The Path to Hacker Mastery

Viewing 73 reply threads
  • Author
    Posts
    • #7517
      Novice hacker
      Participant

      Hi guys!  🙂

      I’m Novice hacker and I’m new to the site. My first few posts came on somebody else’s thread. (This was because I didn’t know how to create my own thread then.)

      Anyway, my last post was regarding the basic knowledge needed before proceeding to the topics mentioned below.

      Read everything you can.  Read other hacking books–Hacking Exposed, Counter Hack, Hacking: The Art of Exploitation.  Read networking books–TCP/IP Illustrated, Odom’s CCNA guides.  Read programming books (pick a language).  Read other security books–The Web Application Hacker’s Handbook, The Shellcoder’s Handbook, Inside Network Perimeter Security, Network Intrusion Detection by Northcutt and Novak, The Tao of Network Security Monitoring, Applied Cryptography, Understanding Cryptography by Paar and Pelzl. 

      For certs, the CISSP is required/desired for a lot of positions, especially if you push toward management but it requires five years of experience so it’s something to look at down the road but not now.  Many postings ask for the CEH so it’s worth getting for that reason alone.  The SANS certifications probably don’t show up in as many postings as the CEH but they are generally more respected by tech folks.  Look at GSEC, GCIH, and GPEN.  The OSCP is one of the most respected certs among pen testers as far as I can tell, but it won’t help you much with HR/business folks since they don’t seem to know what it is.

      Learn Python to start with.  It’s easy to learn, powerful, and great for developing small scripts, automating tasks, and parsing data.  You’ll also need to develop some knowledge of Javascript and C, at least to be able to read code snippets.  You should know how to do basic SQL queries.  It’s hard to be proficient in multiple languages unless you program a lot.  Focus on getting good with one (again, Python) and then learn to read and make small tweaks in others.  If you get to where you feel like you’re really good with Python and want to start working on a second language in earnest, go ahead.

          -posted by unicityd.

      Thanks a lot for your information and the amount of time you took to write it    🙂  I found it very helpful.

      But could you or anybody please mention what basic knowledge I would have to possess before I proceed to reading those books. And also please mention how to obtain that knowledge (like through  what books)

      Thanks in advance

    • #46899
      Novice hacker
      Participant

      Oh and I also would like to know if the info sec experts out there
      approve of the following approach recommended?

      http://www.infiltrated.net/pentesting101.html

      Do you feel this is the best method or is there any changes or anything to add to this list?

      Thanks for your contributions.

    • #46900
      hayabusa
      Participant

      I can tell you, sil’s approach (the link you gave,) is very well organized, and I’d agree with the outline he has.

    • #46901
      unicityd
      Participant

      But could you or anybody please mention what basic knowledge I would have to possess before I proceed to reading those books. And also please mention how to obtain that knowledge (like through  what books)

      Before you start reading books on hacking and security, you should have basic OS and networking skills.  Sil’s link that you posted includes these general IT skills you need but it may be a little fast-going if you’re really new.  Take a look at his page again and ask yourself how you feel about what he wrote.  If it seems too difficult, start build some basic skills and come back to it.  If it seems right at your level, then follow it and ignore the rest of my post.

      For building basic skills:

      I would suggest reading some books and playing around in a lab environment to get comfortable with Windows (Server), Linux, and TCP/IP.  I don’t know what a good introductory book on Windows Server is; check reviews on Amazon.  At any rate, setup a VM and install Windows Server 2008 (or ’03).  Find a basic book and mess around with it until you feel comforable configuring it and setting up services.  You’ll also want to learn a Unix OS.  Most people start with Linux although FreeBSD is also very good and is my first choice.  Pick one, install it, play.  For a Linux book, I think How Linux Works provides a pretty basic introduction.  You can also find tons of tutorials online.  For FreeBSD, get the book Absolute BSD by Michael Lucas.  On the networking side, I recommend starting with the CCNA books by Odom if you want to learn Cisco too or TCP/IP Illustrated vol. I if you want to go deeper with TCP/IP first.  You’ll probably read both eventually so if you’re not sure, start with Odom.  It’s okay if you don’t finish the entire books at this point.  It’s probably best if you do, but I think it’s okay for people to jump around.  If you start getting the hang of networking and want to go play with Linux or read a first security book rather than learn more about routers and switches or more advanced TCP/IP topics, go ahead.

      For TCP/IP, you need to understand the OSI layers and the purpose/basic functioning behind Ethernet, IP, TCP, UDP, ICMP, DHCP, ARP, and routing protocols (you don’t need to know any specific routing protocols to start, just the concept).  You should know how to subnet and understand how traffic gets from your local network to another network across the Internet.

      For Linux/Windows, you should know how to install the OS, add/remove/edit users, move around on the command line, configure basic services (ftp, ssh, mail), and update software.  On Linux, you need to be able to pipe and redirect commands, use tar and gz, and know how to create a shell script.  On Windows, you should know how to join a computer to a domain and how to set something in group policy or the local policy. 

      Eventually, you’ll need to know a lot more than this, but this is enough for you to start reading security/hacking books and understand most of what is being discussed. This way you can experiment as you read and compare what you’re reading with what you’re actually seeing on the OS.  This is also enough that you can start working on Sil’s plan in earnest.  His plan seems designed to turn you into a competent system or network admin who is starting to focus on security.  The things I’ve suggested will only bring you to a more basic level assuming you don’t have some general IT skills already but are not enough to establish the foundation you’ll need as a security (or networking/systems) professional.

      Good luck.

    • #46902
      Deadpool614
      Participant

      Welcome to the community NH 🙂

    • #46903
      Novice hacker
      Participant

      Thanks, everyone.

      I made a stupid blunder again.

      I typed a HUGE message (a reply ) that took me hours to think about and type and when I clicked reply it took me to the login page(I knew there was something suspicious when I left the “Time logged in check box ticked at 60 mins……..:()

      Now is there ANYWAY to retrieve that message? Or am I back at square 1?………..:(

    • #46904
      hayabusa
      Participant

      Sorry Novice hacker.  You’re back to square one.  Has happened to most of us, before.

      Suggestion, for longer posts, write them in notepad or something, first, and then copy / paste into your post.

      Cheers, and good luck!

    • #46905
      Novice hacker
      Participant

      @haybusa

      Thanks for the advice, it was comforting to read…

      I’ve changed the time logged in from 60 to 0. And I checked the Always logged on checkbox….Am I free from danger now?

      @deadpool  Thanks! I love this community. All the members are SO helpful.

    • #46906
      Novice hacker
      Participant

      @ unicityd

      This is most of what I could remember of my original post(which is no longer here.:()

      Before I address your reply, I would like to thank all of the members who helped me. And a special thanks is due to unicityd (your posts have almost EXACTLY what I’m looking for)

      Thank you VERY MUCH for your suggestions. I am sure it will help me a lot since now I actually have a PLAN of what to do.

      Now onto the main part…..

      Before you start reading books on hacking and security, you should have basic OS and networking skills.  Sil’s link that you posted includes these general IT skills

      I’m not in the IT industry yet. I will soon go to college and my PLAN is to MASTER the basics of hacking right now and then proceed to actual concepts the next year onward or so.

      I would suggest reading some books and playing around in a lab environment to get comfortable with Windows (Server)

      1) Can you please explain why it is necessary to learn Windows server and what use a hacker has for it?

      “On the networking side, I recommend starting with the CCNA books by Odom”

      2) Is Odom’s book a ‘complete reference’ to networking and will it teach me all I need to know about neworking?(Everything?)
      Or is it just used to prepare for the exams?

      “For TCP/IP, you need to understand the OSI layers and the purpose/basic functioning behind Ethernet, IP, TCP, UDP, ICMP, DHCP, ARP, and routing protocols (you don’t need to know any specific routing protocols to start, just the concept).  You should know how to subnet and understand how traffic gets from your local network to another network across the Internet.”

      3) Doesn’t that mean I need to understand the OSI layers FIRST?(Before I start learning TCP/IP?)

      4) Do you know any GOOD and CHEAP books about the OS and its working? (Most of the books that I saw on amazon were $100+)

      5) Is all the information above included in Odom’s book+TCP/IP illlustrated? (Can I learn all of this from those 2 books?)

      “For Linux/Windows, you should know how to install the OS, add/remove/edit users, move around on the command line, configure basic services (ftp, ssh, mail), and update software.  On Linux, you need to be able to pipe and redirect commands, use tar and gz, and know how to create a shell script.  On Windows, you should know how to join a computer to a domain and how to set something in group policy or the local policy.  “

      I already know some of this stuff, I will work on learning the remaining.

      “This is also enough that you can start working on Sil’s plan in earnest.”

      6) So,I should work on the skills you mentioned BEFORE I work on Sil’s plan? (i.e. I shouldn’t start on Sil’s plan until I have learned everything mentioned above?)

      Once again, I am EXTREMELY indebted to you (unicityd) for the immense amount of time you must have spent to help address my queries.

      And thanks again everyone  🙂

    • #46907
      dynamik
      Participant

      If you’re on a budget for books, check out Safari: http://my.safaribooksonline.com/ That will allow you to access 10 books per month for $20 (or unlimited if you want to pay more). This should get you access to all the Cisco Press, MS Press, etc. books you can use to get started.

      For good Windows books, check out the Unleashed, Mastering, or Inside Out series.

      For Linux ninjutsu:
      Practical Guide to Linux Commands, Editors, and Shell Programming, A (2nd Edition)
      Linux Command Line and Shell Scripting Bible, Second Edition

    • #46908
      ziggy_567
      Participant

      1) Can you please explain why it is necessary to learn Windows server and what use a hacker has for it?

      If you’re going to attack something, its helpful to know a thing or two about it. As a pentester, I attack a whole lot more Windows than Linux/Unix.

    • #46909
      unicityd
      Participant

      Novice,

      Odom’s CCNA book + TCP/IP Illustrated will teach you a great deal about networking.  I believe both cover the OSI model.  Odom’s book will teach you the basics of TCP/IP, but will not teach you all of the low level details you need to understand the techniques used for network mapping, remote OS identification, IDS evasion, or analyzing traffic.  It does, however, teach you about configuring and managing network device.  TCP/IP Illustrated will give you the background needed for those tasks but will not teach you about managing switches and routers or about routing and switching protocols.

      With regards to Windows Server:  you need to be able to do more than just run an exploit program against a target.  You need to know how to use the target system so that you can execute local attacks to escalate your privilege and/or use the target system as a foothold into a network so that you can attack other systems from it.  You also need to be able to recommend changes to the system to fix the vulnerabilities that you find.  It’s okay to be a Linux/Unix specialist with some Windows skills or vice-versa, but you’re selling yourself short if you don’t have some proficiency with both.

      With regards to Sil’s plan: I suggest starting with what I said first.  While Sil’s plan does include things such as OSI, it also jumps into the more advanced Cisco material early on.  For someone already working in the field, that could work well. For someone who is just starting out, reading Odom’s books and TCP/IP Illustrated first will give  you the background knowledge you need to understand the Cisco network security and routing books.  He suggests something similar to what I did for setting up and OS and playing with it, but he suggest attaining a much higher proficiency than I did.  I don’t disagree with him; I’m only saying you can read some of the hacking/security books before becoming a proficient sysadmin.  You still need to learn everything he says and the hacking/security books will make more sense when you do. 

      There is no one-size fits all path or plan.  I think what I suggested is probably the best start for someone at your level.  Someone more advanced should just jump into Sil’s plan.  Someone already at an advanced level with networking or system administration might do some parts of Sil’s plan and skip others that he is already proficient at.  As you go, you need to think about what you want to do, what it takes to get there, and where you’re at now.  You can jump ahead a little bit at times, but if you neglect the basics you’ll get stuck eventually.  If you’re going to be a pen tester, you need a very broad knowledge.  If you’re going to specialize in something like web application security, Cisco networking or databases, you will probably end up focusing more and neglecting some of the other areas.

    • #46910
      Novice hacker
      Participant

      @ajohnson

      Thanks but, is there any place where I can get the printed version(not e-books) of cheap books?
      And thanks for the book suggestions too.

      @ziggy

      If I have to learn Windows server(I don’t need to learn about the Windows OS then?) than do I have to learn about Linux servers too? (Most of the book suggestions here are for the Linux OS right?) Please clarify on that, thanks.

      @unicityd

      TCP/IP Illustrated will give you the background needed for those tasks

      Is the content mentioned in this book enough to actually apply the above skills? (etwork mapping, remote OS identification, IDS evasion, or analyzing traffic.) (Or do you recommend a separate book?

      to understand the Cisco network security and routing books

      I’m sorry but could you please mention the actual books? (I’ve found many similar titles)

      If you’re going to be a pen tester, you need a very broad knowledge.

      As a penetration tester, will I be writing my own exploits or will I just be using tools?

      Thanks once again for the treasure trove of knowledge you have bestowed upon me 🙂

    • #46911
      dynamik
      Participant

      I get most my used copies from Amazon, but I’ve had luck with half.com too.

    • #46912
      ziggy_567
      Participant

      If I have to learn Windows server(I don’t need to learn about the Windows OS then?) than do I have to learn about Linux servers too? (Most of the book suggestions here are for the Linux OS right?) Please clarify on that, thanks.

      If I’m reading that correctly, you’re distinguishing Windows Server from an OS?

      Windows Server IS and OS. Today, you will typically see either Windows Server 2003 or Windows 2008 R2, although I see Windows Server 2000 every once in a while still. You should know these OS’s very well. Additionally, I’d learn Windows XP and Windows 7 too as most of the workstations you’ll be attacking will be one of these.

      For Linux, you need to be at the very least moderately fluent in the commands and how the OS works. I’d argue, though, (especially if you’re using Linux as an attack platform) you should be just as fluent in Linux commands as Windows.

    • #46913
      unicityd
      Participant

      Novice,

      Wendell Odom’s CCNA books are here (it’s a 2 book set):

      http://www.amazon.com/640-802-Official-Library-Updated-Edition/dp/158720438X/ref=sr_1_1?ie=UTF8&qid=1334677358&sr=8-1

      Don’t worry about the other Cisco books right now; you can chase after those once you’ve covered the basics.  Since you’re not in IT now, I’ll mention that there would be a lot of value to you personally to get CCNA certified and try to use that to get into a networking position so that you can start building your skills on the job.  You can move into security from there; most companies will want you to have a networking/sysadmin background if you don’t already have security experience; they don’t typically hire straight into a security role.

      TCP/IP Illustrated Vol I. does not cover pen testing.  It covers a little bit of security (in the second edition) but only as it relates to protocols like IPsec.  It does cover traffic analysis and will give you most of the background you need to develop that skill.  Some of the other things I mentioned  (e.g. OS Identification) are covered in pentesting books, but others aren’t.  There are several articles about port scanning and OS Identification in Phrack magazine (http://www.phrack.com).  The classic paper on IDS evasion is here (http://insecure.org/stf/secnet_ids/secnet_ids.html) but it’s dated.  I don’t know of an up-to-date paper on the topic.

      With regards to exploits: you need to be able to modify tools and exploits for various reasons.  Sometimes a tool won’t compile, other times you want it to do something slightly different.  You also need to be able to write small programs/scripts to automate tasks, parse logs, etc.  For web applications, you need to be able to exploit vulnerabilities for cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection without a canned exploit.  You have to understand those exploits and while you may have some cut-and-paste code snippets that you use, you’ll modify them and create your own variations as well.  For other types of vulnerabilities such as buffer overflows, you don’t need to be able to write your own exploits; those take time to create and I can’t imagine your clients will want to pay you for that.   

      Regards,

      unicityd

    • #46914
      Novice hacker
      Participant

      Thanks everybody, I feel that with every post I’m closer to my dream..:)

      I just have a few doubts to clear:

      @ajohnson

      Thanks, I will look into that. Do you know any sites where I can buy cheap books without a credit card?

      @ziggy

      Sorry, for the confusion created….From the posts, I’m guessing that the Operating systems that you mentioned are the MOST common ones I will be encountering as a pen-tester. So, I’m guessing that I will be attacking Server operating systems, not individual workstations/desktops? I know this will probably sound dumb but can Linux be used as a server OS?

      Additionally, it seems as if I may have to keep up to date and I will probably have to learn Windows 8 when it comes out(If it becomes popular)

      Oh and one more doubt: Can I access a workstation after gaining access into the server OS?

      Thanks for sharing your wisdom  🙂

      @unicityd

      I have a 2 questions regarding study of contents:

      Which is the best chronological order for learning about the following:

      I) OSI and its working, Programming, networking, database management?

      II) Why do I have to learn database management? I think you recommended that I have to learn basic SQL commands?

      I’ll mention that there would be a lot of value to you personally to get CCNA certified and try to use that to get into a networking position so that you can start building your skills on the job.  You can move into security from there; most companies will want you to have a networking/sysadmin background if you don’t already have security experience; they don’t typically hire straight into a security role.

      Ouch, so, there’s no way to go into the Infosec field directly?
      I also read that the C|EH requires 2 yrs minimum experience in Information Security….Is there no way to write it directly? And if there’s no way to do that what networking position would you recommend?

      Thanks for mentioning those references:

      Could you please also mention an additional reference for network mapping?

      As for writing exploits, which programming languages would you recommend? Please give a list. I know you recommended starting with Python and then proceeding. But, could you give me a list of all the programming languages  a good pen-tester should know?

      For web applications, you need to be able to exploit vulnerabilities for cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection without a canned exploit.

      I’m not interested in web application related attacks that much….I wanted to learn those too but I don’t know anything except for HTML and it looks like I have already loads to do at the moment…..(But, I can bear that cause I’m pretty interested in those stuff like networking)

      Thanks yet again    🙂

    • #46915
      ziggy_567
      Participant

      Much of what you’re asking about gaining access to multiple systems depends heavily on how a system or environment is configured. If you gain access to a system (server or workstation), you might have access to more systems if say the entire environment is configured with the same username/password. It’s pretty common to find that the admins use the same password for local administrator accounts, so many times if you can gain that level of access to one system you will have administrative access to pretty much any workstation and possibly server in the environment.

      To answer your question about what you’ll be targeting, the answer is also “it depends.” When you start professionally pentesting, you will have a rules of engagement that is determined in the pre-engagement phase. If workstations are included in the scope, you can certainly attack workstations. If you’re focused solely on a few systems, those will be what you focus on. Period.

      About Linux:

      99 out of 100 times on an engagement, if you see Linux it will be on a server. In fact, I can only remember one time when I found a workstation with Linux installed.

      The bottom line is that every environment is different. Even if they’re using the same technology as a previous client, it will be configured differently. That’s why its so important to know the technology so well or at least be able to research and learn the technology. You have to be able to learn quickly and adapt what you know to each individual environment.

    • #46916
      dynamik
      Participant

      @Novice hacker wrote:

      @ajohnson
      Thanks, I will look into that. Do you know any sites where I can buy cheap books without a credit card?

      You could always buy a pre-paid card to use if you don’t have a credit card. Otherwise. half.com is an eBay company, so they may accept PayPal (and any of the payment methods they support).

    • #46917
      unicityd
      Participant

      Novice: OSI is a conceptual model for computer networking.  When you study networking, OSI will be one of the first steps.  You should understand the OSI model before jumping into TCP/IP.  If you want to see how the layers match up between the two, just Google “OSI vs TCP/IP” and you’ll find plenty.  Learning networking and the basics of Windows and/or Linux before jumping into programming.  Learn databases that.  If you don’t understand basic programming, you can’t do anything with databases.

      If you’re going to be a pen tester, you’re going to hack databases.  You don’t have to be an expert DBA, but SQL is how you query (look at) what’s in the database.  You’ll need to know the syntax well enough to do SQL injection, query/modify tables, and execute procedures.

      Some big companies will hire people directly into a junior infosec role.  The best way to get into one of these is probably to get a CS degree from a good school.  Most companies have limited if any security staff so they can’t afford to train you from the bottom.

      I don’t know anything about the CEH requirements.

      Other than Python…most buffer overflow exploits are a combination of C and assembly language.  The program itself is written in C, but the shellcode (payload) requires assembly language to build.  Most of the programs vulnerable to buffer overflows are written in C and/or C++. For web app security, you need to learn basic HTML and Javascript to be able to do anything.  If you want to understand what is actually happening on the server side, you also need to learn one or more of Java, PHP, or ASP .Net (using VB, C#, etc).  I don’t know what the minimum is, but my feeling is that you should be good/competent with at least one language that you can use for automation/tool building/parsing and that you should have some familiarity with several others.  By familiarity, I mean you can read code in that language and make minor changes to it.

      Web application security is huge right now.  For the most part, I don’t think you can be a pen tester and avoid it.  That doesn’t mean you have to be a web app security tester specifically, but it’s going to come up.

    • #46918
      Novice hacker
      Participant

      @ajohnson

                        Thanks. I checked out half.com and it looks pretty good.
      Which do you think would be cheaper? Half.com or the used books on Amazon? (No, I don’t mean the one’s in really bad condition) 🙂

      @ziggy

      Much of what you’re asking about gaining access to multiple systems depends heavily on how a system or environment is configured.

      So, it depends on HOW the network is configured?

      If you gain access to a system (server or workstation), you might have access to more systems if say the entire environment is configured with the same username/password.

      If I gain access to a server then don’t I automatically gain access to all its clients?    🙁

      It’s pretty common to find that the admins use the same password for local administrator accounts,

      If they don’t do I have to hack individually?

      Thanks for the rest of the info too  🙂

      Oh and could you please tell me a bit about the life of a pen-tester,

      The pay(when you start out) (and as you gain experience)

      Every pen-tester’s dream (like to get employed in _______________ company(please fill the dash))

      And also working hours

      Please also mention how(or where)(like which institutes)  to pick up pen-testing skills.

      Thanks once again for your help  🙂

      @ unicityd

      Thanks a lot for the order. I think I’ve got it figured out…..
      OSI, networking, TCP/IP, Specific OS (Windows server, Linux, Windows XP and Windows 7), Programming and then databases.
      I left one thing out though. Where does learning shellcode come in this list?

      Oh and please also mention if this list consists of a pen-tester’s knowledge…..if the list is not complete please edit, or add items to the list.

      If you’re going to be a pen tester, you’re going to hack databases.  You don’t have to be an expert DBA, but SQL is how you query (look at) what’s in the database.  You’ll need to know the syntax well enough to do SQL injection, query/modify tables, and execute procedures.

      Ok, thanks. Do you know any good books on databases which will teach me enough?

      Some big companies will hire people directly into a junior infosec role.

      Yay!  🙂 Please mention some of those companies.

      The best way to get into one of these is probably to get a CS degree from a good school.

      Good college? Followed by? A master’s degree in Ethical hacking?

      The program itself is written in C, but the shellcode (payload) requires assembly language to build

      I think I’ve heard of this before. Payload refers to the transfer of the buffer overflow program, right?

      Web application security is huge right now.  For the most part, I don’t think you can be a pen tester and avoid it.  That doesn’t mean you have to be a web app security tester specifically, but it’s going to come up.

      Don’t web app security testers have to learn all that stuff?
      As a pen-tester, won’t I only be asked to hack into computers, and stuff like that? Do I also have to hack into web applications? Is it essential I have to learn that too? (My hands already seem kind of full……..)

      Anyhow, thanks for providing the information in a detailed and clear manner  🙂

    • #46919
      Novice hacker
      Participant

      @ the ethical hacker community

      Does anybody know about the requirements of C| EH?

      Please also tell me about learning metasploit and how it works.

      Also mention the other certification likely to land one as a junior pen-tester….

      Thanks everyone for your help    🙂

    • #46920
      ziggy_567
      Participant

      I appreciate your enthusiasm and wanting to know more about pentesting and ethical hacking, but ALL of your questions can be found in other threads and/or Google.

      Does anybody know about the requirements of C| EH?

      http://www.eccouncil.org/courses/certified_ethical_hacker.aspx

      Please also tell me about learning metasploit and how it works.

      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,6158.0/

      Also mention the other certification likely to land one as a junior pen-tester….

      http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/board,23.0/

    • #46921
      dynamik
      Participant

      http://www.securitytube.net/ is another fantastic resource for Metasploit and numerous other topics.

      Please don’t take this the wrong way, but you really seem to be putting the cart before the horse here. Metasploit shouldn’t even be on your radar when the difference between the OSI and TCP models is still a mystery.

      I agree with the path that has been laid out by sil (infiltrated.net), but realistically, I think 52 weeks is an extremely aggressive timeline for someone who has yet to obtain basic networking knowledge. With where you are now, it will literally take years to obtain a solid understanding of networking, Linux, Windows, etc.

      I’m not trying to be rude; I just want you to really consider the massive amount of information you need to absorb and develop a realistic timeline for your goals. If you cut corners, you’re going to end up as someone who is mindlessly dependent on tools other people have written.

      However, everyone has been in the exact same position as you are right now, so you shouldn’t feel discouraged either. You’ve received a lot of really good advice in this thread. If I were you, I’d look at a pentesting position as a 5-10 year goal, and then break that down into realistic steps for getting there. You’re going to overwhelm yourself if you try to do everything at once.

      For example, you could set obtaining your CCNA as your first short-term goal, focus exclusively on that until it’s achieved, and then reevaluate where you are and determine your next feasible step. It may sound like a long time to work for something, but it will go faster than you think. The key is to stick with it and make continual progress over time.

    • #46922
      ziggy_567
      Participant

      +1 for ajohnson!!!

    • #46923
      unicityd
      Participant

      I left one thing out though. Where does learning shellcode come in this list?

      When you’ve learned how to program in C and want to learn to write your own exploits from scratch.

      Oh and please also mention if this list consists of a pen-tester’s knowledge…..if the list is not complete please edit, or add items to the list.

      I gave you the IT basics that you need to get started in security.  You also need to learn security concepts and pen testing itself.  Go to Amazon.com and look at the table of contents of a couple of Security+ guides and some hacking books.  You need to know learn about all the areas listed.

      Ok, thanks. Do you know any good books on databases which will teach me enough?

      No; it’s been years since I read a book on databases.  Now I just Google when I have a question.

      Yay!  Smiley Please mention some of those companies.

      Look at job listings.  Try Microsoft or Google.  You’re still going to need a CS degree and a cert or two wouldn’t hurt either.

      Good college? Followed by? A master’s degree in Ethical hacking?

      By a good school I mean MIT, Berkeley, etc.  The better the school, the more likely you can get in without experience.  If you go to an unknown local university or state school, your odds go down.  It doesn’t mean you can’t still do it jumping from a local U; it’s just harder.  It’s not an science; plan to do non-security work first and if you do manage to get a security job straight away, well…good for you.

      I think I’ve heard of this before. Payload refers to the transfer of the buffer overflow program, right?

      Yeah.

      Don’t web app security testers have to learn all that stuff?

      Yes.

      As a pen-tester, won’t I only be asked to hack into computers, and stuff like that? Do I also have to hack into web applications? Is it essential I have to learn that too? (My hands already seem kind of full……..)

      You’ll have to do web-app stuff too.  It’s too big of an area to ignore.  So, yes.  If you want to be a pen tester, you’ll have to learn web-app stuff too.  That’ doesn’t mean you have to be an expert to get your first job.  But, you’re going to have to have some knowledge of each area (web, networking, windows, unix) with stronger/in-depth knowledge in one or more of those areas.  You’ll continue to build your skills as you go.

      At this point, you really need to just jump in and start learning.  More of your questions will be answered as you learn.  If you want to do this, it’s going to take you a few years.  If you’re going to go to college, major in CS or IT and learn additional things or experiment in your free time.  If not, start learning the basics and once you have some basic networking/OS knowledge, apply for a help desk job.  Build your skills as you go and apply for better jobs when you are ready for them.

    • #46924
      DragonGorge
      Participant

      Novice, I’ve got to echo some of the last few sentiments expressed here: What you’re asking is equivalent to “Please tell me how to be a nuclear engineer/doctor/pilot”. You’re not going to learn pentesting on a forum. You can use it to augment your knowledge but not create it from the ground up.

      There are a ton of books on pentesting. If you go to Amazon’s site and do a search you’ll find enough to keep you busy for a few months. Start with a one that gives you the basics of pentesting and introduces you to all the different areas – if it’s got upwards of 3 stars as an average rating it will likely be pretty good. Once you’ve gotten the basics down, you can delve into the specifics from there. I don’t think you need to be an expert in all areas, similar to a doctor, you can specialize (social engineering, web app, wifi, etc) but you need to know the basics of the different areas.

      The CEH is a decent “Intro to pentesting” cert but you won’t learn how to penetrate a system from it. It’s too high level and covers somewhat antiquated methods. Plus, if you’ve got $500 – $1000 to spend on the CEH, you should be able to invest in a few pentesting books that’ll give you as much if not more (minus the cert).

    • #46925
      Novice hacker
      Participant

      Hi guys…….

      I just nearly finished my reply to this when I experienced a power cut…………………….:(

      Unfortunately, I lost ALL my data once again. I thought I saw the worst when I lost my data the last time…:(

      Anyways, thanks for the advice everyone  🙂

      I appreciate constructive criticism so you don’t have to worry about me taking it the wrong way or anything    🙂

      I don’t have the time to type up my reply again today so I will post tomorrow.

      Once again, thanks everyone for caring for my development as a hacker.      🙂

    • #46926
      Novice hacker
      Participant

      Hi! This message has been typed in MS-word and then edited. (The auto save feature comes in use some times)

      Anyways, like I said I appreciate constructive criticism, so thanks for the suggestions  🙂

      @ziggy

      I appreciate your enthusiasm and wanting to know more about pentesting and ethical hacking, but ALL of your questions can be found in other threads and/or Google.

      Thanks, and I will try to post questions only after searching using Google and the search box in this forum.  If I can’t find an answer or I don’t understand anything, then I will post it here  🙂
      (Can you just answer the pen-tester’s dream question? I want an inside view of a pen-testing job, thanks :))
      @ajohnson

      Please don’t take this the wrong way, but you really seem to be putting the cart before the horse here. Metasploit shouldn’t even be on your radar when the difference between the OSI and TCP models is still a mystery.”

      I don’t mean to actually learn Metasploit right now. I set up this thread with an idea of making a plan to become a pen-tester. Right now I’m just collecting details to construct the plan. i.e. I wanted to construct the overall plan and then jump into it. But, do you recommend coming up with the next steps of the plan after completing the initial steps? If so, then I will follow that idea    

      I just want you to really consider the massive amount of information you need to absorb and develop a realistic timeline for your goals. ”

      Don’t worry; I don’t plan on finishing all of the things on my plan in one year or so. I am perfectly OK with the 10 year plan. Here’s my scenario:
      I am currently about to turn 17.
      I will not be able to properly study the hacking techniques for the next 1 year approx. (I have important exams that I am pressurized to do well at.) (That leaves me with approx. 9 years to learn hacking before I go into a pen-testing position. I am confident of my learning abilities and I will work hard, so I’m pretty sure that I can achieve all my goals in this gap.

      For example, you could set obtaining your CCNA as your first short-term goal,

      Ok, but I did some research of my own and CCNA cert is not even mentioned here:
      http://infiltrated.net/TechnicalSecurityRoadmap.html#  (I still plan on getting it, I just would like your opinion on this)
      @unicityd

      look at the table of contents of a couple of Security+ guides and some hacking books.  You need to know learn about all the areas listed.

      I’ve done what you said and I would like to know if you would recommend getting Comp TIA or Microsoft certified in Security +.  Oh and someone once told me that self-study was the best way to become a hacker by researching on the hacking topics…can all the info about hacking topics be found using Google?
      Thanks for all the other information posted in your last post too.

      Finally, here’s a bit of my plan everyone:  (Master 1 step and then proceed to the next)
      1) Read A+ material.  (To capture the grains of knowledge that have thus escaped my grasp.
      Read up on the OSI and its working. Purchase “Operating System Concepts, Seventh Edition” (Why is this more than 3 times cheaper than its successor?)
         
      2) Read up on networking. Master content in Odom’s books.
      3) Proceed to TCP/IP Volume Illustrated, learn as much as I can
      4) ? (Should I read the other Cisco books on routers and stuff now)
      5) Start gaining knowledge of specific OS. Preferably Linux, Windows server, XP, 7)
      6) Learn programming. (I already know the basics of C and C++ and I plan to promote this step up the order, is that ok? And one more q: Which programming language would you recommend for writing tools….I’m thinking Python is the easiest for this purpose.
      7&8) Start learning database management (Is knowing basic SQL commands enough?) and assembler(knowing to read shellcode is enough or do I have to be able to write it too?

      Well, this WAS my plan before you said to learn web-app stuff too….Hmmm,

      Where do I fit in learning that?

      Note: I plan to complete what unicityd said before proceeding to the content included in Sil’s link

      So…… any changes to the plan(its not finished)? Or is it OK?

      Awaiting your wisdom………

    • #46927
      Novice hacker
      Participant

      @dragongorge

                          Thanks for sharing your wisdom. I found your post pretty useful 🙂

      And I don’t mean to learn actual pen-testing on the forum but the path  to go about it AKA “The path to hacker mastery” 🙂
      can hopefully be learned.

    • #46928
      ziggy_567
      Participant

      Oh and could you please tell me a bit about the life of a pen-tester,

      The pay(when you start out) (and as you gain experience)

      Every pen-tester’s dream (like to get employed in _______________ company(please fill the dash))

      And also working hours

      I imagine there isn’t really a “typical” road to becoming a pentester. But mine was fairly windy….

      I got my Bachelor’s in Sociology/Anthropology. I got out of school and within a few years realized I couldn’t find a job that paid enough to cover my bills. So, I went back to school to get my Master’s in Information Systems. Upon graduation I joined a Fortune 500 company in FL on their Security Operations desk. I was very fortunate in that the head of the Computer Science department at my school had close contacts at this company, so they recruited heavily from our school. I spent two years working on the security desk configuring IPSEC tunnels and changing passwords while learning how to monitor a network for anomalous behavior. It was while I was here that I soaked up as much of the basics as I could – Linux commands and operation, OSI, basic networking concepts, etc. etc.

      After a couple years, I decided to move back to my home state for family reasons. I had also begun to want to do something different at that time and was really interested in finding a Unix/Linux Systems Administrator position. So, I found a small, privately held telecommunications company that was looking for a linux admin and got the job. This was a very lucky break as this company didn’t have anyone with a security background and they EXPECTED everyone to go to training twice a year. I racked up most of the certifications you see in my signature there. I worked for them for almost 3 years and actually got to start doing a little pentesting at the end of my tenure there.

      The company I work for now is a small, boutique security consulting firm. We do a little of everything, but I would say PCI is our ‘bread and butter.” Because we’re small, everyone does everything. In other words, if a Web App assessment comes up and I’m the engineer on deck, I do a web app assessment even though its not really my strength. Most of what I do, though, is external and internal penetration tests. Web app assessments are probably the third most common module I do. But, we also do interview driven assessments, console audits, password policy assessments, etc. etc.

      It’s an incredibly fun job for the most part. There are definitely parts that aren’t nearly as exciting (documentation), but the thrill of the hunt is the best part, because at the end of the day when you can show a client the impact that a risk poses, you can see that light bulb come on where they realize that they really need to fix the problem. When I was in operations, it didn’t matter how hard I pushed, my manager never really got how important it was to mitigate risk. That can be very frustrating.

      As far as pay goes, that will depend largely on your situation. If you’re an independent consultant, your pay is determined by how well you can market yourself. Typically, I think that security folk in IT tend to be paid a little over the median income of IT fields and I think the highly technical roles like penetration tester tend to be on the high end of the security pay scale. So, you are generally compensated well, but I don’t know if anyone is raking in millions of dollars from pentesting alone. Go check out salary surveys  on the web. I know Information Week just released theirs this month. You can find them in other places too, though.

      Anyway, good luck with your studies/development. You’ve found a good place in Ethical Hacker. Stick around and ask questions, but more importantly, look around for all the nuggets that are here already.

    • #46929
      unicityd
      Participant

      I think the Security+ is a fine way to start.  It won’t get you a job but it will help you to learn the basic concepts and terms.

      Purchase “Operating System Concepts, Seventh Edition” (Why is this more than 3 times cheaper than its successor?

      Older editions drops in price because schools use the newest edition for their texts.

      (Should I read the other Cisco books on routers and stuff now)
      5)  Start gaining knowledge of specific OS. Preferably Linux, Windows server, XP, 7)

      If you’re already through the CCNA books, I’d suggest focusing on Linux/Windows before doing more Cisco.

      Which programming language

      Python.

      before you said to learn web-app stuff too

      You can leave the web app stuff until after you’ve gotten the IT basics down and started learning about hacking/pen-testing specifically.  Since it’s not your particular interest, learn about pen-testing systems/networks first then web apps.

      The pay(when you start out) (and as you gain experience)

      The pay is going to vary a lot by company and location as well as experience/skill.  Location matters a lot both for job availability and for the value of your dollar.  Your money will go a lot farther in Boise than San Francisco or New York, but there are definitely more security jobs in SF/NY.  I’m not advocating for or against living in any of those places btw, they are just examples.

      If you’re willing to start your own company, the pay is potentially higher but with more risk (i.e. your business could fail).  To get to the higher salaries ($100k) within a company, you’ll probably have to get into a role where you are supervising other people.  And, depending on where you are the senior roles may not pay that much. 

      You don’t have to be a manager, but you will be a “Senior” whatever and have to provide supervision to junior staff on technical matters.  You need to be the guy that other people go to when they have questions.   

    • #46930
      Novice hacker
      Participant

      @ziggy

                Thanks for that account into your pen-tester life. It helped me to get a better idea of what a pen-tester does.  🙂

      It’s an incredibly fun job for the most part.

      🙂

      I don’t know if anyone is raking in millions of dollars from pentesting alone.

      Does anybody know if this is even possible?

      Anyway, good luck with your studies/development. You’ve found a good place in Ethical Hacker. Stick around and ask questions, but more importantly, look around for all the nuggets that are here already.

      Thanks a lot for your wishes and help    🙂

      @unicityd

      Python.

      I really wanted to hear that  🙂

      To get to the higher salaries ($100k) within a company, you’ll probably have to get into a role where you are supervising other people.  And, depending on where you are the senior roles may not pay that much. 

      I’l let that remain a goal along the path but my ultimate interest will always be hacking    🙂

      Thanks a great deal for answering my other questions with patience too.   

      Do you know any resources for network mapping?

      Thanks, I’m going to jump into my plan soon 🙂

      ” A journey of a thousand miles begins with a single step”

    • #46931
      Novice hacker
      Participant

      Oh yeah, when you said I have to learn about databases, do you mean knowing SQL commands is enough?

      And is ok to be able to read shellcode or should I be skilled enough to write it too?

      Thanks again

    • #46932
      unicityd
      Participant

      Knowing basic SQL is the bare minimum; it would help if you had some familiarity with MySQL or MS-SQL. 

      You don’t really read shellcode.  Shellcode is just the hex representation of actual executable code.  When you make shellcode, you write it in assembly, build (assemble) it, and then do some by-hand modification to remove null bytes.  It’s a very low priority; Just worry about the other stuff for now.

    • #46933
      Novice hacker
      Participant

      Thanks for the info unicityd,

      Do you think learning Microsoft Access is of any use? (I have an old book and was wondering whether I should take a look at that.

      Oh and going back through your replies, does TCP/IP first edition talk about how network traffic goes from a local network to another?

      Thanks again, 🙂

      Oh and does anybody know if “anybody is raking in millions of dollars in pen-testing?”
                                   

    • #46934
      dynamik
      Participant

      @Novice hacker wrote:

      For example, you could set obtaining your CCNA as your first short-term goal,

      Ok, but I did some research of my own and CCNA cert is not even mentioned here:
      http://infiltrated.net/TechnicalSecurityRoadmap.html#   (I still plan on getting it, I just would like your opinion on this)

      That’s probably because it’s not a security certification 😉 (although there is a security specialization you can add on and earn a CCNA: Security — that list is still a WIP and may not contain everything at this time). Remember, you can’t effectively secure/attack something you don’t understand, so you need to build a foundation first.

      Your short-term priority should be learning the basics and getting your foot in the door somewhere so you can start accumulating real-world experience. You don’t want to end up with an impressive amount of knowledge and credentials but not have any demonstrable evidence of ever applying it. The CCNA is practically required for any entry-level networking administration position, and it is a logical starting place. However, as others have said, you may benefit from developing a stronger foundation in Windows/*nix first. Systems run on the network, so understanding how they work will make you a more effective network administrator/engineer.

      Edit:

      @Novice hacker wrote:

      Oh and does anybody know if “anybody is raking in millions of dollars in pen-testing?”                           

      You’re asking about annually? Maybe if you were the owner of a successful company.

      Otherwise, it’s definitely possible to become a millionaire on a six-figure salary if you’re smart with your money.

    • #46935
      MaXe
      Participant

      So I heard you like hacking..  ;D (Read through the entire thread at work today)

      The reason why you need to learn how systems function, is also because you need to know what happens when you run an exploit. Sometimes, you have to reboot the server, and if you’re testing in a production environment and your scope says you should avoid crashing services or entire servers for that sake, then you should make sure which exploits could DoS or crash servers or services. (And thereby avoid crashing them. It also serves the purpose, of being able to identify why the vulnerability exists, in case of configuration errors, and how to resolve it. Running a “canned exploit” as mentioned earlier, is the easiest part.)

      Ten years sounds absolutely possible, because I began as the lowest factor around 12 years ago, where I only knew basic HTML, minimal hardware information, and how to fix common (easy) problems, and a few other things. I didn’t have anyone to guide me most of the time, and when I did, it was mostly people I found out wouldn’t last as mentors for a very long time. (But they became good friends.)

      When I began my education as SysAdmin back in 2007, and learned all the basics I had tried to skip or avoid, it actually gave me a much better understanding of everything, filling in points that made me able to learn even better and more. (And yes I had to learn about the OSI model too, and outdated modem technology as well, but I had an awesome teacher who encouraged me and still does, to learn and improve.)

      So the last ~5 years or so I’ve been “serious”, and with people showing you the way, which books to read, which websites to check out, certifications, jobs, and much more, I’m sure you’ll be fine and if you worked on it most of your time, you could probably do it in 5 years ;D All it takes, is dedication and the ability to find information on your own as well.

      I should say however, that even though I have had time for parties and girlfriends in periods, using a few hours a day, to learn more about hacking or talk about hacking with likeminded individuals like us, is not unusual as this is what we love.  🙂

      To answer your question about a pentesters dream, it’s in fact more simple than you may think. As you’re probably aware of, hacking is a huge area, and there’s many areas to specialize in. Some wants to do social engineering, others malware research, others forensics, web apps, etc., but sometimes, they’re not doing what they really want to do, they’re doing what they’re able to do, because it brings profit to the company and thereby, also gives the pentester a job, but the pentesters’ dream is, to work with their area of expertise first and foremost. At least, if they are truly great hackers. (Some people value money higher than knowledge unfortunately, this is why pentest jobs exists though, so it’s both good, and bad.)  😉

      My 2 cents for the day, I’m sure someone disagrees with my point of view xD  ::)

    • #46936
      Novice hacker
      Participant

      @ajohnson

      Thanks a lot for replying 🙂

      you can add on and earn a CCNA: Security

      I think it would be safer to start finishing with the CCNA and then progress onto security later, but thanks for the recommendation.

      Your short-term priority should be learning the basics and getting your foot in the door somewhere

      I’m currently trying to do this…..Do you think my ABSOLUTE FIRST STEP should be to read A+ material? (Assume I have no knowledge other than HTML and basic C,C++…? Thanks please be sure to mention the FIRST STEP.

      you can start accumulating real-world experience.

      After I have some knowledge in some thing, I plan to practically apply that and when I actually get to hacking I will build a hacking lab, though I might need some help on that.

      Systems run on the network, so understanding how they work will make you a more effective network administrator/engineer.

      Its OK if I study networking and then concentrate on individual OS, right? Or is that a must?

      Otherwise, it’s definitely possible to become a millionaire on a six-figure salary if you’re smart with your money.

      I really think that pen-testers don’t get paid as much as they should….:(

      And I think that a six dollar sum comes only with 10 years in pen-testing……:(

      What if I become really good at it but my starting salary is still like only 50,000, right? Is it possible to land a six dollar starting salary?

      @MaXe

      So I heard you like hacking..  (Read through the entire thread at work today)

      Yes! Thanks for taking the time to do that 🙂 It was very kind of you  🙂

      The reason why you need to learn how systems function, is also because you need to know what happens when you run an exploit. Sometimes, you have to reboot the server, and if you’re testing in a production environment and your scope says you should avoid crashing services or entire servers for that sake, then you should make sure which exploits could DoS or crash servers or services. (And thereby avoid crashing them. It also serves the purpose, of being able to identify why the vulnerability exists, in case of configuration errors, and how to resolve it. Running a “canned exploit” as mentioned earlier, is the easiest part.)

      Thanks for the info mentioned above and for taking the time to type that. 🙂

      I don’t know EXACTLY what you meant but I’ve got a good idea, and it really helps in learning something when you know WHY you’re learning it 🙂

      you could probably do it in 5 years  All it takes, is dedication and the ability to find information on your own as well.

      Thanks for the encouragement  🙂

      You’re explanation of the pen-tester’s dream was also very satisfying. I plan to work in whatever I specialize in  🙂

      Oh and do you know if learning Microsoft Access is of any use?

      Thanks  🙂
      As for the ‘dream company’ do you have any ideas? (I was thinking Microsoft ……?)

    • #46937
      dynamik
      Participant

      You’re asking for some perfect predefined path when one doesn’t really exist. If you ask a dozen people how they got into penetration testing, you’ll probably get a dozen different stories. I can throw out A+ > Network+ > Linux+ > Security+ > CCNA (which is a fairly standard novice path), but that doesn’t mean it’s going to be right for you. Just pick a topic and dive in. You’ll find that the topics you study tend to be cyclical, and regardless of which topic you start with, you’ll end up on another one sooner or later. It’s not like you learn everything about Cisco, then go learn everything about Windows, then move on to Linux, the programming, etc. Personally, I study multiple topics simultaneously so I get a little variety. Maybe try starting with A+ and a beginning Python book.

      Also, start general and get more specific over time. Don’t worry about MS Access; learn about databases in general. That way, you’ll have a starting point regardless of what kind of database you encounter. To answer your question more directly, no, MS Access isn’t going to be very useful knowledge. You’re going to want to focus on real DBMSes (Oracle, MS SQL, MySQL, PostreSQL, etc.)

      The dollar amounts are going to vary greatly around the country. $50k is feasible for a junior pentesting position, but you’re not going to start off with that in general IT.

      Regarding pen testing jobs, you’re probably going to want to find a company that specializes in it. However, large organizations may have a niche team that provides the same type of experience.

    • #46938
      Tazziewan
      Participant

      Would it be advisable to start out as a junior system administrator and work my way up to network security / pen testing role?

    • #46939
      unicityd
      Participant

      And I think that a six dollar sum comes only with 10 years in pen-testing……Sad

      What if I become really good at it but my starting salary is still like only 50,000, right? Is it possible to land a six dollar starting salary?

      With no experience, you just can’t give a company the value they need to justify paying you a six figure salary.  By the time benefits, hiring costs, training, etc. are factored in, the company is spending twice as much on you as they actually pay you in salary.  If you want to make $100k a year, you need to be able to justify the company spending that money.

      A typical first IT job is probably close to $40k (depending on location).  The people who make over $100k are mostly top technical people, managers, and consultants.  You’re not going to fill any of these roles fresh out of school or self-taught with a couple of certs.

    • #46940
      MaXe
      Participant

      @Novice hacker wrote:

      @ajohnson

      Your short-term priority should be learning the basics and getting your foot in the door somewhere

      I’m currently trying to do this…..Do you think my ABSOLUTE FIRST STEP should be to read A+ material? (Assume I have no knowledge other than HTML and basic C,C++…? Thanks please be sure to
      mention the FIRST STEP.

      I know a few hackers who began with A+ and Security+ material, they turned out to be great.

      @Novice hacker wrote:

      you can start accumulating real-world experience.

      After I have some knowledge in some thing, I plan to practically apply that and when I actually get to hacking I will build a hacking lab, though I might need some help on that.

      There’s a book by Thomas Wilhelm on that. (Publisher: Syngress, they publish a lot of good books on hacking.)

      @Novice hacker wrote:

      Systems run on the network, so understanding how they work will make you a more effective network administrator/engineer.

      Its OK if I study networking and then concentrate on individual OS, right? Or is that a must?

      You can learn networking first and then Operating Systems, or the way other way around if you desire so. Learning how TCP/IP functions first is a good idea, as learning about Operating Systems in depth, can be a bit boring. (Paging & Memory Handling algorithms, Filesystems, Program structure (not as deep as reverse engineering though, just what I’d call an “overview” of e.g., PE (EXE) and ELF formats. Just so you know what it means.) There’s a lot more, you’ll read about it when you need to  🙂

      @Novice hacker wrote:

      Otherwise, it’s definitely possible to become a millionaire on a six-figure salary if you’re smart with your money.

      I really think that pen-testers don’t get paid as much as they should….:(

      And I think that a six dollar sum comes only with 10 years in pen-testing……:(

      What if I become really good at it but my starting salary is still like only 50,000, right? Is it possible to land a six dollar starting salary?

      PenTesters often get higher salary than rest of the IT-world, hence the reason many sysadmins, even those that has absolutely no desire for infosec, moves into “infosec” with a CISSP or CEH and gets 10k extra a year or so.

      Generally I’d say, a penetration tester’s pay / salary, is pretty decent. Starting out as a junior, at some companies at least, pays good enough to have an acceptable living where you can eat properly. Plus you get to work with hacking, other hackers, and possibly get free training and perhaps even certs, that’s pretty good.

      Remember that money isn’t everything. It should be second to hacking, if you want to be a true hacker that is.  ;D (Some of the best hackers in the world, have normal jobs outside IT and their salaries are not that good, but they hack because they love it. But go for corporate hacking, because you will probably have a lot more fun if you want to work with it daily.)

      No matter how “good” you are, you have to be able to justify what you’re worth, by knowledge but also in many cases proven experience. If you can’t prove your knowledge besides saying you’re really good, the company won’t be able to know whether it is true or not. (If you on the other hand, have written several tools, advisories / pocs (0days), and much more, they can at least have some sort of picture even if you have no experience.)

      The more you learn, the bigger the picture will be, and sometimes it can be overwhelming to know (and don’t make this disencourage you), that you will never stop learning  🙂 There is always something new to learn, something to research, and this is what gives me that happy feeling inside, that we have not yet discovered all the vulnerabilities in every single program or operating system, and that we haven’t explained every mathemetical flaw there are in the implementation of several protocols.

      @Novice hacker wrote:

      @MaXe

      So I heard you like hacking..   (Read through the entire thread at work today)

      Yes! Thanks for taking the time to do that 🙂 It was very kind of you   🙂

      The reason why you need to learn how systems function, is also because you need to know what happens when you run an exploit. Sometimes, you have to reboot the server, and if you’re testing in a production environment and your scope says you should avoid crashing services or entire servers for that sake, then you should make sure which exploits could DoS or crash servers or services. (And thereby avoid crashing them. It also serves the purpose, of being able to identify why the vulnerability exists, in case of configuration errors, and how to resolve it. Running a “canned exploit” as mentioned earlier, is the easiest part.)

      Thanks for the info mentioned above and for taking the time to type that. 🙂

      I don’t know EXACTLY what you meant but I’ve got a good idea, and it really helps in learning something when you know WHY you’re learning it 🙂

      you could probably do it in 5 years  All it takes, is dedication and the ability to find information on your own as well.

      Thanks for the encouragement   🙂

      You’re explanation of the pen-tester’s dream was also very satisfying. I plan to work in whatever I specialize in   🙂

      Oh and do you know if learning Microsoft Access is of any use?

      Thanks   🙂
      As for the ‘dream company’ do you have any ideas? (I was thinking Microsoft ……?)

      Even though you plan to work in whatever you specialize in, be prepared to work in what you’re capable of working with for starters and some time. This experience gives you more knowledge, but also proven experience on your CV / resumé, plus you will meet other great hackers most likely, and perhaps change specialization. (You never know.)

      Learning Microsoft Access, I would say no, you should rather learn MySQL and / or MSSQL. MS Access isn’t that widely used in web apps, I think I’ve seen it once where it was definitely not easy to exploit, but it’s nice to know about. If you know SQL which generally is quite easy (of course ‘easy’ is relative), but then you pretty much just need to know the difference between MySQL, MSSQL, and use the cheatsheets you can find online for both, but also the others like MS Access. (Yes there’s cheatsheets to help you inject, not tools, but knowledge you can use.)

      The way I learned SQL during my education, was with this query: SELECT piece FROM cake WHERE size < mouth;

      All the words in big letters are SQL “commands”, the semi-colon needs to be there in almost all, if not all SQL queries at the end, and the words in small letters, are entries in a database, meaning there’s at least “4 variables” in this query.

      SQL is defined into databases, tables, and columns. The database is where you store all the data for a specific application, such as this “cake factory app” (or whatever you want to call it). The word after “FROM”, in this case ‘cake’, is the >table name<.

      This is where the columns ‘piece’, ‘size’, and ‘mouth’ are defined.

      The database could look like this:
      ______________________
      |________ cake ________|
      |            piece            |
      |            size              |
      |________mouth________|

      So it (cake) is a table with 3 columns (piece, size, mouth) in it. 

      ‘cake’ itself can’t have a value assigned to it, but ‘piece’, ‘size’, and ‘mouth’ can.

      Now, there’s a lot more to databases, but this is the basics and I’m sure if you think about it for a while, it’ll make sense if you didn’t get it right away. (If not, think of Excel and use rows and columns as a reference instead. Same principle.)

      Back on topic, the ‘dream company’, is not Microsoft. No offense intended toward Microsoft, but it is just not them, unless your entire world is about Microsoft and you love everything they create, then you should join their security team, but keep in mind you should aim to become a developer instead, not a penetration tester then. It’s the same thing with IBM generally, and Google too. They’re big in the global IT market, but they’re not big when it comes to Penetration Testing.

      Dream companies, are those that perform real penetration testing, hires the good hackers, and knows what they’re talking about. One of them could be: Rapid7 (they’re sometimes hiring, mostly developer positions), but there’s a lot of companies I can’t remember the names of, that I know from friends’ experience are more than great. Some of them have awesome bonuses and encourages research, others have crazy parties, some almost always go to the big conferences (Black Hat LV and Defcon, but also Derbycon too), and some will let you travel around the world.

      So when you have job interviews with companies in your country, ask them about the job, what they generally do, which conferences they go to if any, and of course if they’re doing work for the government, or the private sector, but also whatever else is on your heart. (Just don’t ask about the salary.)

      What I like the most, is primarily web application security, research, sharing my knowledge, and hopefully sometime in the future, go to various conferences and one day at least Defcon. But I can’t just say I only want that, I have to bend and give the company the value they expect and learn various things I may not usually consider learning, but in the end, the only result will be that I’ll be smarter.  🙂

      What you should focus mostly on, is getting relevant and correct information, so when you research something, it’s useful to read the same thing from several resources in some cases unless you know it’s a fact from a trusted source. (Keep in mind that Wikipedia can be edited by anyone, and even though it generally is quite correct, it does contain various mistakes in some topics, so be careful trusting what you read. The best way to make sure something you read is true, is to test it locally on your own systems in a safe way, in case it is a hacking method.)

      ~ MaXe

    • #46941
      dynamik
      Participant

      @Tazziewan wrote:

      Would it be advisable to start out as a junior system administrator and work my way up to network security / pen testing role?

      That’d be a good choice. That’ll hopefully give you an opportunity to work with a variety of different technologies. Even if you’re not in a security role or have “security” in your title, take the time to understand the various security mechanisms that are present in the technologies you’re working with. When you switch to an offensive position, you can use that knowledge to your advantage.

      Welcome to the forums btw.

      @Novice hacker wrote:

      Is it possible to land a six dollar starting salary?

      I think we all assumed you meant “six-figure,” but if you’re really looking for a $6 wage, there’s probably a McDonald’s hiring near you ;D

    • #46942
      Novice hacker
      Participant

      Wow……great responses         🙂

      Before I respond, I would like to thank all of you guys for taking the time to help me out                      

      Thanks  !       🙂

      @ajohnson

      Your reply was extra-informative and I realized some of the things that you said just a day before I read your reply……

      Thanks for the novice path, I won’t strictly adhere to it (read below)
      but its useful as a guideline.

      It’s not like you learn everything about Cisco, then go learn everything about Windows, then move on to Linux, the programming, etc. Personally, I study multiple topics simultaneously so I get a little variety. Maybe try starting with A+ and a beginning Python book.

      This was beginning to dawn on me….I couldn’t prevent myself from reading other stuff on that list like kind of simultaneously…:)

      In fact, I started following exactly what you suggested before you suggested it!! I’ve started reading A+ material    (PC hardware and A+ handbook by Kate Chase was the only book I could find in my town’s library, so I’ve started reading it. Since its a bit outdated I will read some current version of A+ version after I finish it and I’ve also kind of downloaded a Python library of books and I’ve started reading one.  (A learner’s guide to programming using the python language)

      Regarding database management, your advice was also very helpful. 🙂 As for the salary, read on…..
      The pen-testing specializing companies advice was also very interesting so thanks again 🙂 (once again, read on….)

      @ unicityd

      Thanks for the info.  🙂

      It gave me a better idea of the current situation.

      This is kind of further addressed down the post, so read on 😉

      @MaXe

      Woah, that’s the longest post I’ve ever seen in my life  🙂

      Thank you very very very much for posting all that info    🙂

      But, before I address it, I would like to make my position a bit more clear. You have misunderstood me. 🙁

      I plan to come to the Infosec field purely because of my great interest and passion for hacking and security. I’m not doing it for the money but the reason why I posted those question was because

      1) I feel that “rewards stimulate me a great deal”.  

      2) There will probably be pressure from my family to earn a lot when I choose an ‘unconventional’ field like ethical hacking. I feel as if i have to prove myself. But other than that, I joined this field ONLY because of the burning desire in my heart to learn hacking and my ULTIMATE dream is to become THE BEST or ONE OF THE BEST…..

      I assure you that I am not doing it for the money alone   🙁

      On a happier mood,

      I know a few hackers who began with A+ and Security+ material, they turned out to be great.

      Thanks! That is very encouraging 🙂

      There’s a book by Thomas Wilhelm on that. (Publisher: Syngress, they publish a lot of good books on hacking.)

      I read the table of contents and it looks great but there were a couple of negative reviews saying “Unfortunately, PPT should be called “Professional Pen Testing Project Management.” Have you personally read the book? Would you give it the thumbs up?( because it looks good to me)

      Learning how TCP/IP functions first is a good idea, as learning about Operating Systems in depth, can be a bit boring.

      I went through(skimmed through ) MOS by Andrew Tannenbaum in the library today and it was kind of outdated, but I will talk more about that when I get to that step.  🙂

      Which volumes of TCP/IP should I read? (Is the I vol. enough?)

      pays good enough to have an acceptable living where you can eat properly

      ;D

      And I plan to go for ‘corporate hacking’ because as you already stated I get to work with it DAILY     🙂

      No matter how “good” you are, you have to be able to justify what you’re worth, by knowledge but also in many cases proven experience. If you can’t prove your knowledge besides saying you’re really good, the company won’t be able to know whether it is true or not. (If you on the other hand, have written several tools, advisories / pocs (0days), and much more, they can at least have some sort of picture even if you have no experience.)

      I will try to do atleast one of these before I apply for a job……
      Do you have anymore suggestions to prove my worth? (It would be very useful for me, thanks)

      The more you learn, the bigger the picture will be

      I like that the infosec field is a broad one too       🙂

      Oh and I will be ready for all things coming 🙂   (Regarding specialization)

      And I have to thank you a ton for that mini-SQL lesson. I found that highly instructive as well as interesting to learn. (It was a great analogy, though it took me a few seconds to grasp what it meant)

      Dream companies, are those that perform real penetration testing, hires the good hackers, and knows what they’re talking about. One of them could be: Rapid7 (they’re sometimes hiring, mostly developer positions), but there’s a lot of companies I can’t remember the names of, that I know from friends’ experience are more than great. Some of them have awesome bonuses and encourages research, others have crazy parties, some almost always go to the big conferences (Black Hat LV and Defcon, but also Derbycon too), and some will let you travel around the world.

      WOW! That’s my idea of a DREAM company! What you described is almost exactly what I want to do!! PLEASE tell me if you can remember the names of those companies and if you can contact your friends for the names. They seem to fit into my interests a lot…..:)    (Do you work for a similar company?)

      Thanks for sharing your interests, it has kind of stimulated me to be more interested in Web App Security…its ok if I learn that last right?

      As for correct info, I try to get my info from two sources or so.

      @ajohnson

      I think we all assumed you meant “six-figure,” but if you’re really looking for a $6 wage, there’s probably a McDonald’s hiring near you

      ;D

      My bad.    

      Sorry, I meant six-figure sum.

      But, I think MaXe has provided some great suggestions regarding that, do you know any more? (other than publishing books and other stuff)

      And once again a HUGE thanks is called for:

      Thanks!

      🙂

    • #46943
      unicityd
      Participant

      Which volumes of TCP/IP should I read? (Is the I vol. enough?)

      Vol I is enough.  After that, you should read books that focus on other networking topics; either Cisco books or network security books.  TCP/IP Illustrated Vol. II is the source code for an actual TCP/IP stack implementation and is only useful if you are doing very low-level work and need to test or develop a custom TCP/IP stack.  Very few people have ever read it.  Vol III is mostly obsolete.

      If you think your family will chafe at a career in “Ethical Hacking”.  Just tell them you’re getting into “Network Security” or “Information Security”.  If they are hell bent on you being a doctor/lawyer/ballet dancer, they’ll just have to be disappointed.

    • #46944
      MaXe
      Participant

      @Novice hacker wrote:

      @MaXe

      Woah, that’s the longest post I’ve ever seen in my life  🙂

      It’s one of my standard post lengths when I have time and there’s a good reason to do so  ;D

      @Novice hacker wrote:

      Thank you very very very much for posting all that info    🙂

      But, before I address it, I would like to make my position a bit more clear. You have misunderstood me. 🙁

      I plan to come to the Infosec field purely because of my great interest and passion for hacking and security. I’m not doing it for the money but the reason why I posted those question was because

      1) I feel that “rewards stimulate me a great deal”.  

      2) There will probably be pressure from my family to earn a lot when I choose an ‘unconventional’ field like ethical hacking. I feel as if i have to prove myself. But other than that, I joined this field ONLY because of the burning desire in my heart to learn hacking and my ULTIMATE dream is to become THE BEST or ONE OF THE BEST…..

      I assure you that I am not doing it for the money alone   🙁

      No problem, and no I wasn’t judging you  ;D Just wondering because you mentioned the salary in a few posts. But 1) Most ethical hacking jobs pays better than other non-management IT-jobs, plus it’s a lot more fun imho, 2) You’re going to have one of the coolest jobs in the world and the salary is often higher than other jobs in the IT-sector? If you want to use nice words, say IT-Security Consultant, as they may not understand at the moment that professional & legit hackers exist. (At least, some of my family denied that for several years, and some of them still do. Including friends requesting illegal services I of course deny, because they think all hackers are bad somewhere, but I don’t think they would ask a cop to shoot someone just because they carry a gun. In this case, the mind of the hacker, is the gun.)

      But IT-Security (or ICT-Security depending on where you are in the world), often pays quite good, especially if you’re not a junior but on the “normal” or senior stage. Anything +50k is considered good, as you will earn more than most people. Tech Support, such as some of my previous dayjobs, has paid as low as 25k $USD per year, _before_ tax. It’s one of the biggest IT-companies in the world and it was in a capital city in EU where they speak English, in fact, the company is IBM. It’s not minimum wage salary, but it’s close to, and there is a lot of tech support jobs, that are minimum wage, and getting any increases per year, is very hard, no matter how good you are at your job. So even 40k$ a year is nice. At another job I recently had they paid roughly 20% more, and this company is not very well known, it’s still tech support, but the location is also in the middle of nowhere!  ;D

      So just because a company is big, isn’t equal to good salary, good work environment, or for that sake, many other things you will experience on your own perhaps. (I wish all the best for you of course.)

      @Novice hacker wrote:

      On a happier mood,

      I know a few hackers who began with A+ and Security+ material, they turned out to be great.

      Thanks! That is very encouraging 🙂

      There’s a book by Thomas Wilhelm on that. (Publisher: Syngress, they publish a lot of good books on hacking.)

      I read the table of contents and it looks great but there were a couple of negative reviews saying “Unfortunately, PPT should be called “Professional Pen Testing Project Management.” Have you personally read the book? Would you give it the thumbs up?( because it looks good to me)

      I haven’t read it, but I’ve participated in his classes at the Hacking Dojo, and he has quite a lot of experience with pentesting, plus I know that he’s particularly good at putting on focus on the things people don’t tend to attack in labs. He made an article on this website recently about this issue, that people would often target servers, etc., instead of routers too. (Meaning you should eventually try to hack routers and switches too, it’s an important skill. Especially to know what you can do, and what you should avoid.)

      @Novice hacker wrote:

      Learning how TCP/IP functions first is a good idea, as learning about Operating Systems in depth, can be a bit boring.

      I went through(skimmed through ) MOS by Andrew Tannenbaum in the library today and it was kind of outdated, but I will talk more about that when I get to that step.  🙂

      Which volumes of TCP/IP should I read? (Is the I vol. enough?)

      Haven’t read that book, but TCP/IP hasn’t generally been updated afaik (as far as I know), so even an old book, can be just as up2date as a new book about TCP/IP. The TCP/IP Illustrated book could be a good read, even though I’ve never read it. If you don’t like “dry reading”, avoid RFC’s for now, but don’t avoid them forever  🙂 (Check one out a day for e.g., a protocol you really like and want to know more about.)

      @Novice hacker wrote:

      pays good enough to have an acceptable living where you can eat properly

      ;D

      And I plan to go for ‘corporate hacking’ because as you already stated I get to work with it DAILY     🙂

      No matter how “good” you are, you have to be able to justify what you’re worth, by knowledge but also in many cases proven experience. If you can’t prove your knowledge besides saying you’re really good, the company won’t be able to know whether it is true or not. (If you on the other hand, have written several tools, advisories / pocs (0days), and much more, they can at least have some sort of picture even if you have no experience.)

      I will try to do atleast one of these before I apply for a job……
      Do you have anymore suggestions to prove my worth? (It would be very useful for me, thanks)

      The more you learn, the bigger the picture will be

      I like that the infosec field is a broad one too       🙂

      Oh and I will be ready for all things coming 🙂   (Regarding specialization)

      And I have to thank you a ton for that mini-SQL lesson. I found that highly instructive as well as interesting to learn. (It was a great analogy, though it took me a few seconds to grasp what it meant)

      For the moment no, you have much to learn and reflect about, and I don’t want to overwhelm you with too much information at once. I’ve given my best advice for now.  🙂

      It’s great to hear you learned something from the mini-SQL lesson, in fact it may make it easier for you to understand how SQL works in the future then.

      @Novice hacker wrote:

      Dream companies, are those that perform real penetration testing, hires the good hackers, and knows what they’re talking about. One of them could be: Rapid7 (they’re sometimes hiring, mostly developer positions), but there’s a lot of companies I can’t remember the names of, that I know from friends’ experience are more than great. Some of them have awesome bonuses and encourages research, others have crazy parties, some almost always go to the big conferences (Black Hat LV and Defcon, but also Derbycon too), and some will let you travel around the world.

      WOW! That’s my idea of a DREAM company! What you described is almost exactly what I want to do!! PLEASE tell me if you can remember the names of those companies and if you can contact your friends for the names. They seem to fit into my interests a lot…..:)    (Do you work for a similar company?)

      Thanks for sharing your interests, it has kind of stimulated me to be more interested in Web App Security…its ok if I learn that last right?

      As for correct info, I try to get my info from two sources or so.

      What I described were several different companies, where most of them are located in the UK. This doesn’t mean they exist in other countries though, as some of them were from USA, Australia, Denmark, etc., so the best way to find out, is when the time comes, read about the company and the job on their website, and perhaps during a phone interview if you get to this phase, ask about the benefits of working there, but not in a greedy way of course  🙂

      Currently I work in Tech Support, while I’ve done some freelancing (mostly voluntary), but I’ve also done some lighter research, and many other interesting things which I’m sure you’ll discover, however I am actually going to relocate to another country soon to work with ethical hacking (including penetration testing) plus a few other things for a living. I honestly can’t wait to get started  ;D

      I’m glad to hear you’ve developed a deeper interest for Web App Security, but yes, you can learn it last if that is what you want. When I “talk” with new hackers, I ask them whether they want to become a hacker who specializes in web applications, or programs, and from there, perhaps sub-specializations like reverse engineering, malware analysis / research, 0days / zero days (reverse engineering comes into place here), vulnerability research (can be applied to web app sec too), and so forth.

      When you learn how to specialize in web apps, you need to learn the appropriate protocols that serves a website, from HTTP (including some basic SSL), to DNS, routing, TCP, UDP, IP, ICMP, ARP (even FTP and some SSH too), and different physical and virtual topologies. (Such as a star-shaped ethernet network. It’s not that important to know, but learning how the ethernet protocols functions, at least some point during your self-taught education, is very good to do.)

      If you are going to learn vulnerability research and / or exploit development of programs, you need to learn things like reverse engineering (at least somewhat), basic assembly (the programming language), debugging, but also how to analyze protocols and e.g., build your own protocol fuzzer, which in some cases is not as hard as it may sound. (Building a basic fuzzer for the TFTP or HTTP protocol isn’t that hard.) You will need to know about TCP, UDP, IP, ICMP, ARP, etc., here too, along with other protocols including routing.

      Otherwise, how will you be able to know when looking at a traffic dump in Wireshark if you’ve done something horribly wrong?

      Of course you will probably be using “canned exploits” for both, so that’s why both of these areas covers the same protocols, and just because I said HTTP in the first, doesn’t mean you shouldn’t learn it in the second. It’s just a requirement in the first, if you want to be effective and know what’s really going on when you send an exploit.

      So take it in the order you find most interesting, that is what matters when you’re learning on your own  ;D But keep in mind, that for some topics, you should learn the basics / foundation first, before attempting fly without wings that haven’t fully grown out yet  🙂

      I’m glad to hear you’re using at least two sources, but keep in mind that two sources can be incorrect too, even professionals who has worked with IT for 10 or 20 years.

      PS: Long replies are my speciality in some cases hehe  ;D

    • #46945
      Novice hacker
      Participant

      Hi!   

      Thanks for the great responses again  🙂

      @unicityd

      Thanks for the advice on the volume selection. It’s easier and a great relief to know that I don’t have to study material that won’t help me.

      I consider myself very lucky to have guys like you who are willing to help a newbie out 🙂

      @MaXe

      Thank you very much for that rich post choc-full of information  🙂

      I found it answered my questions very specifically and in detail. Though I don’t have the time to give your post the special attention it deserves right now, I promise to reply to this post tomorrow 

      Looking forward to tomorrow…..:)

    • #46946
      Grendel
      Participant

      @MaXe wrote:

      I haven’t read it, but I’ve participated in his classes at the Hacking Dojo, and he has quite a lot of experience with pentesting, plus I know that he’s particularly good at putting on focus on the things people don’t tend to attack in labs. He made an article on this website recently about this issue, that people would often target servers, etc., instead of routers too. (Meaning you should eventually try to hack routers and switches too, it’s an important skill. Especially to know what you can do, and what you should avoid.)

      I don’t know why, but when I see people mention me in forums, it feels like people are talking about me as if I’m not there, even though I’m standing right next to them in the same room.  😉

      Thanks for the kudos, MaXe…
      Ping me if you have any questions about the book or pentesting, Novice.

    • #46947
      dynamik
      Participant

      @Novice hacker wrote:

      There’s a book by Thomas Wilhelm on that. (Publisher: Syngress, they publish a lot of good books on hacking.)

      I read the table of contents and it looks great but there were a couple of negative reviews saying “Unfortunately, PPT should be called “Professional Pen Testing Project Management.” Have you personally read the book? Would you give it the thumbs up?( because it looks good to me)

      Since Tom’s apparently too humble to address it, I will.

      If you go to the review itself and not just glance at the excerpt on the main page, you will see that Tom actually responded to it: http://www.amazon.com/review/R3QRU5AA4KVT4B/ref=cm_cr_pr_viewpnt#R3QRU5AA4KVT4B

      While I don’t think that Bejtlich’s points are necessarily inaccurate, it does seem like his expectations were off. It’s a book that introduces the professional side of hacking; it’s not a book that claims to make you an expert-level penetration tester. I paged through a copy that was in the company library at my previous employer, and I think this is a great read for anyone looking to make a career out of penetration testing, such as yourself 😉

    • #46948
      MaXe
      Participant

      @Novice hacker wrote:

      @MaXe

      Thank you very much for that rich post choc-full of information   🙂

      I found it answered my questions very specifically and in detail. Though I don’t have the time to give your post the special attention it deserves right now, I promise to reply to this post tomorrow  

      Looking forward to tomorrow…..:)

      No problem, glad to hear it answered your questions. No need to prepare a long reply as I will be extremely busy over the next week or so.

      @Grendel wrote:

      @MaXe wrote:

      I don’t know why, but when I see people mention me in forums, it feels like people are talking about me as if I’m not there, even though I’m standing right next to them in the same room.  😉

      Thanks for the kudos, MaXe…
      Ping me if you have any questions about the book or pentesting, Novice.

      I figured you were busy with your job, etc., since I referred to you as not being often around  🙂 And no problem about the kudos  ;D (Fyi I only give kudos to those I believe in.)

    • #46949
      Novice hacker
      Participant

      Tomorrow has finally come………..:)

      I think I’ve overdone the smileys in my last few messages so this one isn’t going to have any except for the first one.

      Anyways,

      @unicityd

      I think I should clarify to be fair to my family. My dad is OK with me being an ethical hacker (He actually knows what a hacker is) (My Mom won’t object to it but will probably be concerned on how much income it generates, while my sister still scorns my capability to become one…..)

      Regarding my plan, I am extremely busy but I have still managed to read about 50 pages A+ material and 30 pages python.

      So far so good…..

      @ MaXe

      It’s one of my standard post lengths when I have time and there’s a good reason to do so 

      Thanks!

      plus it’s a lot more fun imho

      +1

      IT-Security Consultant

      How about “Cyber Security Expert”  (Kind of sounds cool)

      Anything +50k is considered good, as you will earn more than most people. Tech Support, such as some of my previous dayjobs, has paid as low as 25k $USD per year, _before_ tax.

      I’m not being greedy or anything but if you check this out you will find why I was going for like $100,000.

      You can find the link here:http://ittrainingblog.com/2011/05/16/average-salary-of-someone-with-the-certified-ethical-hacker-ceh-certification/#comment-52
      Check it out and please tell me your opinion(s).

      He made an article on this website recently about this issue, that people would often target servers, etc., instead of routers too. (Meaning you should eventually try to hack routers and switches too, it’s an important skill. Especially to know what you can do, and what you should avoid.)

      That would be “A rant on hacking labs, right? I already pasted the link to a word document called “How to create a Hacking lab”. It contains links to pages that instruct about hacking labs.

      (Check one out a day for e.g., a protocol you really like and want to know more about.)

      Will keep that in mind.

      It’s great to hear you learned something from the mini-SQL lesson, in fact it may make it easier for you to understand how SQL works in the future then.

      I’m pretty sure it will 

      so the best way to find out, is when the time comes, read about the company and the job on their website, and perhaps during a phone interview if you get to this phase, ask about the benefits of working there, but not in a greedy way of course

      I will do that when I get to that point but I will keep that in mind for inspiration.

      Regarding choosing a specialization, I will do that as soon as I gain a bit more knowledge of what those specializations really mean. Does anybody have an idea of what specialization will be in demand in 10 years? (I’m not saying I’m going to follow it, its just to get an idea)

      So take it in the order you find most interesting, that is what matters when you’re learning on your own  But keep in mind, that for some topics, you should learn the basics / foundation first, before attempting fly without wings that haven’t fully grown out yet 

      Thanks for the good advice  🙂  (Couldn’t resist)

      I know you said that I didn’t have to send a long reply but I couldn’t  resist.

      @Grendel

      Wow! I didn’t know that you were a part of this community!!

      You must have loads of experience with pen-testing and probably worked with top professionals….I don’t want to bother you with questions but what would your No:1 advice be to a novice like me?

      (I’ve sent you a pm regarding the book.)

      @ajohnson

      Thanks for providing the link. It kind of ‘cleared up’ the matter. Plus, thanks also for providing your opinion on the book. I think that’s good enough for me to buy it.

      Just one question, can I read it now? Or should I wait until completing any no. of steps?

      Once again, thanks a ton for sharing your vast reserves of knowledge guys        🙂    (Couldn’t resist again)

      With each day, I feel I’m inching forward.

      Until tomorrow……..
                                                                            -NH

    • #46950
      dynamik
      Participant

      @Novice hacker wrote:

      @ajohnson

      Thanks for providing the link. It kind of ‘cleared up’ the matter. Plus, thanks also for providing your opinion on the book. I think that’s good enough for me to buy it.

      Just one question, can I read it now? Or should I wait until completing any no. of steps?

      As with most your questions at this point, the answer is going to be “it depends.” It will obviously be beneficial when you get closer to the point of actually being able to pen test, but it could also be useful now to give you an overview of everything that’s involved with pen testing. It’s not just hacking. You do need to perform project management, interface with management, write reports, etc. It might be good to get an idea of everything you’re getting yourself into. You might find you prefer to go into a research or engineering role instead.

      I think you have more than enough to work with for the foreseeable future, and you can probably ease back on adding new resources to your list for awhile. If you think you may not get to something for a year or two, don’t even worry about it now. Technology changes quickly and there may be a new version or different resource available by the time you need it. Throwing out an untouched $50 book when the new version arrives always stings.

    • #46951
      Grendel
      Participant

      @ajohnson:
      Thanks for pointing out my response. I prefer to stay out of such conversations, since I don’t want to sound defensive. I appreciate readers (even those who peruse the book) to state their opinions. Thanks again.

      @novice:
      I’m actually addressing the community with my response, so take my reply with glasses filtered with your own experience.

      The one thing I say over and over again (to hammer the point home), is that to become a good (not even great) pentester, you have to be a guru in something. Whether that something is system administration, network administration, or programming is immaterial, but should be selected based on interest. It is possible to learn such topics as you go along during your pentest journey, but it’s simpler and less overwhelming being a guru at something beforehand.

      Once you have the “guru” title under your belt, then move onto pentesting. And even then, pick a specialty (network, web, RE), with the idea you’ll add on new skills from the other categories as you progress – You will need to intermingle each of those specialties in your own career path, but pick one and take it to its natural conclusion.

      Also, don’t rush things – that makes for shallow learning across all topics. What you need to do is have an in-depth understanding of each topic (e.g. You may understand what a packet is, but have you seen what it looks like going across the wire?), not just an understanding of security/networking/programming/systems that is an inch deep and a mile wide. This means your first cert shouldn’t be a security one, but perhaps something from Solaris or Cisco or Microsoft. Once you have a solid base, you can move into pen testing.

      And regarding salaries, think about this – people don’t make six figures simply because they have a cert, like the CEH; the experience and background of the person makes the salary – not the cert. Meaning, the broader and deeper the knowledge and hand-on experience, the better the salary. Certs are simply a method of getting past HR during a job hunt.

      Hope that has helped. I will respond to your PM shortly.

      Good luck!

    • #46952
      Novice hacker
      Participant

      @ajohnson

      Thanks for the reply    ;D

      It kind of opened my eyes on a lot of matters along with Grendel’s post. I’m pretty sure that the book won’t help me out regarding performing an actual pen-test or building a hacking lab…….BUT I have decided to buy it      ;D

      Like you said, it will give me an overview of what pen-testing is all about. No, I don’t have any plans to change my decision but it could serve as a heads up to what I’m getting myself into.

      Throwing out an untouched $50 book when the new version arrives always stings.

      You’re right. So I plan to continue with my step by step procedure with slight modifications. I should probably finish creating a foundation before I start cranking up the building. Thanks for making me realize this  🙂

      @grendel

      Thank you very, very much for your post      ;D

      I assure you it really brought me to my senses on some issues.

      The prospect of becoming a guru in something interests me a great deal. I”m thinking programming would probably be my choice.

      As for the specialty after going into pen-testing. I think networking would probably be my first choice.

      Also, don’t rush things – that makes for shallow learning across all topics. What you need to do is have an in-depth understanding of each topic (e.g. You may understand what a packet is, but have you seen what it looks like going across the wire?), not just an understanding of security/networking/programming/systems that is an inch deep and a mile wide. This means your first cert shouldn’t be a security one, but perhaps something from Solaris or Cisco or Microsoft. Once you have a solid base, you can move into pen testing.

      I truly consider this to be PRICELESS advice. I also consider myself very lucky to have received this sooner than later. Everything seems to be falling in place now…

      the experience and background of the person makes the salary – not the cert. Meaning, the broader and deeper the knowledge and hand-on experience, the better the salary. Certs are simply a method of getting past HR during a job hunt.

      I have a feeling of being ‘blind’ up to this point,
      I understand everything you said perfectly.
      For probably the first time, I don’t have any questions regarding the topics mentioned above.

      Once again thank you very much for opening my eyes,

      The path to mastery just got a lot brighter……. ;D

    • #46953
      Novice hacker
      Participant

      I was just re-reading my post and thought I ought to be a bit clearer.

      I’m pretty sure that the book won’t help me out regarding performing an actual pen-test or building a hacking lab

      I mean RIGHT NOW. I shouldn’t be concentrating on that when I haven’t yet mastered the basics.

      And I forgot to add this

      @MaXe

      I wanted to wish you the best of luck in your future ethical hacking travels.      ;D

      And just one small question too.

      How are pen-testers recruited and will I get a chance to showcase my skills to my employer?

      Thanks again,

                                                                    -NH

    • #46954
      MaXe
      Participant

      About using “Cyber Security Expert” instead of IT-Security Consultant, yes you can do that too, it doesn’t sound evil. But don’t use the “expert” too much if you’re not seen as an expert in your field  🙂 (You can of course tell them you’re training to become one and eventually will become one.)

      @Novice hacker wrote:

      And I forgot to add this

      @MaXe

      I wanted to wish you the best of luck in your future ethical hacking travels.       ;D

      And just one small question too.

      How are pen-testers recruited and will I get a chance to showcase my skills to my employer?

      Thanks again,
        -NH

      Thanks and you too! It isn’t long before I’m starting at my new job, can’t wait  ;D (This time it’s infosec and pentesting.)

      There are several ways, just like other jobs. 1) Meet / talk with companies at (infosec) conferences, maybe they’re looking for people. 2) Apply for jobs via company websites or use an agent (that specializes in infosec / pentesting jobs) to help you. 3) Become headhunted by companies and / or agents.

      Sometimes the headhunter agents may think you want tech support jobs though, in case your experience says mostly tech support. Also, these agents doesn’t often know exactly what pentesting is about, but they know which companies to contact, etc. If you use one of these, make sure you get a list of companies they send your CV to, and preferably start with using only one, that doesn’t spam your CV to all companies there is, but rather targets specific companies that matches your profile.

      Getting headhunted by a company on the other hand, requires in most cases that I know of, that they somehow find you interesting and a potential asset to their company in case they hire you, meaning you either have to display a decent background, or for that sake, other things such as presentations (from e.g., conferences and / or “chapters”), certs, open source tools, advisories, etc., that tells them you know your stuff and you burn for this type of job.

      So when you have something to show, use LinkedIn and make sure they can read your profile. Don’t put private details you don’t want on the Internet, but put everything else available to the public, so the companies can see you’re there. You may have to rewrite your profile several times over the months or years you have it, while you have e.g., other IT-jobs that aren’t infosec related.

      If you will have the chance to showcase your skills, that depends on the company. Most companies I’ve had interviews with, will have a technical test over the phone as a second part of the entire interview process. (There is typically 2-3 parts minimum. The first is introduction, if you pass this you move to technical test, if you pass this, IRL interview which can include a test too.)

      This technical test (second part), can variate quite a lot. In some cases they would ask if I knew what SQL Injection or for that sake XSS is, which I know pretty well and where I had plenty of demo material and knowledge ready at hand, and most of them were pretty easy to me. (Easy is after all, relative.) There was one technical interview, where I was asked a lot about protocols and other things, that I had learned during my education but never used afterward, and that was where I had a hard time, because I can’t remember everything I’ve learned, if I’m not using it at least just once in a while. In this case, I only had a faint idea in some cases where I was afraid of saying the wrong thing. I did pass that interview though, and it went really well when we moved onto the pentesting part.

      One question I have been asked a lot, is “how would you conduct a pentest?”, it’s a rather interesting question, as it shows. Do you actually know how a pentest is done? Or do you know, at least the standard way? (You don’t have to learn about the OSSTMM yet, but knowing it exists is a good idea as more and more companies are using it.)

      What matters is you shouldn’t exaggerate or lie during a technical interview, as the interviewer will know right away in most cases  🙂 Sometimes you may of course think, you know a lot about a topic, and then the interviewer may have a much deeper understanding, meaning you talk past each other.

      In some cases, after the technical interview, I have heard of people getting real tests. Some of those I’ve heard about were: 1) Analyze (or disassemble) a bot (from a botnet) and hack the C&C server. (In this case it wasn’t a bot used for malicious purposes but rather a test where the bot can’t spread.)
      2) Go to this URL and hack this website, you have 24 hours to do so.
      3) Analyze this web application (i.e., review the PHP source code), we’re talking about 100’000 lines at least in this case.

      And well, I can’t remember any others at the moment, but there has been a few.

      You may also be subject to background investigations, and in case you’re applying for a job in the government, you can expect that you need a security clearance  🙂

    • #46955
      Novice hacker
      Participant

      @MaXe

      Thanks for the post        🙂

      Sorry about the late reply but I was kind of got caught up with work at school.

      Insert Quote
      About using “Cyber Security Expert” instead of IT-Security Consultant, yes you can do that too, it doesn’t sound evil. But don’t use the “expert” too much if you’re not seen as an expert in your field  (You can of course tell them you’re training to become one and eventually will become one.)

        Ok, I will keep it s a future ‘title’.

      It isn’t long before I’m starting at my new job, can’t wait  (This time it’s infosec and pentesting.)

      I can see that pen-testing excites you a lot too. ;D I hope you do well! 

      Thanks for the suggestions regarding recruitment.  🙂

      I plan to become highly skilled and then market myself.

      Those tests you mentioned at the end were very interesting but also seemed very difficult…..Are pen-testers asked to perform such tests  regarding web applications? And do you have any idea whether there are any ‘challenges’ to land a job? Like competitions? I’m really interested in participating in these competitions……:)

      Finally, just a few questions regarding my current stand:

      1) How far do I have to be familiar with computer hardware and A+ material. I’ve read about 200 pages of the Kate Chase handbook and I want to know if I should be ready to install a new CPU,motherboard etc. and should have experience assembling a computer and stuff. So, please mention to what extent I should possess knowledge of A+ material (only the hardware part)

      2) Have you ever played CTF? It seems to be a lot of fun  🙂

      Once again thanks for replying and remember to have loads of fun at your new job ;D

    • #46956
      MaXe
      Participant

      @Novice hacker wrote:

      @MaXe

      Thanks for the post         🙂

      Sorry about the late reply but I was kind of got caught up with work at school.

      I plan to become highly skilled and then market myself.

      Thanks and no problem, I’m relatively quite busy IRL these days too.

      Sounds great that is your plan, as that way you have the highest chance of succeeding in landing a job. But don’t be afraid to take other jobs while you hunt for an infosec job.  ;D

      @Novice hacker wrote:

      Those tests you mentioned at the end were very interesting but also seemed very difficult…..Are pen-testers asked to perform such tests  regarding web applications? And do you have any idea whether there are any ‘challenges’ to land a job? Like competitions? I’m really interested in participating in these competitions……:)

      Finally, just a few questions regarding my current stand:

      1) How far do I have to be familiar with computer hardware and A+ material. I’ve read about 200 pages of the Kate Chase handbook and I want to know if I should be ready to install a new CPU,motherboard etc. and should have experience assembling a computer and stuff. So, please mention to what extent I should possess knowledge of A+ material (only the hardware part)

      Interesting yes. Difficult, that’s relatively yes and no (for some it’s hard, for some it’s easy, but generally I’d say intermediate at least)  🙂 I could’ve passed all of those with enough time (I wasn’t the person doing them though, but rather it was friends that they were assigned to), but the one about analyzing a web app was harder than expected, even though the person who was doing it, actually did very well.

      You could be asked to do such a test, but it isn’t always. Most junior pentesters are often nowadays expected to know about web app sec, but it is not a requirement. If your skillset says reverse engineer, I’m sure they would like to give you another task instead.

      There are challenges that can help you get a job, but not guarantee one. It’s rarely I see a company host these, but there are both the Cyber Security Challenge (one for US and one for UK) and DC3 (US, but hackers from other parts of the world can participate too). Both of them are held yearly.

      The first part of the Cyber Security Challenge is generally quite easy, but it is often / mostly just web application security (web app sec), while second part is a CTF.

      About 1), it depends on what you want to know. Generally you don’t really need to know much about computer hardware, except the difference between CPU’s and their instruction sets. But knowing how to assemble a computer is not bad, and it is relatively easy as long as you get the right CPU for the right motherboard socket, and of course cooling paste. Besides that there’s the bus-speed, important too, but besides that, along with ram and a graphic card, and of course PSU (Power Supply Unit), there isn’t much to know.

      So knowing this can be useful, but you won’t use it that much in pentesting, besides different CPU’s and instruction sets, in case you’re building custom shellcode for various types of CPU’s or perhaps, reverse engineering some of the hidden features in the CPU’s. (Don’t read too much about that for now.)

      As I’ve never read A+, I can’t honestly say (how much you need to read). But I do know that the people I know, that have read these books that doesn’t exist in Scandinavia, usually knows all the basics that makes it a lot easier to conversate about computers, but also to learn the other basics.

      The more you know of the basics, the easier it is to learn several other specialized topics. If you know how to make one type of bread, you can more easily learn how to make any type of bread.

      @Novice hacker wrote:

      2) Have you ever played CTF? It seems to be a lot of fun  🙂

      Once again thanks for replying and remember to have loads of fun at your new job ;D

      Yes, even though we won because of a penalty I used, while I was awake at the right time, and near the computer at the right moment. You can read more here: http://p6drad-teel.net/~windo/wargame/?page=pastgame&gameid=8

      I have however, created a few wargames / CTFs myself:
      Info: http://forum.intern0t.org/intern0t-contests/
      Videos: http://guides.intern0t.org/

      Some wargames / CTFs are hard, but the hardest thing about many “hacker challenges” in my opinion, is that they’re unrealistic when they use ‘regular expressions’ to match user-input against a particular type of attack. (For example let’s say you must XSS a target website. would work, but in this case, only alert(0) works because a regular expression must be met. This is why I don’t do a lot of hacker challenges, as most of those I’ve looked at, has either nothing to do with real hacking, or are unrealistic  🙂

      The InterN0T challenges on the other hand, uses both realistic targets, but to make it more fun and challenging, a few random extras has been installed, so it isn’t “just another challenge”.

    • #46957
      Novice hacker
      Participant

      @MaXe

      But don’t be afraid to take other jobs while you hunt for an infosec job. 

      How many years of experience do you need in an IT job before you can land an infosec one?

      Thanks for the remaining answer and those links too  🙂

      I’m still improving slowly, but it seems that Web Security turns up everywhere I turn….guess I will have to sharpen my skills on that?

      Is it possible to just stick to systems, networks etc?

      Or not?

      …..

    • #46958
      MaXe
      Participant

      @Novice hacker wrote:

      How many years of experience do you need in an IT job before you can land an infosec one?

      Thanks for the remaining answer and those links too   🙂

      I’m still improving slowly, but it seems that Web Security turns up everywhere I turn….guess I will have to sharpen my skills on that?

      Is it possible to just stick to systems, networks etc?

      Or not?

      Zero years, you could get directly into a junior position, but having worked in another IT-job such as sys admin or tech support increases your chances.

      With a sys admin job you’ll hopefully learn how to set up systems correctly (  ;D ) and with tech support, you’ll learn great patience, soft skills and what customer satisfaction is really about  🙂

      Well, Web App Sec, has become bigger over the last couple of years. Mostly because of Anonymous & LulzSec primarily, because before them, /i/, Internet Hate Machine, and so forth, before all these, we had script kiddies, and of course the well known zf0, r3m and other black hat groups just having fun or making profit in the dark, but even the script kiddies weren’t as aggressive as they are nowadays. and it seems like there has been an extreme growth of these after all the media coverage about Anonymous and other hacking incidents.

      So naturally, we need more people able to protect against the most common types of attacks (that are also more advanced now when you take a look at the highly targeted and not random attacks) and of course we also need to reconfigure the servers properly. This evolutionary problem has two sides. On one of the sides, Pentesting gets bigger, more companies that previously never wanted a pentest or vulnerability assessment, are suddenly willing to spend money on pentests, and on the other side, we have the massive influx of script kiddies that are often easy to defeat. (Nothing is 100% secure though.)

      It’s amazing though, that some companies still don’t want their security assessed, and within 1 month to ~2 years, they will experience a breach in their security. The companies that gets a pentest done, may not know, that security is also about the users, so they end up getting compromised by a user getting phished or infected. (In fact, this has happened quite a lot recently, because the spammers, scammers, phishers, etc., are getting smarter in tricking users, some of their e-mails looks more and more legit, as they are not only spoofing the e-mail too, they are also writing more correct english, and they use the target sites design as well.

      Some even takes it a step further, and calls random users in selected areas, the so called Microsoft Tech Support scam, that e.g., seems to originate from somewhere in India. (This actually compromised a rather large company not long ago, and some, if not all of the users even had training on what social engineering is. Amazing.)

      Sooner or later you’ll have to get to know about web app sec, but you can let it wait for now of course, and focus on systems, networks, etc., which are important to know about too, if you want to get a good understanding of web app sec as well  🙂

    • #46959
      ZeroOne
      Participant

      wow some great informations here, you guys should team up and write a book titled: The Path to Hacker Mastery

    • #46960
      MaXe
      Participant

      @ZeroOne wrote:

      wow some great informations here, you guys should team up and write a book titled: The Path to Hacker Mastery

      The subtitle should then be: “A realistic and logical approach to becoming a hacker”, or something like that so people don’t think they can become one in 24 hours xD

      After all, being a hacker isn’t just the skills, it’s the mindset that makes the hacker  ;D

    • #46961
      dynamik
      Participant

      @MaXe wrote:

      The subtitle should then be: “A realistic and logical approach to becoming a hacker”, or something like that so people don’t think they can become one in 24 hours xD

      Only because “How To Become The Worlds No. 1 Hacker” was already taken…

      Regarding web app testing, and media attention aside, it’s only going to become increasingly more important as more applications are created and/or migrated to a web-based format. Even now, most penetration testing positions I see advertised desire that the candidate have elementary web app testing skills, at the very least.

      Imagine the scenario where a fully-patched web server only has port 80 accessible. What are your attack vectors from the network/system side? Unless you have a zero-day, or the administrators have grossly misconfigured something, there aren’t a lot of options. However, if the web application that is present on the web server comes into play, that opens the door for a wealth of attack vectors. 

      As organizations figure out network security (at least on the perimeter), attacking web applications, wireless, client-side, mobile, etc. become much more viable. Why directly assault a fortified barrier when you can potentially circumvent it altogether with minimal effort?

      Considering how much this trend will likely continue over the next 5+ years, I think you’d really be limiting yourself if you didn’t expand beyond networking and systems.

    • #46962
      Novice hacker
      Participant

      @ MaXe

      Sorry for the late reply….got bogged down with work….

      Zero years

      That’s very encouraging to hear but I know that I have to be very skilled to land a junior pen-testing position so I assure you I will be working hard      🙂

      From all these posts I have come to recognize the importance of Web App Security skills. Actually, I really kind of wanted to learn how to hack websites but why I avoided it and kind of disliked it was because:

      1) I already know some basic programming in C,C++ so learning further programming kind of excites me . but the stuff that you need to know for web applications (e.g. Javascript, PHP etc.)
      I don’t really have a clue about them. In the web app field all I know is basic HTML. This is what was kind of discouraging me from expanding my knowledge in this domain.
      But thanks for opening my eyes on the matter. I will try to improve in this aspect in the future   🙂
      (After all I don’t want to get owned by some script kiddie!! )
      About getting a sys admin job, could you please mention the skills a sys admin has? I saw the Wikipedia page but ‘maintain and operate the system’ doesn’t seem to provide a good insight into what it actually is.
      And I must say that your examples are highly instructive.
      I forgot to add that I found the bread analogy educational as well       🙂 (Those links you provided were pretty cool including intern0t.org. Reading about your CTF experiences were cool but I will leave that to the ‘big boys’ for now.

      Pentesting gets bigger, more companies that previously never wanted a pentest or vulnerability assessment, are suddenly willing to spend money on pentests

      Yay         🙂

      Thanks for informing me about the scam too. I will keep my eyes peeled. (Ever since I started reading about E-mail hacking I’ve been pretty careful in checking for phishing pages. )
      (I think you’re supposed to check the URL to  make sure it’s the Google Gmail page and not someone’s phishing page, right?)
      @ZeroOne
      I agree that the people who have contributed to this thread are very knowledgeable and have posted many useful posts for beginners like me.  I’m sure the book would sell like hotcakes since it’s not just the title that’s catchy but the content is valuable too.

      @MaXe

      it’s the mindset that makes the hacker

      🙂
      @ajohnson

      Only because “How To Become The Worlds No. 1 Hacker” was already taken…

      I read the reviews for that book and  ouch……it could never compete with the content offered by you guys      ;D

      Regarding web app testing, and media attention aside, it’s only going to become increasingly more important as more applications are created and/or migrated to a web-based format. Even now, most penetration testing positions I see advertised desire that the candidate have elementary web app testing skills, at the very least.

      Thanks for helping me to realize its importance and helping to overcome my initial fear. Now, I feel a lot more warm to web app stuff. I still don’t know anything about improving my current position.(I only know HTML) but I will get to web app after I finish the basics or side by side with networking(this combination looks kind of good)

      Imagine the scenario where a fully-patched web server only has port 80 accessible. What are your attack vectors from the network/system side? Unless you have a zero-day, or the administrators have grossly misconfigured something, there aren’t a lot of options. However, if the web application that is present on the web server comes into play, that opens the door for a wealth of attack vectors.

      Thank you very much for these examples too    😉

      I love it when you guys give real life scenarios.   🙂 It makes it so much easier to grasp the concept and fun too. Like I said, I’m seeing web app with new eyes now. Do you know how to improve in this field and what I should know? (Don’t worry I won’t do learn it until I complete the basics, I’m just gathering info.)

      Why directly assault a fortified barrier when you can potentially circumvent it altogether with minimal effort?

      Sounds cool!

      Considering how much this trend will likely continue over the next 5+ years, I think you’d really be limiting yourself if you didn’t expand beyond networking and systems.

      Once again thanks for making me aware of these issues   🙂

    • #46963
      Novice hacker
      Participant

      I researched some of the skills for System administrator and it seems like I should have a good knowledge of some OS for that. So, I will leave that be for right now and continue with my current development.

      I’ve completed 1/3rd of the hardware book though I’m lagging a bit in learning programming.

      Regarding web app, I once heard that I needed to know one web-designing language and one server side scripting language though I’m not exactly sure about what is. (Something like Javascript?)
      I have a few questions that I would be grateful to have answered:

      1)Could someone give me a complete list of stuff a pen-tester has to know about web app stuff? ( I may integrate learning that with networking, not now)

      2) Could you also give me advice on learning programming with relation to hacking? (Should I read coding for pen-testers?)

      I also received recent advice that I should not focus too much on one language and should learn several languages at an intermediate level to become versatile. Here’s my list:

      Python, Perl, C, C++                (Do you think this is OK or should I expand on this list?)

      Thanks      🙂

                                                                                  -NH
       

    • #46964
      MaXe
      Participant

      A web-designing language is HTML, so is CSS. Learning these are fairly simple, as HTML is the framework, the building blocks (and windows), while CSS, is the paint / design. Most HTML tags has a start and an end, e.g., Hello World. (Bold text.)

      There isn’t much to know / learn about HTML, except if you want to follow coding standards which has pretty much nothing to do with web app pentesting, besides you can look at code and think it looks horrible. So all you need to know is how to create a simple HTML page, and how the tags, attributes, values, and such work. (A good thing to know, is what you can use in specific tags, such as eventhandlers. You don’t need to memorize this, you can just use w3schools.com for starters and lookup tags there most of the time.)

      A simple HTML page is this:



      Hello World


      Hello World!



      As you can see, it’s fairly basic. Knowing why it’s built like that, and what the difference is between putting a tag in the or section, is useful for conducting e.g., XSS attacks which in essence, are fairly simple too. (I won’t describe that now.) As I already mentioned, eventhandlers such as is useful to know, as the “onload” eventhandler will execute the javascript that is within it, and it will execute when the page is loads aka “on loading”.

      JavaScript, are the mechanics behind. It’s anything from popup boxes, to icons / buttons you click in e.g., the editor you use to reply on Ethical Hacker that inserts a smiley or makes the text bold, etc., to facebook and twitter dynamically loading new tweets or wallposts. The last feature is generally called ajax, which you don’t need to know a lot about, except what it is and generally how it works. (If you’re pentesting an ajax application it’s often fairly simple, as you would focus on XML vulnerabilities quite often, which you’ll get to, in time.)

      XML, yet another language. What is it? Generally, it’s just information stored in a simple language format, that can be parsed by a lot of programs, and websites. Of course, each program or website has its own way of creating these files (the content within which can be read with a text editor), but in essence XML is cross-compatible with anything that can read XML. (It may not work as intended from a website to a program, but it should be possible to do in most cases.)

      So XML can be information shared dynamically in an open format.

      A database, is what makes up most websites. The type is quite often MySQL or MSSQL where the latter is made by Microsoft. Both has their own features / potential vulnerabilities caused by e.g., misconfigurations, but the database is of course used to hold the data for the website as you’re probably aware of. The SQL language is also, in most cases a “Cross-compatible language”, or a universal language meaning it looks the same when used with various SQL databases. While it is possible to use JavaScript and websockets to connect to a database, often it is the backend language used.

      The backend language, is often PHP, ASP (or for that sake JSP, RoR or .NET). This language is not necessary for a website to function, but it can be used to control sessions properly, and add extra functionality which e.g., JavaScript isn’t as effective with, as the backend language uses the server-resources, while all the others (except the database of course), uses client-resources.

      I should of course note, that with HTML5 it is possible to store files on the client system. This is called “HTML5 Storage” and if you open this on your computer, you will see that quite a few websites without you knowing it, already uses this feature to store e.g., their large JavaScript files to ensure faster loading and less waiting time  🙂

      It may seem like a lot, but most of it is really not. The biggest areas that may seem advanced or like a lot, are:
      – Advanced SQL queries (Using CAST(), Encoding Schemes, CASE, etc.)
      – PHP (Source code review where e.g., preg_replace() is used, or even htmlentities() is used properly but not implemented correct)
      – HTML5 and CSS3, both has a lot of new features that even I haven’t fully looked into.
      – Advanced XSS Injections using JavaScript DOM.

      You should try to get the basics first before learning about those in depth.

      1) There’s a lot to know about web app sec, but for starters and up to intermediate level, look at the Owasp Top 10 https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project and the Testing Project: https://www.owasp.org/index.php/OWASP_Testing_Project

      2) Learn how to make basic applications in the languages you want to know, and of course more importantly know how to read the syntax. If you can read the syntax and generally know how a language is built, then you only need to find out what specific functions do. Using the “xxxxx for pentesters” books can be good, but keep in mind some of them may be quite advanced and discuss topics like buffer overflows which may seem hard to grasp at some points. You can check out “Gray Hat Python”, but take a look at the contents first.

      About your list, I think you should remove Python or Perl and add PHP instead. It’s good to know how both are “built”, but generally people use either Perl or Python. A long time ago, it was as if all hackers only used Perl, but now it seems like more has gone over to using Python, and well, I prefer Python too  ;D

      So learn Perl or Python, and PHP, instead of learning both scripting languages which you don’t really need to, except the syntax and how they function.

    • #46965
      dynamik
      Participant

      @Novice hacker wrote:

      I researched some of the skills for System administrator and it seems like I should have a good knowledge of some OS for that. So, I will leave that be for right now and continue with my current development.

      Look at MCITP: Server Administrator / Enterprise Administrator and/or RHCE resources. You don’t have to get the certs, but those will give you a solid understanding of systems administration.

      O’Reilly’s Essential System Administration is great too. It’s focused on *nix, but many of the concepts are applicable to any OS.

      @Novice hacker wrote:

      1)Could someone give me a complete list of stuff a pen-tester has to know about web app stuff? ( I may integrate learning that with networking, not now)

      I put a fairly comprehensive list together for my GWAPT challenge here: https://www.infosiege.net/2012/04/gwapt-challenge-review/ There is obviously always more to learn, so that isn’t a “complete list.” However, it’s certainly more than enough to get you started.

      @Novice hacker wrote:

      2) Could you also give me advice on learning programming with relation to hacking? (Should I read coding for pen-testers?)

      I also received recent advice that I should not focus too much on one language and should learn several languages at an intermediate level to become versatile. Here’s my list:

      Python, Perl, C, C++                (Do you think this is OK or should I expand on this list?)

      That’s a great book. The best thing about it is how it demystifies common security tasks and demonstrates how writing your own code isn’t as difficult as you would expect.

      You might want to start with just Python and C. That will give you a couple different perspectives on programming, and you should be able to transition to most other languages after that (with the notable exception of assembly). As MaXe mentioned for web programming, you’d want to look at PHP, as well as others such as ASP.NET/C#/VB.NET and Java.

      If you want to get into exploit development or reverse engineering, you’d want to add assembly to your to-do list as well.

    • #46966
      Triban
      Participant

      @MaXe wrote:

      The subtitle should then be: “A realistic and logical approach to becoming a hacker”, or something like that so people don’t think they can become one in 24 hours xD

      O’Reilly doesn’t have “Learn Hacking in 24 hours”?  I thought it was right next to the SQL one 😀

    • #46967
      Novice hacker
      Participant

      Hi  🙂
      I haven’t been able to access the internet all this time due to a cable fault( I had to complain twice before they fixed it) But, I’m finally back on track!   
      @MaXe
      Thanks for getting me started in the web app direction      🙂 

      “A web-designing language is HTML, so is CSS”

      Would you recommend learning both or do you think that HTML is enough? It’s very useful when you mention how much you have to learn too. Like I already said, I already know basic HTML and I will try completing all of the w3school material when I reach that stage.
      I’m not that sure about what an event handler is but I will make sure to know how it works. Thanks for all the info on the other languages but could you mention which one’s I actually need? (All of them?)
      And I’m getting confused….should I learn Java or Javascript?
      Please mention the languages that I should learn. (the one’s I need) and also mention how I could learn the basics of those languages. (I’m thinking w3schools and the local library, do you know any other good websites or resources for learning, if so please share them)
      As for the OWASP top ten, I was already aware of the list but I never really got into learning the techniques, though I will as soon as I master the basics.

      “Learn how to make basic applications in the languages you want to know”

      What I want to know? I don’t know much about the field or the languages so I don’t think I can be trusted to pick any. But, with what I know I would probably choose HTML, Javascript, PHP.
      As for Coding for pen-testers, do you think a basic/intermediate knowledge of programming skills is enough to follow those concepts? I also checked out the Table of contents in Gray hat python and it is WAY over my head but I will be sure to turn to it after getting the hand of programming.
      Thanks for revising my list, would you add any programming languages to it?
      @ajohnson
      Nice profile pic      🙂
      Thanks for the wonderful resources that you gave on system administration. I will turn to those when I reach that stage.
      As for your link, I really wanted to reach it, but I can’t reach the link.  🙁
      I tried to go to the main webpage but I couldn’t reach that either…..?
      And I once again like your combination which suits me very well  (Python&C)
      Do you recommend any other languages to add to my list? I will add assembly last.

      “ASP.NET/C#/VB.NET and Java.”

      Which of these are necessary to know? (all?) And do I have to learn Java or Javascript? And isn’t ASP different from .NET?
      As you can see I’m clueless in this field……so do you have any resources as in websites or books to learn the basics of this field?(other than w3schools?)

      Thanks again            🙂

    • #46968
      dynamik
      Participant

      On the client-side, you need to know HTML, CSS, and JavaScript. Those are all complimentary technologies; it’s not an either-or type of scenario. Java is entirely different and used for applets and server-side programming.

      I’ve personally had good luck with the O’Reilly books on those topics, but there are many other quality books written for them as well. Just check out the Amazon reviews and try something you think will be a good fit. Perhaps buy a month of O’Reilly’s Safari service, so you can check everything out before making any purchases. You can do the same with Wrox and Books24x7: http://www.wrox.com/WileyCDA/Section/Get-the-Wrox-Library-for-One-Low-Subscription-Rate-.id-130024.html I also like a lot of the Wrox books.

      If you want a good starting point for moving into server-side programming and databases, try this: http://www.amazon.com/PHP-MySQL-Web-Development-Edition/dp/0672329166/ref=sr_1_1?ie=UTF8&qid=1336999776&sr=8-1

      Coding for Penetration Testers is much more accessible than Gray Hat Python (it’s a great book, just not for novices). Check out Google’s two-day Python course and/or Learn Python the Hard Way first. Coding for Penetration Testers does a pretty good job at covering the basics, but I think you’ll get more out of it if you establish a foundation first. I’ll have a review out for that shortly, so keep an eye out for that.

      I’m not sure why you’re having problems accessing my website. It’s fine on my home, work, and iPhone connections, and others can access it. Try again and send me a PM if you still have problems.

    • #46969
      Novice hacker
      Participant

      @ajohnson

      Thanks for clarifying that issue…. 😀

      I don’t have any doubts on the client-side but regarding the server side could you tell me whether Java is used only for web applications or can it be used to write programs as well? (just curious)

      As for the remaining part of the message I’ve sent you a p.m.

      🙂   

    • #46970
      dynamik
      Participant

      You can use Java for anything from “traditional” applications to mobile development, such as Android. It’ll run on anything that has a Java interpreter.

      Edit: Wow, I just realized W3Schools is kind of a garbage resource: http://w3fools.com/ I’ve only referenced it sporadically and never noticed. The resources under the “What Should Be Done” section seem like they would be great starting points.

    • #46971
      Novice hacker
      Participant

      Thanks!    🙂

      For informing me about that update on the site. You’re right the section has some great info which I’m sure will keep me busy        ;D

Viewing 73 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?