.

An Ethical Hacker must have these skills...

<<

donchizy

Newbie
Newbie

Posts: 1

Joined: Sat Nov 13, 2010 7:05 am

Post Sat Nov 13, 2010 11:55 pm

Re: An Ethical Hacker must have these skills...

thank you all for the post it has been educating and at the same time confusing, i really need a mentor and someone to guide me, i am a student studing computer science, this is just me 2nd year but have a dream of becoming a CEH the big question is where do i start from which knowledge do i need before enbarking for  the course. I will appretiate ur advice and thanks in advance.
<<

rattis

User avatar

Hero Member
Hero Member

Posts: 1172

Joined: Mon Jul 27, 2009 1:25 pm

Post Sun Nov 14, 2010 12:13 am

Re: An Ethical Hacker must have these skills...

It would help if we knew what you already had good grounding in. Also what besides or why do you want a CEH? Do you want it just to have it? Do you want it as a stepping stone to something else?

How are you at Networking, System Administration and programming? What hacking have you looked at or tried? Do you know Virtualization yet?

Couple of things to look into:
The rest of this site. Including the Features tabs where things get reviewed.
Hacking For Dummies (it's a good start).
Hacking Dojo
Infosec Mentors (not a bad program. I have or had a mentor, but we didn't really click).
Offensive Security's WiFu course.
The Security + cert (Appears to give a broad overview of all aspects of security).
OSWP, Sec+
<<

peta909

Newbie
Newbie

Posts: 3

Joined: Tue Apr 05, 2011 11:30 pm

Post Wed Jun 01, 2011 9:17 pm

Re: An Ethical Hacker must have these skills...

Hi, I frame my learning process into 3 main parts:
1. Host
Learn to be comfortable using and configuring both Windows based and Linux based OSes.
I have a laptop that I dual boot to have both windows and Backtrack. By forcing myself to use Backtrack(linux) I was able to learn many linux commands fast.

2. Applications
Learn to built your own website with any language E.g. PHP
Learn to configure web application servers E.g. Apache or IIS
Learn to configure databases E.g. MySQL

3. Networks
Read up on TCP/IP and understand how packets flow and formed in the networks.
A very good book to start reading is TCP/IP Illustrated. However, do note that it is very dry.
Make use of wireshark to collect network traffic while you start surfing the web. By looking at the packets collected and cross reference to TCP/IP Illustrated book you can learn alot about networks.
Last but not least google is your friend. God Bless.  ;)
<<

El33tsamurai

User avatar

Full Member
Full Member

Posts: 219

Joined: Sat Feb 03, 2007 4:01 pm

Post Tue Jun 21, 2011 1:38 pm

Re: An Ethical Hacker must have these skills...

I would say able to read and spend many hours reading about this stuff.  I find myself going online and watching tutorials , reading forums and websites like ethicalhacker.net, going to the local book store reading hacking books and hacking mags like hakin9.  The more I read the more I learn and can add to my ethical hacking skills.
CCENT, A+, Network+, Security+
<<

YuckTheFankees

User avatar

Sr. Member
Sr. Member

Posts: 332

Joined: Fri Apr 08, 2011 3:07 pm

Post Sat Oct 15, 2011 12:57 pm

Re: An Ethical Hacker must have these skills...

peta909,

Very good post! I pretty much have 1 and 3 taken care of but I'm a little weak in the application area. I'll be able to improve my web application server knowledge through my linux +/ red hat training..PHP I can learn online..and I havent figured out MySQL yet.  Great Thread!
OSCP in progress
<<

millwalll

Post Mon Oct 17, 2011 3:47 am

Re: An Ethical Hacker must have these skills...

I think it all depends on what area you want to work in. Most of what I have learned has been from doing tutorials and watching video and mostly network stuff. I landed a job a fews months ago that required me to test web apps so now in process trying learn as much as I can about web apps.

It might also be useful to stick with what you know to start off with if you good network then try learn as much as you can about them.
<<

charliemong

User avatar

Newbie
Newbie

Posts: 27

Joined: Wed Aug 25, 2010 10:49 am

Location: UK

Post Thu Nov 03, 2011 2:36 pm

Re: An Ethical Hacker must have these skills...

rance wrote:
pseud0 wrote:Necessary ethical hacker skills, the starter edition:
TCP/IP
OS basics for M$ and the *IX distro of your choice
Internal network basics (switches, hubs, firewalls)
A sense of humor (preferably dirty but manic is also acceptable)
External network basics (routing, IP, interaction with internal networks, etc)
Relationship between services, ports, and how exploits work
Washboard abs
Some familiarity with coding (not expert, but can muddle through)
Understanding of general web application construction (front/back end, etc)
A WOW account (maybe EverQuest if you roll like that)
Some level of business sense (need to explain business impact of your findings)
A comfort level with your skin tone being 3 shades more pasty than your racial peers


Washboard abs?!  Well, that disqualifies almost everyone I know in IT.  :)  The skin complexion though?  Got that one nailed...


Am with you on the skin tone but Abs??? try AB! lol
If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
- Sun Tzu
<<

Abmart

Newbie
Newbie

Posts: 6

Joined: Tue Dec 13, 2011 6:18 am

Post Tue Dec 13, 2011 10:02 am

Re: An Ethical Hacker must have these skills...

Hi everyone in the house, I am newbie here, I don't even know where to start from now so please if anyone know or have ebook on ethical hacking should please help me with it.
<<

tamato

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Nov 03, 2011 10:29 am

Post Fri Jul 20, 2012 5:11 am

Re: An Ethical Hacker must have these skills...

Hi Guys
verry soon i will be writing my CEH and am shit scared in going because i do understand the concepts and the phaxes and all of that
The only part is when it comes to actually doing and implementing it
Ive brokeinto a few of my wifi AP to try out aircrack and played with DVWA but the thing is i keep hitting a brick wall
I scan a victim then see the open ports and google up the vulns but there after ??? clueless
Ive also tried the metasploit and understand but only thing that worked was the MS068 smb vulns thereafter zip ...and i dont think its verry practical in running the automation tools (as the ceh instructor said)

I just need someone to help me in setting an enviroment and breaking into there to uinderstand what happens etc

If some one would be willing to help please
I pretty much feel useless
My biggest dream is to get really good so to build a name for myself and i keep getting this wall
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sat Jul 21, 2012 6:19 am

Re: An Ethical Hacker must have these skills...

CEH is a generalization, an intro into ethical hacking.  It will not make you a pro overnight.  If you hit a wall, make a list of what you know about the network, if you have open ports, note them.  They may not have any known vulnerability surrounding the service in particular, but they can be used later to get data in or out depending on something internal.  For instance, you hit a firewall that has say port 25/80/21/22/443 open.  Hopefully the engineer did not filter what internal clients can go out through those (proxy only or other filtering systems).  So you scan the firewall, check to see if you can enumerate the services and see if any are vulnerable to exploits that may allow you through the firewall.  Well the web servers may have some clues.  The FTP and SSH ports may be susceptible to brute-forcing, but you will need accounts to use.  443 may be worth a look, they may have a "secure" web site that has some nice information they believe is protected.  You will need to do some recon from data you have access to.  If all attempts to gain access from the outside fail, well now you need to look at gaining it from the inside.  You will need to exercise some social engineering skills.  For lab purposes you are looking at exploiting a flaw in a 3rd party app such as flash, adobe reader or Internet Explorer.  You can use metasploit to create the payload and the listener (remember those open ports on the firewall).

Good luck oh and if you decide to pursue OSCP, don't forget to try harder :D
Certs: GCWN
(@)Dewser
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Sun Jul 22, 2012 10:24 am

Re: An Ethical Hacker must have these skills...

tamato wrote:I just need someone to help me in setting an enviroment and breaking into there to uinderstand what happens etc


Easiest way to start a test environment is to get a virtualisation playground (either dedicated box, or just from your main machine) and attack some vulnerable virtual systems.

Depending on your needs Samurai WTF contains some vulnerable web applications (including DVWA which you mention), and all the tools needed to attack them, all in one handy package.

For more information, take a look at section 2 of Metasploit Unleased (and Metasploit Unleashed in it's entirety) and/or Rapid7's article on how to setup a test lab. Both of which also link to some good additional resources for acquiring and setting up intentionally vulnerable targets.

HTH, happy hacking :)
<<

tamato

User avatar

Newbie
Newbie

Posts: 5

Joined: Thu Nov 03, 2011 10:29 am

Post Mon Jul 23, 2012 1:56 am

Re: An Ethical Hacker must have these skills...

Thanks again guys
I will go and have a bash once again :) and see how far the rabbit hole  i can go
Will keep you posted
Previous

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software