.

Starting off with Ethical Hacking

<<

thisissho

User avatar

Newbie
Newbie

Posts: 2

Joined: Fri May 26, 2006 12:26 am

Location: Bangalore

Post Fri May 26, 2006 1:56 am

Starting off with Ethical Hacking

I am a newbie in this field.  I work as network/security engineer in one consulting company.. There are signs of starting off proffessional services in our company( Pen test, VA etc).
So i would like to get on to this field from now...
can anyone help me in the following areas...
1) What training i should take and what all tools i should keep for Pen test, VA etc..
2) Which all websites and forums will help me keeping my knowledge uptodate.
3) Also if someone already doing this kind of job(CEH,Pen Test,VA), please help me in setting up the same in my company.
4) The process flow and documents required ..will be more important for me in this aspect.
5) As i a script kiddie which all areas i should improve in skillsets.

Thanks in advance...
>--sho-->
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri May 26, 2006 10:53 am

Re: Starting off with Ethical Hacking

First of all, Welcome to EH-Net.

Whether or not you are interested in being certified, I would highly recommend studying for either CEH or CPTS. They already did the work for you by organizing the field into core modules. There are several great books on ethical hacking, pen testing, certs, etc. You can get sample chapters of some of them in the Book Reviews Category. Try this one, then explore the site for other book titles:

CEH: Exam Prep 2

Also, look in the forums for the boards dedicated to the modules for the different exams. Again, this info is great whether or not you plan to take an exam:

CEH Modules Board
CPTS Modules Board
CPTE Modules Board

As you go through the material in the boards and in the books, keep in mind that it is not a race to finish reading the material. As you get to each concept, tool or process, stop and look them up on the net, install them, get familiar with them. As you do that, you will find that your searching leads you to other places on the net, leads to questions, etc. It will really start to open the field for you.

As for starting your own pen testing division within your company, I was just having this discussion with Dengar13. As with any new venture, you not only need management buy in, but they also need to make the fiscal commitment to the right tools. As an example, Metasploit is a great framework, but when you start dealing with clients, they want a deliverable. That usually means an extensive report. Calculate the amount of time it would take to format the gobs of data from your pen tests into something legible for a client, and those packages like Core Impact that generate the reports for you quickly don't seem so expensive any more. We haven't even discussed the topic of getting your first client. You may need to drastically discount your pricing to "build your book" and get some testimonials. I could go on and on, so this may be a good topic for a new post.

Hope this gives you a good start,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Fri May 26, 2006 3:16 pm

Re: Starting off with Ethical Hacking

As don says, welcome.
5) As i a script kiddie which all areas i should improve in skillsets.
First and foremost don't call yourself a script kiddie unless you want to be flamed. Script Kiddie is a derogatory term. See here for more info about the terminology.

As far as skill sets go, I personaly feel that a good security professional should have at least a basic understanding in Windows system, UNIX/Linux system and also Networking. A basic level of programming also won't hurt.

1) What training i should take and what all tools i should keep for Pen test, VA etc..
There are a variety of network security courses but the 2 "entry level" (*) certs dealing with ethical hacking and penetration testing are;
Ethical Hacking and Countermeasures(CEH) from EC-Council, and
Certified Penetration Testing Specialist (CPTS) from Mile2.

(*) Both these "entry level" certs have prerequisites!!

As far as tools go, download a Live Linux Security distro and play around with the tools there. For your purpouse I recomend Knoppix STD even though it is quite old. To find out why I recomend this one for you, (besides the wealth of tools it comes with,) read my answer to question no. 2. Check this thread for a list of other security distros, or check DistroWatch.

2) Which all websites and forums will help me keeping my knowledge uptodate.
Well obviously this site and its sister The Certified Security Proffesional. If you get a copy of Knoppix STD, then open up the Firebird browser that comes with it and have a look at the list of web-sites already stored in the bookmark section. this is by far the most comprehensive list of security related web-sites I've seen any where.

3) Also if someone already doing this kind of job(CEH,Pen Test,VA), please help me in setting up the same in my company.
I have no experience with this, so I rather not answer. I'm sure others here will have some advice for you though.

4) The process flow and documents required ..will be more important for me in this aspect.
If you take one of those courses I mentioned above, the processes, documents and tools needed for each stage will become more apparent.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat May 27, 2006 9:17 am

Re: Starting off with Ethical Hacking

Moderated.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Sat May 27, 2006 10:33 am

Re: Starting off with Ethical Hacking

Like I said, I was  not trying to insult, I was just offering constructive criticism.
I rest my case, I will not say anything else about it. Nuff Said.
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

thisissho

User avatar

Newbie
Newbie

Posts: 2

Joined: Fri May 26, 2006 12:26 am

Location: Bangalore

Post Wed May 31, 2006 11:45 pm

Re: Starting off with Ethical Hacking

thanks for the reply....
i would take it as an advice and go forward....
>--sho-->
<<

jas

Newbie
Newbie

Posts: 2

Joined: Sat May 20, 2006 10:54 am

Post Fri Jun 02, 2006 6:10 am

Re: Starting off with Ethical Hacking

hi guys
im new to this community .will somebody who is worth can help me out what to do and all that stuff.i would like to learn about what is this all about,
thanking you
James
<<

Negrita

User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Fri Jun 02, 2006 6:35 am

Re: Starting off with Ethical Hacking

jas wrote:will somebody who is worth can help me out

So how do we know if we're worthy of answering your question or not?  ???

Anyway (presuming I'm worthy,) I think that if you read both my and dons' responses above you'll have plenty of info to start off with. If it's not enough read through the other threads here on the forum for more info.
CEH, CCSA NG/AI, NNCSS, MCP, MCSA 2003

There are 10 kinds of people, those that understand binary, and those that don't.
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Fri Jun 02, 2006 1:00 pm

Re: Starting off with Ethical Hacking

Hey Jas,

As we try to do with all of our newcomers, welcome to EH-Net. As Negrita wrote, try the recommendations above. As the questions arise, feel free to start your own posts.

One thing to keep in mind is the word 'easy.' As most of us know, 'easy' is a relative term based on the experience one has in a given field. If you're in the industry, then chances are that someone has come to you with a problem and told you, 'I have an easy one for you.' One could always respond with, "Well, if it were easy, why did you come to me?' But what they really should say is that they're confident it won't take long for someone with the proper knowledge and experience. So... is this stuff easy? As you start to explore, I'll let you answer that question.

We look forward to sharing with you and hearing your feedback.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

oyle

User avatar

Sr. Member
Sr. Member

Posts: 264

Joined: Mon Jan 02, 2006 11:19 am

Location: Cleveland Ohio

Post Fri Jun 02, 2006 1:12 pm

Re: Starting off with Ethical Hacking

Hmmmm, seems to me traffic to the website and the Forums is on the rise. Guess it just takes some time for the word-of-mouth to spread....
MCP, MCP+I, MCSA, MCSE(NT4/W2K), CCNA, CCA, NWCCC, VH-PIRTS, CEH
--------------------
"hackers are like jedi, crackers are like the sith: do not fall prey to the dark side".

From 1337 h4x0r h4ndb00k: "the ten laws of geek", law x
                  -Tapeworm
<<

Sniganoo

Newbie
Newbie

Posts: 13

Joined: Mon May 22, 2006 5:19 am

Post Sat Jun 03, 2006 1:44 pm

Re: Starting off with Ethical Hacking

I for one am hoping that with my knowledge to date and gaining certs like CEH and CPTS that I will be in a better position moving forward in the IT world as security becomes of paramount importance to both large and small organizations.  I consider myself more of a jack of all trades IT person rather than an expert in any particular area which I feel is quite rare these days.  That said, I am still searching for companies that realise the importance of a real spread of knowledge, they seem few and far between.

The more "tools" there are to help hack and the more people want to hack then the more there should be a need for people who are able to counter the hackers.  If this is true then those at the forefront of hacking countermeasures should benefit the most.  Isn't it time IT security folk got the recognition they deserve?!

:0)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software