.

Looking for beginner advice

<<

ismisunderstood

Newbie
Newbie

Posts: 3

Joined: Tue May 09, 2006 3:23 pm

Location: St. Louis

Post Tue May 09, 2006 3:56 pm

Looking for beginner advice

Hello everyone.  I guess I should start by saying I'm not 100% certain this is in the correct forum, so if a Mod. needs to move it please do so...and thanks.

I've been a silent watcher of this site for a few months or so now, but finally broke down and decided I just had to ask a question;

I was looking the black hat 2006 page, and was really interested in the "Cadet Training / hacking by numbers" and the "exploiting 101" courses.  Problem is, it's not looking like my boss is willing to send me,  and I can't scrape together the $3000 to get myself there (short of taking out a second mortgage against my house...which I'd rather not do). 

Was wondering if anyone had run across a similar course or book...something like basic programming (and compiling), some sample scripts, ect.  I found the book "Hacking: The Art of Exploitation" on a local book sellers webpage (covers more of the logic behind the exploits), and I thought this would be a perfect introduction to the field...if only I had the basic skills in regards to programming (specifically the compiling portion). 

Does anyone know of a good resource for me?  I'm not really wanting to learn a full language if I can avoid it for the time being. 

Thanks everyone!  (Now please oh please let my links work so I don't look like a fool...)
Yep...I said that...
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu May 18, 2006 4:13 pm

Re: Looking for beginner advice

I think this is a tough one for members to answer. It seems as though you are interested in programming but don't want to learn to program. Sounds like a quandry. Don't get me wrong, there are plenty of security professionals and pen testers out there that don't. On a side note, that is probably the number one reason to hire a Red Team (a group of pen testers with each having an expertise in a particluar area) instead of trying to find the 1 guy to do it all and do it well.

But I'll give it a go...

For basic programming if you've never coded, try Faster Smarter Beginning Programming. It is for Visual Basic .NET and was written in 2003. It assumes you have no programming experience whatsoever, but that you also are a tech who can grasp the concepts. It's a quick read and although it won't make you a hot shot coder, it will give you a foundation of understanding.

If it's specifically code for malware that interests you, try our friend Ed Skoudis' book (and Lenny Zeltser), Malware: Fighting Malicious Code.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

ismisunderstood

Newbie
Newbie

Posts: 3

Joined: Tue May 09, 2006 3:23 pm

Location: St. Louis

Post Thu May 18, 2006 4:29 pm

Re: Looking for beginner advice

Thanks Don! 

I have a little (really...a little) programming knowledge. I took a visual basic class a while back, but the instructor barely spoke english, and I was NOT going to pay $1000's of dollers per course to teach myself.  Maybe I do need to break down and learn a language.

Is it justifiable...maybe that's not the right word...maybe I should say "industry acceptable"... to not start with the programming side of this?  Like I said, I have a very basic understanding of programming logic, but no so much with the actual coding side. 

Either way, I will certainly check out both those books.  Both sound like a step in the right direction. 
Yep...I said that...
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu May 18, 2006 4:40 pm

Re: Looking for beginner advice

The best way to answer your question is to point you to our current poll on the site's home page. Look at the results and let me know what you think.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Thu May 18, 2006 4:42 pm

Re: Looking for beginner advice

Don't forget you have to have a certain kind of mind to be a programmer. I'm the world's worst programmer, so I don't even try.
I did a course in Visual Basic 3.0 at my local community college back in the late 80's, when I was working on my Associate's degree. The teacher was good, and fair. It was just me. You have to be able to think logically.

Think for a second: Can you see yourself as from the planet Vulcan? Mr. Spock from Star Trek would probably be the world's BEST programmer, as he thinks logically. You could write a program with thousands of lines of code, but if you make a mistake in your logic, could you find it? Finding a logic error is a tremendously hard task, IMHO, as it doesn't show up as an error to the operating system. But it will cause your output to be wrong.
Not trying to scare you off, but some people are programmers, and some are not. Not everybody can program.

Why don't you try a programming course at your local community college? Then you can see if it's right for you. Community colleges are meant to be affordable.
Last edited by oyle on Thu May 18, 2006 4:45 pm, edited 1 time in total.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Thu May 18, 2006 5:03 pm

Re: Looking for beginner advice

You can always try stuff for free to see if it is your bag. If you think java is your direction, try some of the free programming tools that come with Linux distros such as Fedora Core 5:

This release of Fedora Core represents another big step down the free Java path. Through the introduction of the completely free software stack java-gcj-compat that runs native and bytecode Java, Fedora can now compile and run software written in Java without relying upon proprietary and closed Java machine implementations.

The excellent Fedora Java development team of Red Hat and community hackers have built many popular Java-based or Java-using packages utilizing java-gcj-compat for this release. These packages, which include OpenOffice.org, Eclipse, Apache Tomcat, and Jakarta, are now compiled and run on a 100% free and open software stack.

We included a complete set of packages and development goodies in Fedora Core 5 for Java technologies. Fedora Extras also has many Java applications: the popular BitTorrent utility Azureus, RSSowl, and others, all powered by gcj-java-compat.

http://fedoraproject.org/wiki/Java

http://www.gnu.org/philosophy/java-trap.html


Or if .NET is your thing, Microsoft offers Visual Studio Express and SQL Server Express, free versions of their 2005 developer offerings described by MS as:

Free, lightweight, easy-to-use, and easy-to-learn tools for the hobbyist, novice, and student developer.


Free stuff, a book or 2, some time and a thirst for knowledge...

Don
CISSP, MCSE, CSTA, Security+ SME
<<

pcsneaker

Jr. Member
Jr. Member

Posts: 73

Joined: Mon Nov 07, 2005 12:23 pm

Post Fri May 19, 2006 1:53 am

Re: Looking for beginner advice

To be a pen-tester you don't need to be an expert programmer. But at least I think you should be able to understand the overall purpose of a program when looking at the source code.

Furthermore you should be able to do some scripting (not matter what language, it depends on your prefered platform: if you're a windows guy try Visual Basic Script, on Linux Shell scripting and to be used on both perhaps Perl)

Without having at minimum some basic programming skills it would be a hard job to do successful pen-testing...
MCSA:Security (W2k, W2k3)
MCSE:Security (W2k, W2k3)
CPTS, Network+
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri May 19, 2006 10:57 am

Re: Looking for beginner advice

Good point about scripting and the ability to at least be able to follow the logic especially of malicious code.

Don

PS - I hope the responses to this post will make other 'silent watchers' like ismisunderstood join the conversation. A simple question can spawn a lot of great content.
CISSP, MCSE, CSTA, Security+ SME
<<

ismisunderstood

Newbie
Newbie

Posts: 3

Joined: Tue May 09, 2006 3:23 pm

Location: St. Louis

Post Fri May 19, 2006 12:09 pm

Re: Looking for beginner advice

Thank you everyone! 

All those comments certainly help clear some things up.  I think maybe scripting might be the way to start, and move more into it if it suits me.  My main concern has always been knowing why things work, not just accepting that they do. 

By the way...you guys rock. 
Yep...I said that...
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Fri May 19, 2006 1:28 pm

Re: Looking for beginner advice

In that case, check out this here site here.

And of course, here.
Last edited by oyle on Fri May 19, 2006 1:37 pm, edited 1 time in total.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Tue May 23, 2006 5:37 pm

Re: Looking for beginner advice

I'm also a newbie to programming and scripting. I was talking to the developers at work about which language to learn, and they unanimously said I should learn Perl. I asked whether I should study something else first, like C or Java or Python and they said no. They particularly said I should read the book Teach Yourself Perl in 21 Days.
Last edited by Negrita on Tue May 23, 2006 5:40 pm, edited 1 time in total.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Wed May 24, 2006 8:08 am

Re: Looking for beginner advice

IMHO, the language to learn here in the States is C/C++, followed by [any variant of] SQL, then Java, VB, etc. Perl is OK, but it IS just scripting.

I'm a fine one to talk, though.  :-[
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software