.

Really need a n00b section.

<<

Turb02

Newbie
Newbie

Posts: 1

Joined: Fri Mar 30, 2012 6:27 pm

Post Fri Mar 30, 2012 7:08 pm

Really need a n00b section.

Im a n00b to this site and to ethical hacking altogether.  I have a BS in ISS from ITT and have worked in IT for the past 12ish years.  Im 30 and have finally decided to expound on my knowledge and get into the security side of IT to actually use my degree in security.  Ive read a few threads here about what to learn but still have a few questions.

I use a MB Air as my primary machine and have installed Linux Mint, and BT5 in Parallels so I can learn.  I undersatnd that I need to start with the basics of programming with Python.  Keep in mind that the BS in ISS was more theory based than hands on, and I graduated in '09 so Ill have to refresh myself with any *ix that ive learned.

My goal is to further my career in the IT industry *in* the field that interest me most.

Ive worked as a network engineer, sys admin, and project manager since I started IT but my passion is security and ethical hacking to provide a better means to secure the assets I am responsible for (along with others). 

I guess my question is, while working primarily in a M$ environment, what would the best place be to focus my learning on?  Do the tools Ive listed above provide me with the required assets to ensure my training is sufficient to perform "white hat " hacking?

If anyone can link me to info, that woud be great.

Sorry if this is posted in the wrong spot, I couldnt find a suitable place I thought would get the visibility Im looking for...

TIA,
Turb02
<<

unicityd

User avatar

Full Member
Full Member

Posts: 170

Joined: Wed Sep 03, 2008 5:33 pm

Post Fri Mar 30, 2012 10:13 pm

Re: Really need a n00b section.

There are several recent threads on getting started with penetration testing/ethical hacking.  You should check out Sil's guide to learning pen testing:

http://www.infiltrated.net/pentesting101.html

You also mention an interest in security more generally and that you're in a MS environment.  There are a lot of good books (I list some below), but since you've already done a BS in security you really need to find some projects (at work or at home) that will allow you to apply your skills.

There are tons of books available on Windows security such as Hacking Exposed: Windows, Rootkits: Subverting the Windows Kernel, Hacking Exposed: Malware & Rootkits, Windows Forensic Analysis DVD, and several more recent titles.  At some point, you'll also want to read Windows Internals by Mark Russinovich.

For other topics:


For IDS, I recommend Network Intrusion Detection by Stephen Northcutt and Judy Novak.  Also read The Tao of Network Security Monitoring.

For network security protocols, I recommend Network Security: Private Communication in a Public World by Charlie Kaufman. 

The best introductory cryptography book I've read is Understanding Cryptography by Christof Paar and Jan Pelzl.  If you don't remember math up through about Algebra II or higher, or have some background in Discrete math, read Applied Crypography and/or Cryptography Engineering instead.

I don't have a favorite book on firewalls.  Inside Network Perimeter Security was okay to me, but not great.

You do need to understand networking and TCP/P very well.  I like the CCNA study books by Wendel Odom.  I'm also a huge fan of TCP/IP Illustrated Vol. I but I have not read the new version.  The older version is now dated, but the author passed away and the publisher finally had a new author update the book.

For a general book on security, Ross Anderson's Security Engineering is excellent.

For web application security, I recommend the Web Application Hacker's Handbook.

For learning buffer overflows, check out the list of papers I posted a while back:
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,2897.msg13502/#msg13502

Again, it sounds like you've already done some reading years back for school.  Pick a book or two, but start doing something hands on.

Do you have any specific interests within security other than ethical hacking?

Good luck.
BS in IT, CISSP, MS in IS Management (in progress)
<<

millwalll

Post Mon Apr 02, 2012 6:48 am

Re: Really need a n00b section.

some really good advice from unicityd from your experience you have really good founding in IT so that will only help. I think one thing that a good pen tester should be able to do is change the way they think. Looking at something and be able to think how can i use this for bad as a lot times you got be able to notice small things for example: a script that is running as a cron job and you can use this  to run a root shell under the right situation.
<<

millwalll

Post Mon Apr 02, 2012 6:49 am

Re: Really need a n00b section.

forgot to say maybe there should be a newbi section where all newbi related stuff is kept...

Return to Career Central

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software