.

First steps to learn ethical hacking

<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Jan 08, 2008 2:23 pm

First steps to learn ethical hacking

I noticed there seems to be a number of people recently that have been asking how to get started in ethical hacking. I thought I would throw my 2 cents in as someone that has been hacking for sometime now.

To be really a high level hacker requires a vast amount of knowledge and it can easily put someone new to the subject into a state of overwhelm. You will hear you should learn networking, a number of operating systems inside and out, programming, various tools, etc…, the list goes on.

As that old dumb joke goes, “how do you eat an elephant?” well that’s really the perfect approach and I recommend tackling it “one bite at a time”.

I really recommend starting off with the study of TCP/IP, in fact I made that recommendation over a year ago on this forum.  Why TCP/IP?  Because this is “language” that computers use to speak to each other. Without a protocol to communicate, there is no hacking in the remote sense. At one time in the past computers didn’t need to communicate to each other, but now networking has made it a must and TCP/IP is the adopted protocol. 

I am not trying to say hacking is just accessing a remote machine, but it certainly is a very important aspect of it and as hackers we should understand how that works inside and out.

One really good book that I recommend for a good basic understanding is TCP/IP jumpstart, by Andrew Blank. It’s a Sybex book and really puts the protocol in easy to understand analogies and is perfect for the beginner.

Once that book has been started I really recommend starting to play with a tool.  The best tool to start with is Nmap.  Nmap is the perfect example of how a tool can play with and alter normal TCP/IP transmissions.  Knowing how to play and change normal transmissions with this protocol is a must for seeing through today’s firewall and IDSs.  Nmap is also the number one hacker tool and its mastery is a fundamental skill so the sooner one gets it under their belt the better.  When I say number one, I state that because I just about never find a hacker that doesn’t use it. Once in a while a hacker might say they don’t use it because they have written their own tool, but once I see that tool, its usually a watered down version of Nmap, lol.

That’s my recommendation for what its worth. Start off with a good study TCP/IP and start playing with Nmap.  Don’t rush through this. Spend sometime and really get the feeling you have a good understanding of both. I can assure you it will pay off huge dividends as you go deeper into this subject.
Last edited by Kev on Tue Jan 08, 2008 6:59 pm, edited 1 time in total.
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Tue Jan 08, 2008 3:08 pm

Re: First steps to learn ethical hacking

I couldn't agree more.  I was going to post something similar to someone else's request of "how do I start?"  However, being new around here, I didn't want to come off as snobbish.  But now that someone else has said it first... :)

I don't think becoming a successful "hacker" or pen tester is just saying "I wanna be a hacker" and studying a few books on that subject.  To really be proficient at the art, you have to have a solid understanding of just about everything IT related.  Some 23 years ago, I wrote my first war dialer to snag... well, stuff.  Wrote it in basic on my Commodore 64.  While I did have a goal for that program, it was also a chance to learn how to interface my program with external devices and such.  Since then, I've tried to learn as much about everything as I can.

My professional career pretty much is as follows (the short, abbreviated list):  3rd Shift Button Pusher, Helpdesk/App Support, Desktop/Network Support, Server Support (Windows/Linux), LAN/WAN Administrator, WAN Manager, Security Person.

The list of technologies I've learned and studied are way too numerous to list (and surprisingly, one of the most enjoyable books I read (cover to cover) was a book on Frame Relay technology seven or eight years ago).  But you really do need an extremely well rounded skill set to do this kind of work. 

So, you kind of know about TCP/IP, and know how to use nmap.  Fantastic.  Now, go pen test this box running Linux, Apache, MySQL and PHP.  There are another handful of technologies you need to work with.

Anyway, I guess the short version of the story is, I don't believe there is a quick path to "being a hacker"...

That being said, the thing I would add to Kev's list of things to get started with would be, learn how to read packets.  Ethereal/Wireshark is also pretty indispensable for knowing what's going on under the hood.
Poking at security since 1986.  +++ATH
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Jan 08, 2008 3:18 pm

Re: First steps to learn ethical hacking

Hey, thanks for the input.
<<

proudindian

Newbie
Newbie

Posts: 32

Joined: Mon Dec 10, 2007 3:24 am

Post Tue Jan 08, 2008 4:13 pm

Re: First steps to learn ethical hacking

hey thanx guys,i will surely go for the book kev...but can you provide me nmap security tool,if you can give me rapidshare link then it will be very nice of you. :) ;)
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Tue Jan 08, 2008 4:48 pm

Re: First steps to learn ethical hacking

proudindian wrote:hey thanx guys,i will surely go for the book kev...but can you provide me nmap security tool,if you can give me rapidshare link then it will be very nice of you. :) ;)


Step 0.1 in becoming a h4x0rzzz... practice your google-fu!  ;D
Poking at security since 1986.  +++ATH
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Tue Jan 08, 2008 5:21 pm

Re: First steps to learn ethical hacking

As rance stated, practice your google-fu. Nmap is the easiest tool to find on the net and its free. So is Wireshark and as rance suggested would be a great tool to add to your Nmap so you can actually see how it works with TCP/IP. That way your TCP/IP studies will start making more sense and you can actually see it working first hand so to speak.
Last edited by Kev on Tue Jan 08, 2008 5:24 pm, edited 1 time in total.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Jan 09, 2008 12:17 pm

Re: First steps to learn ethical hacking

You know.. I remember a time when google wasn't even conceived... and there were miriads of underground search engines and whatnot.  Now, it's rare to need anything but google (and knowledge of how to customize searches in it) to find just about anything.  Really kind of mind boggling, and so much less malware. ;) 

Yeah, I would totally agree with your post on where to begin.  I don't think I would enjoy or understand what I do (which is quite small) if not for my having taken time to learn tcp/ip (and all the other things in my CCNA courses), and played around with Wireshark and Nmap.  I actually started out first with Wireshark, it was like a kid in a candy shop discovering what was happening over those wires connected to my computer.  I moved to Nmap only after I got the itch to actually start learning ethical hacking and work toward a career in it.  Up till recently I was just focusing on network administration.  I've found though, I enjoy far more than just networking.

I think Rance really hit the nail on the head with his mention of wanting ot know everything IT.  A thirst for knowledge has always been a driving force I think with anyone serious about hacking.  Well... at least traditionally, now it's becoming more of a career path (both white and black).  But I suppose that the general saying still aplies to those who actually become the 'l33t' hackers.  They all really have a thirst to learn. 
"Bad.. Good?  I'm the guy with the gun"
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Wed Jan 09, 2008 3:25 pm

Re: First steps to learn ethical hacking

g00d_4sh wrote:.  Well... at least traditionally, now it's becoming more of a career path (both white and black). 


Thats an interesting point to make. I remember early on when it was mostly just a hobby.  For some strange reason that I cant justify, I miss a little of that early free spirited time.

I agree that you need a thirst for knowledge and I would also add a strong natural curiosity.  However, not too much curiosity because we all know what that did to the cat. Its a good idea to control oneself from hacking Norad for instance,lol.
Last edited by Kev on Wed Jan 09, 2008 3:27 pm, edited 1 time in total.
<<

rance

User avatar

Full Member
Full Member

Posts: 212

Joined: Thu Jan 03, 2008 5:24 pm

Location: Earth

Post Thu Jan 10, 2008 10:37 am

Re: First steps to learn ethical hacking

Kev wrote: Its a good idea to control oneself from hacking Norad for instance,lol.


Oh.  Really?  Errr... I  have to, uhh... leave the country for a while!  ;D

Seriously though, even though InfoSec has become a "career path" and you can study at the university level for it, the classroom environment is so totally different from the real world environment.  Of course, maybe I'm biased, I barely squeaked through high school and never did the college thing, but I've worked with a lot of "just out of college" people (in many different IT areas), and when it came to real-world scenarios, they just seemed to be lost.  I even had one guy I was training get in my face and tell me, "that's not how they showed us in school!"  So, his lesson for the day was to try to fix it himself.

Now don't get me wrong, I'm not against the whole higher education thing, any knowledge is good knowledge (unless it's incorrect knowledge), but I still believe that there's no substitute for good `ol fashioned experience.  I think the fact that I started as a third shift button pusher and learned everything along the way is much more valuable that a degree that costs $120k or whatever college is going for these days.

Alright, done ranting... for now. :)
Poking at security since 1986.  +++ATH
<<

LSOChris

Post Thu Jan 10, 2008 5:18 pm

Re: First steps to learn ethical hacking

In a general since that guy that graduated college is trainable and may have the necessary foundation, that guy that barely squeaked thru  high school and dropped out of college may not be.

there are of course MANY MANY exceptions to that.

from a getting started perspective, i think we over at LSO have a decent foundation in our core and advanced competencies...at least from a knowledge realm, what i should be studying point of view, not so much from its a total one stop shop.
<<

hackernovice

Newbie
Newbie

Posts: 7

Joined: Tue Nov 20, 2007 8:40 am

Post Fri Jan 11, 2008 5:50 am

Re: First steps to learn ethical hacking

But you need a job (fresh out of college ) to get the experience that then makes you better! The catch 22 of all new entrants to the workplace.

Im starting my masters in Ethical Hacking in September and I realise that when I get a job after completing it (and the EHC Im going to do as well) that the learning curve will be vertical. But thats where "drive" comes in. My course doesnt have work placement so Im making one for myself and going to get some experience from Cisco Systems (who I intend to work for after Graduation). We all have to start somewhere, though I agree that experience counts for a great deal.
;)
<<

LSOChris

Post Fri Jan 11, 2008 7:31 am

Re: First steps to learn ethical hacking

so network for those 4 years, go to conferences, help out with open source projects, that sort of thing.  there are plenty of ways to get experience before you get out of college if you work at it.

oh and have many people review your resume before you start handing it out.
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Fri Jan 11, 2008 12:13 pm

Re: First steps to learn ethical hacking

Excellent advice.  I had 2 guys go over my resume, about 3 times each before they and I were all satisfied with it.  It helped since I landed the job I was after right away, and am enjoying it well enough.  There is nothing like experience it is true.  It's the difference between people who push through and get their CCNA really quick, and those who actually work with networking equipment in a day to day basis... one will know theory, one will know actuality.  I'm working on gathering both, in both the network and security fields.  I do think it is a bit of a sad thing that hacking has gravitated from a curiosity and thirst for knowledge pursuit, to a money driven one. 

For my own path, I'm trying to season my college, with both certs and real world experience.  I figure a nice three legged approach like that will be helpful in landing the job I want in the future.
"Bad.. Good?  I'm the guy with the gun"

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software