.

Serious, motivated beginner

<<

d3v0t3d

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 24, 2013 10:14 pm

Post Wed Jul 24, 2013 10:39 pm

Serious, motivated beginner

Hello, I will keep this post simple and get to the point. I am the definition of a noob, I have absolutely 0 knowledge in computer science. Besides the average operation of a Windows or a Mac OS, and also that Mac OS is the same as a Linxus OS. I don't really even know what that means tbh. Strangely enough, this sudden urge inside of me is bursting out, and I want to learn as much as I possibly can about "hacking". As I have searched around the web, I am extremely confused... Could someone PLEASE shine the guiding light on my path for greatness, where do I begin? What must I learn first? What should I learn next? Is there even a such thing as to step by steps in hacking?

Your answer and response is greatly appreciated,
sincerely,
a lost, confused, yet to be hacking activist
<<

superkojiman

User avatar

Jr. Member
Jr. Member

Posts: 81

Joined: Thu Sep 20, 2012 9:42 pm

Post Thu Jul 25, 2013 1:32 am

Re: Serious, motivated beginner

Mac OS and Linux are actually not the same. OS X is more BSD than it is Linux. See https://en.wikipedia.org/wiki/OS_X and http://en.wikipedia.org/wiki/Linux

Hacking isn't something you learn over the weekend, it can take months of studying before you get to the good stuff. Here are some tips:

1. Solid understanding of at least one or two operating systems. Preferably one that's Unix based. Linux is a good pick. Can't hack something if you don't know how it works.

2. At least one programming language, C, Python, Perl, and Ruby are popular. Assembly if you want to write exploits.

3. Good grasp of networking. Learn how different networking protocols work, how to use tcpdump and Wireshark.

4. Read and watch security related blogs and videos. Here are a few to start off with:
http://carnal0wnage.attackresearch.com/
http://www.irongeek.com/
http://www.room362.com/blog/
http://www.securitytube.net/
http://opensecuritytraining.info/Training.html

If it goes over your head, that just means you need to build up your foundation some more.

5. Practice! Reading only gets you so far. http://www.vulnhub.com has numerous vulnerable virtual machines that you can hack to test your newfound knowledge. There are also online challenges at http://smashthestack.org/ and http://www.overthewire.org/wargames/ that cover both beginner and advanced materials.
OSCP + OSCE
<<

hanyhasan

User avatar

Newbie
Newbie

Posts: 17

Joined: Fri May 17, 2013 12:09 pm

Post Thu Jul 25, 2013 2:56 am

Re: Serious, motivated beginner

Thanks Superkojiman , also he can check presentation from Joe Mccray it was a webinar but i don't found the video .

http://www.slideshare.net/joemccray/so- ... er-webinar
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Jul 25, 2013 6:45 am

Re: Serious, motivated beginner

Hi d3v0t3d and welcomed to the forum!

First of all, you're at the right place. There is an enormous amout of material to learn and like superkojiman said, it takes a lot of time to get good at this. Think in years, with a big fat "S".

But what got you interested in hacking? It's a huge and really diverse. hacking your way on an internal network to become admin on a Win 2008 server is totally different than finding a rogue wireless access point!

I suggest you start with one thing and dive into the subject. So what's your thing? Do you prefer web apps, Windows, wireless, database, etc? Let us know what interests you and we can guide you in learning about it! ;)
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Thu Jul 25, 2013 11:03 am

Re: Serious, motivated beginner

Are you sure about that caissyd?

1. Client-side browser exploit to pwn Domain-Joined machine
2. Find out Domain Admin is logged onto said machine, own Domain Controller
3. Enumerate Wireless connections on said machine, discover that it's connected to the rogue access point that admin has installed to allow him to work outside of the office (as management won't pay for wireless to be installed)
4. ????
5. Profit!

:P
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Thu Jul 25, 2013 2:00 pm

Re: Serious, motivated beginner

UKSecurityGuy wrote:Are you sure about that caissyd?


Maybe I wasn't clear, but my whole post was about the fact that "hacking" means a lot of different things...

Let me use another example: Writting expoits in assembly is not the same as cracking a WEP key.

You can end up linking the two together, for example you break the WEP key, you get access to a network and you write an exploit in assembly to exploit a buffer overflow vulnerability in an internal service. But my point was that you have to start somewhere and can't learn everything at once...

So UKSecurityGuy, I agree with you, but that wasn't the point I was trying to make. I hope it's clearer now...
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

AndyP

User avatar

Jr. Member
Jr. Member

Posts: 57

Joined: Sat Dec 29, 2012 2:32 pm

Post Thu Jul 25, 2013 2:47 pm

Re: Serious, motivated beginner

Maybe this will help at the beginning: How To Become A Hacker, by Eric Raymond. Updated at May, 12 2013.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Fri Jul 26, 2013 1:07 pm

Re: Serious, motivated beginner

AndyP wrote:Maybe this will help at the beginning: How To Become A Hacker, by Eric Raymond. Updated at May, 12 2013.


While I love that article on his blog, I think the problem with Raymond's bit is that it's designed to create Hackers in the sense of gifted Programmers, not in the sense of what we mean in InfoSec when we say Hackers.
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Mon Jul 29, 2013 8:14 am

Re: Serious, motivated beginner

caissyd wrote:Maybe I wasn't clear, but my whole post was about the fact that "hacking" means a lot of different things...

Let me use another example: Writting expoits in assembly is not the same as cracking a WEP key.

You can end up linking the two together, for example you break the WEP key, you get access to a network and you write an exploit in assembly to exploit a buffer overflow vulnerability in an internal service. But my point was that you have to start somewhere and can't learn everything at once...

So UKSecurityGuy, I agree with you, but that wasn't the point I was trying to make. I hope it's clearer now...


I was pulling your leg caissyd, it's hard to convey irony over text. I completely agree though - there is no single item you can learn that makes you a "hacker" - it's a connection of multiple different disaplines that you string together. The more 'things' you can string together, the more versitile of a Penetration Tester you become.
<<

d3v0t3d

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 24, 2013 10:14 pm

Post Tue Jul 30, 2013 5:00 pm

Re: Serious, motivated beginner

Wow thanks everyone for taking your time and explaining all that to me, I have started watching a few videos here and there.

A good friend of mine, who is a master programmer who gets paid to hacks people's companies. They pay him to hack their company to find bugs etc. I recently became physically disabled, so I have a lot of time on my hands. I understand it takes years of knowledge and experience, which I'm totally ready for. It's just scary trying to tackle into it, and not knowing which is the right target!

And also I'm sick and tired of spending money on virus protection programs and still get viruses! Well that hasn't happened since I got a Mac, but I still would like to know exactly whats going on and take care of the problem when needed by my self.
<<

UKSecurityGuy

User avatar

Jr. Member
Jr. Member

Posts: 88

Joined: Wed Mar 27, 2013 10:51 am

Post Wed Jul 31, 2013 6:16 am

Re: Serious, motivated beginner

A quick word of warning.

If you're looking to become a "Professional Penetration Tester" - E.g. someone who gets paid to come into companies and find vulnerabilities and identify risks - there is usually a lot of travelling.

On my side of the pond, a large percentage of Penetration tests are conducted against government organisations, and those typically require on-site access to do the testing. As a result, you spend most of your life travelling around the country and staying in hotels.

I'm not sure if this conflicts with your disability. If so - don't panic, as there are still plenty of jobs for in-house security teams within static single companies (although the pay is no-where near as good).
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Fri Aug 02, 2013 7:24 pm

Re: Serious, motivated beginner

Start by building up your knowledge of system administration and networking. You can't do much with penetration testing without understanding the systems and networks that you want to attack.

Look for an introductory book on Linux. Install Linux on a spare computer or virtual machine (look up VMware). Play. Learn to use the system. Install updates, add users, setup services (e.g. email, web).

It sounds like you already have experience with Windows as a desktop but you should also try to learn more about Windows from the perspective of a system admin. You could look at the Microsoft certification guides, but I don't know if those are the best place to start.

Learn networking. The introductory CCNA books from Cisco Press are pretty good and can give you a good foundation. They even come with a basic "network simulator" that you can use to practice setting up Cisco devices. Again, read, experiment, play, etc.

As you get more proficient with system administration and networking, you'll want to learn to script/program, at least a little bit. Look into learning bash (for Linux) and PowerShell (for Windows). If you're motivated to go further than that, learn Python ("Practical Programming: An Introduction to CS using Python" is a good book to start with).

You don't have to become an expert in these areas before you start learning about security, but you do need to have some knowledge or nothing will make sense. You can focus on one area intensely or jump from topic to topic; whatever suits you.
<<

d3v0t3d

User avatar

Newbie
Newbie

Posts: 3

Joined: Wed Jul 24, 2013 10:14 pm

Post Wed Aug 07, 2013 5:58 am

Re: Serious, motivated beginner

I did some research on vulnerability penetration and no thats not my goal. I'm want to start by learning the in n outs about my computer, and networks. To be better protected from viruses and possible penetration. And then I can test my abilities as I progress, and may do some hacking once I become more skilled. But thats far from now haha.

I went to the library yesterday, and I got Web Hacking by McClure and Visual C+++. Those two books were on the $1 section, so I just picked them up.

Also, I'm very grateful for all your input on my question, but could you guys be a little more specific on where exactly to begin haha? As you may know already, theres so much information out there, I need to pin point the fundamentals.
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Thu Aug 08, 2013 12:35 pm

Re: Serious, motivated beginner


Return to Programming

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software