An Ethical Hacker must have these skills…

This topic contains 73 replies, has 43 voices, and was last updated by  DraakusM 4 years, 3 months ago.

  • Author
    Posts
  • #2156
     bigtone82 
    Participant

    ..Whats your opinion?

    < -- Complete n00b to the ethical hacking community and I've been on a windows computer all my life.  I'm in IT and I want to be more learned on security and everything that is involved. So far I know that you need  –>

    Basic/Advanced Linux Knowledge

    Add to my list!

  • #16462
     Dengar13 
    Participant

    Why not start out reading a book on hacking, like Hacking for Dummies, Hacking Exposed, any Kevin Mitnick book?  This could give you an overview of the fundamentals of hacking, and the Mitnick books have good stories, and history on hacking.

    There are too many elements to consider on where to start.

    Welcome by the way.

  • #16463
     bigtone82 
    Participant

    Thanks,

    I’ve read Mitnik’s art of deception… Really cool what you can do with social engineering.

    I’ll check out the two other books you mentioned.

  • #16464
     eth3real 
    Participant

    Welcome to the forum! There are lots of nice people here.  ;D

    I agree with Dengar13 about starting with a couple of books.

    I also agree with you about basic Linux knowledge. But, I would not start right off with a hacking distribution, I would get to know the basics. Start with something like Ubuntu. Learn how to use the terminal, install programs, etc.

    Since you are already in IT… If you don’t already know, I would suggest learning about the TCP/IP protocol, and learn the differences between a hubbed network and a switched network.

    There are a lot of aspects to learn about, but those are good to start with.

  • #16465
     bigtone82 
    Participant

    I’m completing my MCSA at the moment for my position here and theN i’m going to go into CCNA training, get some switches/routers and set up a virtual network.  In the meantime, work with linux at home and get a handle on the OS and go from there I think.

  • #16466
     eth3real 
    Participant

    Always feel free to ask questions here.

    A lot of the people here really know their stuff, and they are always helpful.

  • #16467
     pseud0 
    Participant

    Necessary ethical hacker skills, the starter edition:
    TCP/IP
    OS basics for M$ and the *IX distro of your choice
    Internal network basics (switches, hubs, firewalls)
    A sense of humor (preferably dirty but manic is also acceptable)
    External network basics (routing, IP, interaction with internal networks, etc)
    Relationship between services, ports, and how exploits work
    Washboard abs
    Some familiarity with coding (not expert, but can muddle through)
    Understanding of general web application construction (front/back end, etc)
    A WOW account (maybe EverQuest if you roll like that)
    Some level of business sense (need to explain business impact of your findings)
    A comfort level with your skin tone being 3 shades more pasty than your racial peers

  • #16468
     eth3real 
    Participant

    @pseud0 wrote:

    Necessary ethical hacker skills, the starter edition:
    TCP/IP
    OS basics for M$ and the *IX distro of your choice
    Internal network basics (switches, hubs, firewalls)
    A sense of humor (preferably dirty but manic is also acceptable)
    External network basics (routing, IP, interaction with internal networks, etc)
    Relationship between services, ports, and how exploits work
    Washboard abs
    Some familiarity with coding (not expert, but can muddle through)
    Understanding of general web application construction (front/back end, etc)
    A WOW account (maybe EverQuest if you roll like that)
    Some level of business sense (need to explain business impact of your findings)
    A comfort level with your skin tone being 3 shades more pasty than your racial peers

    Well put, pseud0.

    I think that is an excellent start for a new ethical hacker. ;D

  • #16469
     bigtone82 
    Participant

    lol, I’ve got a lot of that on the list…. Working on the distro basics and washboard abs atm….

    The coding part is what scares me… I took a weed out java class in college and I think that scarred me for life regarding programming… I’ve been thinking of picking up C Primer Plus and working through that…

    Oh if I only had 40 hour days it would be so much easier to go through everything I want to learn.

  • #16470
     eth3real 
    Participant

    As far as programming goes, you should really just learn scripting for now. Not even writing scripts, yet, but just be able to read a bash script, VBScript, etc. and have a general idea of what it does.

    Later, it will become very useful to be able to write scripts, and programs, or at least be able to modify source code.

  • #16471
     Anonymous 
    Participant

    pretty good replies

    where the F were you guys when this was going on

    http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1821.0/

    as far as programming. if you are new, start incorporating it into your learning plan NOW, if you stick with this field and you cant code or script you will hit a point where you cant put your ideas into code (or not easily) and that just sux

  • #16472
     Michael J. Conway 
    Participant

    Chris,

    It seems like the one guy on that post was more of a fan of tools than actual knowledge. Being new and having sat through various exams, I agree that you need knowledge of TCP/IP and how it works. Any one can run a tool and get a shell. Even I have done that. And I got a thrill from that. I also recognize that I still have a lot to learn. That being said, I also think that you need to understand the output a tool gives you. Thanks for posting that thread.

  • #16473
     RoleReversal 
    Participant

    BigTone82,

    first off welcome to the forum.

    Only thing I’d add to the list is that before you get any of the things previously listed you need one thing, patience.

    From my experience it take a lot of time and a lot more work to be an ‘ethical hacker’. I’ve been around IT and security for a while and don’t come close to what I’d class as a hacker (leaving the holy-wars out of it  😉 ) but I’m learning fast, have the ethical part and I’m still here wanting to improve.

    As others have said learning the basics first helps (TCP/IP etc.) but don’t expect to learn everything instantly. Most importantly though if you want to remain interested in the field for the long game, ignore all the advice here and study whatever makes you go ‘ooooh, hows that work?’ be it IDS, shellcode, scanning, etc. I found this has helped keep up motivation to learn through the ‘do I really need this?’ moments.

    If you dive in wherever you’re most motivated you’ll find the basics come through time as and when you need them. (at least I’m finding that).

    Good luck, and don’t be afraid to ask the questions when necessary (just ask google first  ;D )

  • #16474
     bigtone82 
    Participant

    Thanks guys,

    Yes I’m a smart guy so the n00b questions shouldn’t slip out into here.  I’m so tired of reading cert forums and seeing “OMG CAN I UZE A+ FOR A MCSA ELECTIVE”

    Thanks for all your help.  I’m going through the Redhat Linux CBT’s right now.  The power of the shell compels me 🙂

    Plus I see videos later on with nmap and snort and thats something I really want to get into so I’m excited.

  • #16475
     shawal 
    Participant

    The Penetration field is quite deep and wide, you can specialize in Windows pentesting, or databases, or web application security, what ever floats your boat. if you are very comfertable with Windows and know how to secure it well and have read the hacking exposed books or similar and would like to know more about Linux I would reccomend that you check the Linux documentaion project, and howtos, try to setup a server and secure it, and pen test it, scripting in Linux/Unix world is a must to understand the start/stop scripts, and to automate most of your work, In brief use what you already got, and develop yourself in the areas you enjoy most

  • #16476
     Anonymous 
    Participant
  • #16477
     shawal 
    Participant

    Chris,
    Well done, I will capture some of them in here

    1. Solid background in Operating Systems (Admin level experience in
    Windows/*nix – preferably with some certs in this area such as an MCSE,
    RHCE, SCSA, etc)
    2. Solid background in Networking (Admin level experience – preferably
    with some certs in this area such as a CCNA/CCNP)
    3. Solid background in Programming (comfortable with languages like C,
    Perl, Python, Ruby, SQL, etc – some documented work on an open source project might be a good resume stuffer for this)

    That’s what i like about security it consolidates the above knowledge together or it makes you think out of the box if i can use this words in here. that is think differently about the systems/networks/applications you are trying to run/manage. In brief it is approcable from all different angles, just work your way through from the angle you love most

  • #16478
     RoleReversal 
    Participant

    ChrisG,

    thanks for the link, nice to know the time I’ve spent as an admin, writing wobbly little apps isn’t going to waste 😉

  • #16479
     rance 
    Participant

    @pseud0 wrote:

    Necessary ethical hacker skills, the starter edition:
    TCP/IP
    OS basics for M$ and the *IX distro of your choice
    Internal network basics (switches, hubs, firewalls)
    A sense of humor (preferably dirty but manic is also acceptable)
    External network basics (routing, IP, interaction with internal networks, etc)
    Relationship between services, ports, and how exploits work
    Washboard abs
    Some familiarity with coding (not expert, but can muddle through)
    Understanding of general web application construction (front/back end, etc)
    A WOW account (maybe EverQuest if you roll like that)
    Some level of business sense (need to explain business impact of your findings)
    A comfort level with your skin tone being 3 shades more pasty than your racial peers

    Washboard abs?!  Well, that disqualifies almost everyone I know in IT.  🙂  The skin complexion though?  Got that one nailed…

  • #16480
     eth3real 
    Participant

    @rance wrote:

    Washboard abs?!  Well, that disqualifies almost everyone I know in IT.  🙂  The skin complexion though?  Got that one nailed…

    I’m probably a bad hacker because I don’t have a WoW account or an EverQuest account. lol

  • #16481
     Anonymous 
    Participant

    @shawal wrote:

    Chris,
    Well done, I will capture some of them in here

    1. Solid background in Operating Systems (Admin level experience in
    Windows/*nix – preferably with some certs in this area such as an MCSE,
    RHCE, SCSA, etc)
    2. Solid background in Networking (Admin level experience – preferably
    with some certs in this area such as a CCNA/CCNP)
    3. Solid background in Programming (comfortable with languages like C,
    Perl, Python, Ruby, SQL, etc – some documented work on an open source project might be a good resume stuffer for this)

    That’s what i like about security it consolidates the above knowledge together or it makes you think out of the box if i can use this words in here. that is think differently about the systems/networks/applications you are trying to run/manage. In brief it is approcable from all different angles, just work your way through from the angle you love most

    glad you like it, that post was by the founder of LearnSecurityOnline.com Joe McCray

  • #16482
     mambo 
    Participant

    @eth3real wrote:

    @rance wrote:

    Washboard abs?!  Well, that disqualifies almost everyone I know in IT.  🙂  The skin complexion though?  Got that one nailed…

    I’m probably a bad hacker because I don’t have a WoW account or an EverQuest account. lol

    Does CS Count?

    =/

  • #16483
     Amat3ur 
    Participant

    @pseud0 wrote:

    A sense of humor (preferably dirty but manic is also acceptable)
    Washboard abs
    A WOW account (maybe EverQuest if you roll like that)
    A comfort level with your skin tone being 3 shades more pasty than your racial peers

    ahahahahaaaa

    nice 🙂

  • #16484
     davekoob 
    Participant

    @shawal wrote:

    The Penetration field is quite deep and wide

    Thanks for making my day….  ;D

  • #16485
     RobMongoose 
    Participant

    @bigtone82 wrote:

    I’m completing my MCSA at the moment for my position here and theN i’m going to go into CCNA training, get some switches/routers and set up a virtual network.  In the meantime, work with linux at home and get a handle on the OS and go from there I think.

    Bit of late input here and you may already know of this, but check out GNS3 – http://www.gns3.net/ . As the site says, it’s a graphical network simulator. There’s a few of these floating around and they’re excellent for practising your network skills without shelling out for actual physical kit. Hope this is helpful.

    Rob

  • #16486
     RoleReversal 
    Participant

    @robmongoose wrote:

    check out GNS3 – http://www.gns3.net/

    Rob,

    cheers for the link. Haven’t come across this in the past, I’ve used (and paid for) Boson Netsim which is decent. I’m downloading now, hopefully should be good (and hopefully the Win Binaries will run under Vista 😉 ).

    RR

  • #16487
     renoboy 
    Participant

    well just like him i my self am in IT and i just started messing with the security part of it. I have been hacking for about a week now im not too good yet but i hope to get more knowledge and then be EHC.

  • #16488
     gentlereign 
    Participant

    All of the suggestions have been great. Best suggestions i have seen is to read books and maybe get yourself a free distro of slackware or ubuntu. Learn the linux terminal and network configurations. Best way to learn linux is to ins the prog and use it. rid yourself of microsoft products as much as possible.

    gentereign

  • #16489
     Shal1989 
    Participant

    @bigtone82 wrote:

    ..Whats your opinion?

    <– Complete n00b to the ethical hacking community and I've been on a windows computer all my life.  I'm in IT and I want to be more learned on security and everything that is involved.

    So far I know that you need 

    –>

    Basic/Advanced Linux Knowledge

    Add to my list!

    can u tell me how to hack the wireless network?????and how can i enter the server computer computer with out the knowledge of the server admin?????

  • #16490
     oldgrue 
    Participant

    @mambo wrote:

    Does CS Count?

    I’m hoping so. I dumped WoW for EVE.

  • #16491
     dalepearson 
    Participant

    Welcome to the forum, I would say an Ethical Hacker / InfoSec Professional really needs to have passion.

    By this I mean is a general interest for IT Security and all that it encompases. The Security field is very varied with so many subject domains, but dont worry about becoming the guru of everything security. Personally I feel its important to have a high level understanding of all of these domains, but by no means be the master of all.

    As you start looking at InfoSec you will find what it is that floats your boat, these maybe technical or soft related skill sets, but as long as you enjoy it and you have passion you can succed.

    All the best on the journey.

  • #16492
     bruha666v 
    Participant

      Hi Guys!

      Im bruha666v from the philippines..im a computer science graduate and was exposed to “vb6” for four years. :-[

      I decided to take this course because i wanted to learn how make viruses and stufss but later found out that its wrong. so here i am trying to learn how to hack.

      But im really confused where to start and what to do.  Then a guy i met in a chat room who is also from the philippines challenged me to hack his site and would give me 20k if i do so.

      What i need to do is login as admin and just get 20 customer accounts and passwords from his customers database and send it to his email. The site is using php and the URL is:tipidweb.com.

      I believe this could help me start out.Hope you guys could help me out. Im not in for the money, i just wanna learn.

      Thanks!

     

  • #16493
     RoleReversal 
    Participant

    @bruha666v wrote:

    But im really confused where to start and what to do.  Then a guy i met in a chat room who is also from the philippines challenged me to hack his site and would give me 20k if i do so.

    You serious? Is that a closed offer or can anyone play? 😉

    Any chance this guy is actually any way responsibl for the site in question?

    First phase of any penentration engagement is to get a formal contract in place providing full authorisation for you to carry out the work, that way you don’t get sued/imprisoned when someone changes their mind. Otherwise known as a CYA document.

    I’d be very inclined to take this ‘offer’ with a pinch of salt…

    (P.S. I’ve got $20million stuck in an offshore account, I could give you 10% if you help me transfer it into your country….)

  • #16494
     dalepearson 
    Participant

    As RoleReversal says, I think you are buying into this to much.

    One its in a chat room, and as on the Internet you can be anybody, I would ignore this guy.

    If someone was to REALLY offer you work, it should be via more official means. Just because someone owns a website, its probably hosted by someone else and they would be responsible for authorising any Pen Testing, etc.

    If you want to learn / practice pen testing, then have a search on this great forum for information on setting up a virtual lab, using live cds etc.

  • #16495
     bruha666v 
    Participant

    Thansk for the reply RR and DP..

    Well the guy actually owns the site and he brags about it being “unhackable” and he is manila right now maintaining the site. So im pretty sure its not a scam or watever. Anyway ill try to contact him again and get the “letter” as you told me RR.

    Anyway, its been nice knowing you guys are out here helping other pipol out.

    Ill update you guys as soon as i get in touch with him again.

    Bruha666v

  • #16496
     bruha666v 
    Participant

    Btw, have you guys checked the site?

  • #16497
     Michael J. Conway 
    Participant

    I did a little research on the site and found that it is hosted by GoDaddy.com. Now that mean that you bruha would need not only authorization form the site owner, but also from GoDaddy. I did my research at dnsstuff.com. Further research shows that this is a Philippine web service provider. Chances are that you are getting in over your head. I would say stay away.

    By the way, what was this chat room contacts name?

  • #16498
     oldgrue 
    Participant

    Critical Reasoning Skills.
    Developed sense of paranoia.

  • #16499
     Michael J. Conway 
    Participant

    exactly

    I find myself researching emails from people I don’t know just to figure out if they are legit or not. the spammers are getting better by having names on the emails, but they don’t often match the name on the email. It cracks me up.

  • #16500
     bruha666v 
    Participant

    Thanks jm..

    btw, he’s in irc. Channel: bacolod | nick: panulay

    anyway, this site has really opened me to new ideas and concepts that could help start.

    Im backed out already knowing that this could get me into trouble. Thanks guys!

    Hope you could help me out. I really want to know how to “hack”. Not because i want to get into other peoples files o computers but i want to learn how to protect myself too knowing the vulnerabilities.

    Thanks for the replies guys!

    Bruha666v

  • #16501
     w33p3R 
    Participant

    Back to the original topic;

    I agree with one of the other posters in this thread…You have to start with the basics and work up if you ever intend to be proficient in your profession, in this case, working as an Ethical Hacker (Network Security).

    My recommendations would be:

    A++, Network+ – You don’t necessarily have to have these certs, but having the knowledge that these certs test you on is essential to even start understanding how to hack.

    Linux Is Your Friend – A basic understanding of Linux is pretty much essential in my opinion.  How can you hack something you don’t understand anything about.  At least know the basic commands: rm, ps, top, cd, ls, chown, su, sudo, etc.  Staring at a Telnet/SSH prompt and not knowing what to type is hell…(Been there done that)  Plus, several great tools are only available in Linux.

    Programming – At least some type of basic programming understanding…I started out back in the QBasic days…telling my age now…Anybody else remember that or am I the oldest fart on the board?  lol  Unless you want to be labeled that dirty word, “script kiddie”, you best be able to write some of your own stuff or at least be able to modify others to suit your purpose.

    Social Engineering – Yes, I would label this as a requirement for the ethical hacker and even a black hat hacker. (I know some will disagree)  There will be times when you are just not going to get in…the IT Department has done their job and done it well.  You must be able to go to the weakest link, the employee, vendor, etc. and be able to get the information you need to compromise their security.  You can’t be just an all geek and number cruncher..you must have some social skills too.

    This is just my opinion and we all know what opinions are like.  But, I honestly couldn’t see someone succeeding as a hacker without these basic skills.  You might be able to run a script against a web site or company with very poor security, but when you come up against a company/web site that has done their homework, that is where it will take skill and patience when the pre-written scripts fail.

    In this high speed internet / fast food society we live in, we always want the quickest way and take all the shortcuts we can.  But we must remember we are only cheating ourselves if we skip the basics.  Take your time and build a good foundation, then the advanced skills come a lot easier.

  • #16502
     bruha666v 
    Participant

    Guys!

      Remember the guys i told you that owns the site > Tipidweb.com ?? well he told me that godaddy.com doesnt host his site…He has his own dedicated server in the us. and he’s really bragging about it. He also told me that he uses the combination of different sql and php code and API combinations. I stopped messing with his site coz u guys told me to back off. Well thanks anyway…

     

  • #16503
     Amat3ur 
    Participant

    This is a great thread to look at, when you hit your first plateau.
    Some great information 🙂
    And unlike some of the others here, I wanna know how to get into others systems without a proggy(I dont buy the ole “I wanna learn to protect myself”  jazz!! lol.), I wanna know how to bounce off nodes to make detection that little more difficult, I wanna know how to mass inject a server, and tell Frank he’ll be alright once he gives my favourite Milli Vanilli single back!! I wanna know what the heck Im talking about when Im talking it!! lol

    Im not gonna try and mask what I want to learn, as it only hinders my own learning, and there’s nothing better than learning something you wanna learn 😉
    But I can say out of all honesty..  Its out of curiosity and fun that I have been interested.
    I dont wanna be the next Phantom Menace online.
    But would like to be able to know, what Im looking at, when its right infront of me.

    Freedom of information, and Common sense, are 2 necessities greatly under utilised when starting off.
    Understand these, and patience will be your virtue 😉

    My 2 shillings worth ;D

  • #16504
     gascoin 
    Participant

    @dengar13 wrote:

    Why not start out reading a book on hacking, like Hacking for Dummies, Hacking Exposed, any Kevin Mitnick book?  This could give you an overview of the fundamentals of hacking, and the Mitnick books have good stories, and history on hacking.

    There are too many elements to consider on where to start.

    Welcome by the way.

    [move:2gp8riig]I am a newbie in hacking. I want you to be my mentor. Though much depends on me, I will be glad if you can help me through.
    :)[/move:2gp8riig]

  • #16505
     Lancewang 
    Participant

    @ChrisG wrote:

    here read this

    http://seclists.org/pen-test/2008/Mar/0029.html

    The only thing worse than training good employees and losing them
    is NOT training your employees and keeping them
                                                              – Zig Ziglar 
    this make sense:P

  • #16506
     TruckputerX 
    Participant

    Sup yaa,

    TruckputerX in the house. Here to make new friends and learn as much as I can to increase my knowledge of Computer Security.

  • #16507
     blackazarro 
    Participant

    Welcome aboard buddy, you’ll definitely going to learn a thing or two on this site.

  • #16508
     TruckputerX 
    Participant

    Thanks for the welcome. Going to start reading the books recommended and configure a vmware lan with different OS’s.

  • #16509
     sathishKumar 
    Participant

    Hi Champions,

    Please help,

    This is Sathish Kumar, I work as ISMS Guys offlate i am interested to learn and enhance my skills onto the field of Ethical Hacking.

    My BackGround is that i worked as Windows Administartor for almost 8 years and 4 years into the ISMS, I have very good exposure of Using VA tools like Nessus,ISS and Foundstone tools, however i want to learn and enhance my skills in exploiting the reported vulnerabilities.however i have already dowloaded Metasploit 3, but i don’t have a hacking exposure, Can anyone of u please do let me know is there is any step by step guide how to use the Metasploit  framework to exploit the known Vulnerabilities that exist or any other tools which can used for these activities.

    Please suggest.

    Regards,
    Sathish Kumar.S

  • #16510
     jason 
    Participant
  • #16511
     Xen 
    Participant

    You can start by getting a basic understanding of metasploit by reading the user guide that comes along with it.
    http://www.metasploit.com/documents/users_guide.pdf

    After this you can proceed to other books.
    http://books.google.com/books?q=metasploit

    I’m currently reading Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability research and am happy with it.

  • #16512
     hayabusa 
    Participant

    In addition to Xen-‘s reply, if you have the finances and time, look into the OSCP training, at Offensive Security’s site.  muts has done an excellent job of putting together information about how to work with buffer overflows, exploit compilation, etc.  While they don’t explain EVERY exploit (I don’t think anyone has that much free time on their hands, it does give good information to work from, in utilizing metasploiit framework, and its toolsets.

  • #16513
     _Louis_2_Rich_ 
    Participant

    Good Evening All~

    Im new to the site and new to the IT security world… IT world in general so I’m really just here to get a grasp on things. As an ex-west pointer (left prior to graduation) I’ve been struggling over the past 4 1/2 years on what to really do with my life and it seems that I have finally found some insight. I started dabbling with the idea of “something IT related” about a year and a half ago.
      I decided that if im going to do something, I’m going to do something that interests me and I’m going to do it right. Granted I’ve been playing around with computers my whole life (Back to the mechwarrior days and 14.4k modems were the newest thing) but I never really gained a deeper level understanding. With that being said… Last week I kicked Microsoft to the curb, Installed Ubuntu as my sole OS and then started reading about this ethical hacking and IT security. I AM HOOKED. Been an athlete my whole life and these days I can do nothing but think about getting back to my computer to learn more. I’d just like to say thanks ahead of time to all of you guys (maybe a gal or two) who have contributed already and who will help me along on my journey.

    L2R

  • #16514
     Dtag 
    Participant

    This my fist post on this site so yes I’m new, and yes I’m probably gonna be asking something you guys are tired of reading and I’m sorry in advance.

    I’m not new to computers I’ve had them sense I was a kid, I’m 25 now, but for most of my life I didn’t care about anything, anyone, or really advancing in life.  That was till I met my wife, but long story short my heads screwed on straight now and I know what I want.  I desperately want to learn about computers at this time I do not have the money to pay for school or anything like that but when I do I plan to go for networking security.

    Over all though I wanna learn everything I can bout computers, which yes includes hacking, have no interest in being a “black hat hacker” as I’ve head them called.  I just wanna be able to mess around with my friends who are out of state learning computers and are hackers them selves.  So now as I go around my ass to get to my elbow but I was wandering if you guys had ideas on books, sites or even classes I could get or take to get my foot in the door and start learning on my own?

  • #16515
     Dengar13 
    Participant

    Greetings Dtag.  You are a man after my own heart….welcome to this forum by the way.  I did the military route; and that as well as my wife did the trick to get my head on straight.  What knowledge do you have as of now?  That is a good barometer as to where and point you to.  What is your educational background.  How much experience/knowledge do you have in IT, and what does it consist of?  Your answers will help us help you.

    Again, welcome to this forum.

  • #16516
     Dtag 
    Participant

    Experience/knowledge in the IT feild none at all.  As far as experience/knowledge with computers I know enough to get me into trouble my wife would say and I’m thinking of going navy and letting them pay for my schooling but I want to have atleast a basic understanding before I do. 

  • #16517
     UNIX 
    Participant

    Welcome to the forums.

    If money is too short then use the free resources available – there are tons of them. Especially if you are very new to everything and need the basics you should be able to find some great websites, whitepapers and even free books.

    Think about which topics interest you most and search for those through google. Also browsing through this forum may answer a few more questions you might have.

  • #16518
     Dengar13 
    Participant

    In addition to what awesec has advised, I also suggest going to a library and getting some A+ and Network+ books from your local library.  This will give you a foundation in IT, and from there you can decide whether you want to learn programming, networking, server administration, etc.  Security should be considered after you get a solid understanding of the former as it is not an entry-level thing to get into.

  • #16519
     Dtag 
    Participant

    Yeah I had a feeling secrity wasn’t entry level but I’m deffently hitting the library before the wifes derby practise today. Secrity is more of something I want in the long run don’t want it right off cause I do wannna learn programming as well. Thanks for the help guys and I think I may of found this to be one of my new fave sites. 🙂

  • #16520
     trighger 
    Participant

    I would recommend reading as much as possible.  When I was first getting into security I found a lot of material available on the web, but the best was getting a good grounding in TCP/IP through books like the CCNA book, then building up through Hacking Exposed and then on to Web App hacking books.  Setting up a small lab at home was my next step.  Of course now there are also a lot of good videos that illustrate pen test techniques.

  • #16521
     donchizy 
    Participant

    thank you all for the post it has been educating and at the same time confusing, i really need a mentor and someone to guide me, i am a student studing computer science, this is just me 2nd year but have a dream of becoming a CEH the big question is where do i start from which knowledge do i need before enbarking for  the course. I will appretiate ur advice and thanks in advance.

  • #16522
     rattis 
    Participant

    It would help if we knew what you already had good grounding in. Also what besides or why do you want a CEH? Do you want it just to have it? Do you want it as a stepping stone to something else?

    How are you at Networking, System Administration and programming? What hacking have you looked at or tried? Do you know Virtualization yet?

    Couple of things to look into:
    The rest of this site. Including the Features tabs where things get reviewed.
    Hacking For Dummies (it’s a good start).
    Hacking Dojo
    Infosec Mentors (not a bad program. I have or had a mentor, but we didn’t really click).
    Offensive Security’s WiFu course.
    The Security + cert (Appears to give a broad overview of all aspects of security).

  • #16523
     peta909 
    Participant

    Hi, I frame my learning process into 3 main parts:
    1. Host
    Learn to be comfortable using and configuring both Windows based and Linux based OSes.
    I have a laptop that I dual boot to have both windows and Backtrack. By forcing myself to use Backtrack(linux) I was able to learn many linux commands fast.

    2. Applications
    Learn to built your own website with any language E.g. PHP
    Learn to configure web application servers E.g. Apache or IIS
    Learn to configure databases E.g. MySQL

    3. Networks
    Read up on TCP/IP and understand how packets flow and formed in the networks.
    A very good book to start reading is TCP/IP Illustrated. However, do note that it is very dry.
    Make use of wireshark to collect network traffic while you start surfing the web. By looking at the packets collected and cross reference to TCP/IP Illustrated book you can learn alot about networks.
    Last but not least google is your friend. God Bless.  😉

  • #16524
     El33tsamurai 
    Participant

    I would say able to read and spend many hours reading about this stuff.  I find myself going online and watching tutorials , reading forums and websites like ethicalhacker.net, going to the local book store reading hacking books and hacking mags like hakin9.  The more I read the more I learn and can add to my ethical hacking skills.

  • #16525
     YuckTheFankees 
    Participant

    peta909,

    Very good post! I pretty much have 1 and 3 taken care of but I’m a little weak in the application area. I’ll be able to improve my web application server knowledge through my linux +/ red hat training..PHP I can learn online..and I havent figured out MySQL yet.  Great Thread!

  • #16526
     Anonymous 
    Participant

    I think it all depends on what area you want to work in. Most of what I have learned has been from doing tutorials and watching video and mostly network stuff. I landed a job a fews months ago that required me to test web apps so now in process trying learn as much as I can about web apps.

    It might also be useful to stick with what you know to start off with if you good network then try learn as much as you can about them.

  • #16527
     charliemong 
    Participant

    @rance wrote:

    @pseud0 wrote:

    Necessary ethical hacker skills, the starter edition:
    TCP/IP
    OS basics for M$ and the *IX distro of your choice
    Internal network basics (switches, hubs, firewalls)
    A sense of humor (preferably dirty but manic is also acceptable)
    External network basics (routing, IP, interaction with internal networks, etc)
    Relationship between services, ports, and how exploits work
    Washboard abs
    Some familiarity with coding (not expert, but can muddle through)
    Understanding of general web application construction (front/back end, etc)
    A WOW account (maybe EverQuest if you roll like that)
    Some level of business sense (need to explain business impact of your findings)
    A comfort level with your skin tone being 3 shades more pasty than your racial peers

    Washboard abs?!  Well, that disqualifies almost everyone I know in IT.  🙂  The skin complexion though?  Got that one nailed…

    Am with you on the skin tone but Abs??? try AB! lol

  • #16528
     Abmart 
    Participant

    Hi everyone in the house, I am newbie here, I don’t even know where to start from now so please if anyone know or have ebook on ethical hacking should please help me with it.

  • #16529
     tamato 
    Participant

    Hi Guys
    verry soon i will be writing my CEH and am shit scared in going because i do understand the concepts and the phaxes and all of that
    The only part is when it comes to actually doing and implementing it
    Ive brokeinto a few of my wifi AP to try out aircrack and played with DVWA but the thing is i keep hitting a brick wall
    I scan a victim then see the open ports and google up the vulns but there after ??? clueless
    Ive also tried the metasploit and understand but only thing that worked was the MS068 smb vulns thereafter zip …and i dont think its verry practical in running the automation tools (as the ceh instructor said)

    I just need someone to help me in setting an enviroment and breaking into there to uinderstand what happens etc

    If some one would be willing to help please
    I pretty much feel useless
    My biggest dream is to get really good so to build a name for myself and i keep getting this wall

  • #16530
     Triban 
    Participant

    CEH is a generalization, an intro into ethical hacking.  It will not make you a pro overnight.  If you hit a wall, make a list of what you know about the network, if you have open ports, note them.  They may not have any known vulnerability surrounding the service in particular, but they can be used later to get data in or out depending on something internal.  For instance, you hit a firewall that has say port 25/80/21/22/443 open.  Hopefully the engineer did not filter what internal clients can go out through those (proxy only or other filtering systems).  So you scan the firewall, check to see if you can enumerate the services and see if any are vulnerable to exploits that may allow you through the firewall.  Well the web servers may have some clues.  The FTP and SSH ports may be susceptible to brute-forcing, but you will need accounts to use.  443 may be worth a look, they may have a “secure” web site that has some nice information they believe is protected.  You will need to do some recon from data you have access to.  If all attempts to gain access from the outside fail, well now you need to look at gaining it from the inside.  You will need to exercise some social engineering skills.  For lab purposes you are looking at exploiting a flaw in a 3rd party app such as flash, adobe reader or Internet Explorer.  You can use metasploit to create the payload and the listener (remember those open ports on the firewall).

    Good luck oh and if you decide to pursue OSCP, don’t forget to try harder 😀

  • #16531
     RoleReversal 
    Participant

    @tamato wrote:

    I just need someone to help me in setting an enviroment and breaking into there to uinderstand what happens etc

    Easiest way to start a test environment is to get a virtualisation playground (either dedicated box, or just from your main machine) and attack some vulnerable virtual systems.

    Depending on your needs Samurai WTF contains some vulnerable web applications (including DVWA which you mention), and all the tools needed to attack them, all in one handy package.

    For more information, take a look at section 2 of Metasploit Unleased (and Metasploit Unleashed in it’s entirety) and/or Rapid7’s article on how to setup a test lab. Both of which also link to some good additional resources for acquiring and setting up intentionally vulnerable targets.

    HTH, happy hacking 🙂

  • #16532
     tamato 
    Participant

    Thanks again guys
    I will go and have a bash once again 🙂 and see how far the rabbit hole  i can go
    Will keep you posted

  • #16533
     DelimitingCharacter 
    Participant

    I consider myself a very creative (out of the box thinker), would programming (specifically PYTHON) allow me to use that?

    Another question….

    I almost have my CCNA, also have my A+ (which means nothing since everyone has it), I was thinking about:

    Linux Certs
    Windows Certs
    Net +
    Security +

    useful or redundant?

    Was also thinking of a
    Win 7 and server 2012 certification as well. I find jobs to be a bit difficult, so far to get. I want something stable/steady with good $ (50k +) so that I can focus on more than this.

    Curious again if these will help or some are redundant?

    I also (surprisingly) dont hear alot of people using Kali-Linux. Is this something that everyone uses and thus so, nobody seems to mention… or… is using this considered being a “Script Kiddie?”

  • #16534
     DraakusM 
    Participant

    Python is a great language to use for pentesting, so having familiarity with it early in the security field is great!

    As far as certs go, it really depends on what you want to do. Information Security is a wide spanning field and can be applied to all aspects of computer science and beyond. Though, getting both the ccna and net+ is unnecessary. Ccna covers all the same material as the net+ and beyond. Everyone has their won path and own opinion, but here is one recommendation.

    If you want to do server administration pick either Linux or Windows to start with to get a job, then learn both.

    If you want to do network administration finish the ccna, get the security+, get a job in networking then move towards ccna security.

    If you want to do specifically security look in “certifications” section on the forum and poke around. There are a wide variety of certs out there and a lot of opinions so ask questions and do what makes sense to you.

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?