it if you do exploit it.
In addition to your reading, check out free tutorials on sites like Security Tube. They’re gold mines.
Once you feel like you have a bit on knowledge and you actually want to try to practice penetrating a machine get some virtual machine software (it’s cheap) and download some vulnerable by design virtual machine images from vulnhub.com. Then you can download a pen-testing Linux distro like backtrack or Kali Linux and start trying to attack the boxes. If you’re having trouble you can Google to see what attacks others have had success with on that vulnerable image and then try to duplicate their results.
The bad news is that there is a ton to learn. The good news is you can’t pick the wrong stuff to learn because you need it all 🙂
April 15, 2013 at 7:07 am #52644dynamikParticipant
Welcome to the forums.
Learn Linux. Learn Assembly. Learn C/C++. Learn how processors and memory work. Learn networking at the packet level. This will give you a foundation on which to build. If you do not do this first, everything else you do will be more difficult. It’s not as exciting as using Metasploit to instantly get a shell, but you want to achieve mastery, not just own a box. Move on to Python and/or Ruby afterwards.
Are you planning on going to college? You’ll need decent math for a CSci degree. Maybe use https://www.khanacademy.org/ to brush up on your math skills.
For the meantime, don’t worry about tools or specific vulnerabilities or technologies. You’re probably 4-5 years away from entering the field (6-7 if you do a masters), and things will change drastically in that time. Having some historical perspective will be useful, so maybe follow Bugtraq and ExploitDB, but don’t make this your focus.
+1 to what azmatt said. SecurityTube is a great resource. Go through the assembly and exploit dev video groups, and then check out sites like Corelan and The Grey Corner.
That’s a great cert list for your age. Well done. Don’t worry about your future. Just stay dedicated and keep moving forward. Everything can feel overwhelming, but periodically stop and look back where you were a year or two ago and realize how far you’ve come.
Also, try not to go right into a security position. The best security people I know spent their time in the trenches and doing systems and networking work. The people I see who go right into security often struggle because they do not have insight into daily operations.
Attend conferences and start networking if you can. You’ll probably land better positions through your contacts, so start building them up now.
April 16, 2013 at 12:43 am #52645AkraticParticipant
Thank you both for the great advice; I feel a little more confident now.
azmatt, what books / authors do you recommend so I may continue my reading?
And yes, to reply to ajohnson, I do plan on going to college. I will be going to Towson University next year to major in Computer Science with a Security track. And just my luck, the NSA is just 20 minutes or so from campus! I could definitely build an excellent network of contacts and develop my knowledge of the security field. Also, ajohnson, do you have any sites that may keep me in touch with nearby Cybersecurity / hacking conferences? I’ve always thought about attending some. If not, I’ll be sure to find them myself. : ]
Thank you again,
April 16, 2013 at 2:38 am #52646dynamikParticipant
Don does a good job of posting them to the forum: http://www.ethicalhacker.net/forum/http://localhost/ehnet2013/forums/viewforum.php?f=6.0
There’s also SECore: https://secore.info//
I’d recommend DerbyCon; it’s my favorite one: https://www.derbycon.com/ DefCon’s fun too, but it can be overwhelming if you don’t know anyone. I’ll be going to both this year. Feel free to shoot me a PM if you can make it out.
Also, see if there are BSides and/or OWASP, ISSA, Infragard, etc. meetings in your area.
May 17, 2021 at 2:52 pm #180177
- You must be logged in to reply to this topic.