.

Some Questions About Hacking/Security for beginners

<<

ZeroOne

Jr. Member
Jr. Member

Posts: 59

Joined: Tue Apr 24, 2012 7:41 am

Post Tue Apr 24, 2012 7:48 am

Some Questions About Hacking/Security for beginners

Hello everyone ::),

Well well how to start, I will try to make this short, so firstly I am an undergraduate student I did not graduate yet still one year to go, I took a gap-year to have some working experience (6 months left to go back to college), my major is electronics and computer engineering, so basically I do have a good background of how circuits works inside a computer, I have worked on couples of projects on how to build up a memory and install a command program inside a processor using C++, that’s on the electronic side it actually taught me how computers works from the inside I don’t really know if that would help me in the hacking field. On the computer section I learned how to program in Java, so you could say am in between intermediate-advanced java programmer, also I studied networks, all the ISO layers and how they interact together.

Now, I love computers mostly when it comes to secure/crack a system or what so ever, so my plan is to get a foot into security field after graduation... I have done a lot of reading on how to get a foot into security field; I have chosen “networks” for that.
I have got no experience at all in hacking, actually I had few ones when I was 14, hacked my teachers computer to get final exams (only for the modules which I didn’t really think it would help me in future) using some noobs tools like sub7 when it was all over the internet back in the days, not a very good thing to do though. So what I am saying is I have no basic experience in hacking field at all and need to start from scratch.


So here are some questions for you expert out there based on some reading :):


-First , and as I mentioned I am trying to get into security field via networks, I have a good background of ISO so decided to take the CCNA course, is that a good start to get into the second level in network field? And would that be enough to move to network security?

-A hacker needs to have some programming skills, well I am only familiar with Java and C++, and a little bit of assembly language... now here is the question, why does the hacker need to learn how to program? Say to modify a source code? or to build up some tools? Do I need to learn more programming languages? Some of you mentioned Python is a good one, do I need to learn it too?

-Operation systems: I believe I am familiar and have got the basic skills of dealing with windows and Linux, the question is how deep do I have to know about them to become a good hacker? And the other one is do I have to have certifications on them just to prove that I got what It takes to companies when applying for a job even as a security “guy”, is “system administrator” the level required here? If yes can you mention some good books for that?

-Hacking/security certifications, the topic that we all have talked a lot about  and still, well I really need your help on this one, now you know what knowledge do I have –programming – networking – electronics, I am absolutely noob at hacking, can you recommend a course that would get me starting with hacking? of course a network related hacking course that would get me into pen testing… etc
I have been reading a lot about the hacking courses but I can’t tell which one suits me since am a beginner, my goal is to get started with a basic course that WOULD ACCEPT MY ENTRY then move into a more advanced one.

Finally, let’s say I finished CCNA, and I had about 6 months experience of working in networks, also I had a basic hacking certification, then I went back to college and finished my last year, do I have a good chance to work in security field as a beginner? I am reading scary stuff over here and there like do you really need 3-5 years or even 10! To get into security field in a company for example? I feel I am a little late on advancing my skills I’m 24 now  :-[ (old guy)

Remember… your answer could change the way I live  :)

Thanks a lot for now I might have more questions later on, and hey I love this forum and planning to be active on here!

Regards,


-
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Apr 24, 2012 8:26 am

Re: Some Questions About Hacking/Security for beginners

ZeroOne wrote:-First , and as I mentioned I am trying to get into security field via networks, I have a good background of ISO so decided to take the CCNA course, is that a good start to get into the second level in network field? And would that be enough to move to network security?


That'll help get your foot in the door, but it would probably still be an entry-level position. Over time, you would hopefully be able to take on more and more security responsibilities (configuring firewalls, etc.).

ZeroOne wrote:-A hacker needs to have some programming skills, well I am only familiar with Java and C++, and a little bit of assembly language... now here is the question, why does the hacker need to learn how to program? Say to modify a source code? or to build up some tools? Do I need to learn more programming languages? Some of you mentioned Python is a good one, do I need to learn it too?


That's actually a solid programming background. I'm surprised you're familiar with assembly but don't see the value in it. Pick up the book Hacking: The Art of Exploitation (2nd) and see what you think after that (you should be able to get into it without too much trouble with your existing knowledge). The Java knowledge will help if you want to get into the web app side of things. Python and/or Ruby will definitely be useful as well. You don't want to be completely dependent on tools others have written. Also, Metasploit (Ruby), Nmap (Lua), Immunity Debugger (Python), etc. allow their functionality to be extended and adapted for whatever specific circumstance you're working with.

ZeroOne wrote:-Operation systems: I believe I am familiar and have got the basic skills of dealing with windows and Linux, the question is how deep do I have to know about them to become a good hacker? And the other one is do I have to have certifications on them just to prove that I got what It takes to companies when applying for a job even as a security “guy”, is “system administrator” the level required here? If yes can you mention some good books for that?


Strive for mastery. You should ideally know OSes much better than the sys admins that administer them. Certs may help you get your foot in the door, but they're relative to your other credentials and experience. A CCNA or MCITP may be beneficial for you, but they likely wouldn't be much of a boost for someone who's experienced and already has advanced security certifications.

ZeroOne wrote:-Hacking/security certifications, the topic that we all have talked a lot about  and still, well I really need your help on this one, now you know what knowledge do I have –programming – networking – electronics, I am absolutely noob at hacking, can you recommend a course that would get me starting with hacking? of course a network related hacking course that would get me into pen testing… etc
I have been reading a lot about the hacking courses but I can’t tell which one suits me since am a beginner, my goal is to get started with a basic course that WOULD ACCEPT MY ENTRY then move into a more advanced one.


There will be a review of the new v2 eLearnSecurity course within a week. That would probably be the best course for you given your background and existing knowledge.

ZeroOne wrote:Finally, let’s say I finished CCNA, and I had about 6 months experience of working in networks, also I had a basic hacking certification, then I went back to college and finished my last year, do I have a good chance to work in security field as a beginner? I am reading scary stuff over here and there like do you really need 3-5 years or even 10! To get into security field in a company for example? I feel I am a little late on advancing my skills I’m 24 now  :-[ (old guy)


Don't get hung up on stuff that doesn't matter; there have been many much older than you that have gotten into the field. That said, 6 months isn't much experience at all, so you shouldn't get your hopes up on that working out as you're describing. It took me about six years to get a full-time security position. In retrospect, I probably could have shaved a year or two off of that had I done things a bit differently. Regardless, even if you do manage to quickly land a security job quickly, you're only going to be selling yourself short. How effectively do you think you're going to be able to secure or attack technologies you're not familiar with? You'd likely be extremely frustrated for years until you acquired the knowledge you skipped past.

ZeroOne wrote:Remember… your answer could change the way I live  :)


Anyone reading this post agrees not to hold the author liable.
The day you stop learning is the day you start becoming obsolete.
<<

Novice hacker

Newbie
Newbie

Posts: 43

Joined: Sun Apr 08, 2012 6:45 am

Post Mon Apr 30, 2012 8:19 am

Re: Some Questions About Hacking/Security for beginners

Hi.

Welcome to the community, (It feels strange saying that to someone with more experience than me :)


I'm not experienced enough to answer your questions but all I can say is that ajohnson's post is the best way for you to follow.

So +1 for ajohnson's post    :)

Oh and

Anyone reading this post agrees not to hold the author liable.


;D        (Trust me, the path laid out for you in the previous post is your best post.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Apr 30, 2012 9:35 am

Re: Some Questions About Hacking/Security for beginners

+1 to ajohnson, he makes an excellent point about the length of time it takes to get in.  Many of us started somewhere, whether it be a app developer, System Admin or Network admin.  Build the base on what you want to specialize in.  There is more to the security field than pen testers.  Frankly I think there are plenty of them and eventually the market will become saturated with people who just run tools and expect the client to write the check. 

I know I can never dedicate enough time to become an expert in pen testing so I leave that more as a hobby.  Now Malware analysis is a treat for me.  Unfortunately most non-security companies don't have a need for a full time analyst, so again, I try to not focus my energies there unless I decide I want to go work for a security software company.  Its a hobby and interest at the moment. 

For now I am a responder/security analyst in which I utilize my skills and knowledge I built over time to recognize when things are right on the network. I am the 2nd pair of eyes for the lv1 SOC analyst, I work along side the higher level responders by gathering additional information to help in analysis.  When I am not addressing the security incidents of the day, I spend time working with IT to ensure they don't skip things in their projects that will put the company at risk.  I even get to dabble in some architecture projects for major network upgrades and implementations.  All of this was made possible because I started at the bottom and have a decent understanding of networking topologies, OSes, hardware and was to secure it all without hampering the business, which is important!  Over the years Security took a back seat because it was typically called "the department of no!"  so the business would find ways to work around it or do only the bare minimum if something required it.  Now it is a major concern and there are regulations in place to enforce the use of best practices.  Finding people who are technically knowledgeable and able to understand business is a tough task.  I know this based on how many recruiters call me for the same job and followed by "or if you might know someone that fits this need..."

Sorry for the book, but I think it is important to get the message across that there is more to InfoSec than just being the rock star pen tester or wannabe :D
Certs: GCWN
(@)Dewser
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Mon Apr 30, 2012 10:29 am

Re: Some Questions About Hacking/Security for beginners

ZeroOne wrote:I have a good background of ISO so decided to take the CCNA course, is that a good start to get into the second level in network field? And would that be enough to move to network security?


A CCNA will give you enough to become a minor router admin and is not enough to get into security. Networking is important as a whole as it will assist you in being able to weave your way around networks figuring out what is connected to what, how, why and where. Unsure what you mean about "second level" of networking.

Personally, I always recommend CCDA/CCDP studies in relevance to security as it helps you understand the architecture from the 50k foot view. The CCDP forces you to understand topics such as QoS, MPLS, VPN and other topics you can run into when doing this. Unsure how many pentesters I have met that couldn't tell you default information for say BGP, OSPF and why they'd likely not pierce a hole in an MPLS tunnel. But that is going too a bit of extreme for a pentester with less than say 10 years experience. Not too many people can stomach or tolerate networking so they end up stuck on Web Application Security and other boring areas of pentesting.

So to re-answer your question: No the CCNA does nothing for you when it comes to security. Understanding the OSI would have been enough and if you wanted to immerse yourself deeper on the networking side, CCDP and IE Security studies will get you there.

ZeroOne wrote:now here is the question, why does the hacker need to learn how to program? Say to modify a source code? or to build up some tools?
Do I need to learn more programming languages? Some of you mentioned Python is a good one, do I need to learn it too?


Here is the reality of this: 1) Programming simplifies your work and helps you out whether you choose to build your own tools or modify someone elses. It helps in discovering and exploiting faults (fault injection aka fuzzing) in badly written programs. Whatever language you choose, is optional and always opinionated. I snicker at those posting: "You need to learn Python" when almos NOTHING I DO is in Python. It might help you in a situation but is NOT the de-facto language and anyone telling you this is underclued. Had I to recommend a language it would be: "Any that makes you comfortable."

I tend to use shell scripting almost 99.99999% of the times as I try to avoid installing anything on a system since it attracts attention. Most people touting "Learn Python! ... Learn perl! ... Learn Ruby! ..." are generally someone who is used to firing off tools from their own workstation. Throw them on a contained system where they cannot use these tools because they are not installed, and watch them fail miserably. Understanding specific systems and their tools is THE MOST crucial thing you can teach yourself however, certain languages will AID you. If YOU however, rely strictly on a specific, you will eventually fail.

ZeroOne wrote:the question is how deep do I have to know about them to become a good hacker?


The better you understand the systems, the quicker and easier you will be able to find flaws, misconfigurations while keeping your noise ratio down. I say focus on systems more than programming for now.

ZeroOne wrote:And the other one is do I have to have certifications on them just to prove that I got what It takes to companies when applying for a job even as a security "guy"


Any cert you have will help not hurt. Providing a measurable record of what you know goes a long way so if you want to get them, then get them. Just be aware that experience ALWAYS trumps the cert.

ZeroOne wrote:Hacking/security certifications, the topic that we all have talked a lot about...


I started taking certs out of boredom. I already have over 13 years experience when I started taking them. Then I continued out of i) Boredom ii) a personal challenge iii) to annoy people with an annoying long signature (serious). Experience always trumps the paper in reality, and certs to nothing more but add to your salary depending on your logistics. Depending on your area of work, they may be mandatory as well. The goal to getting tangible results and your moneys worth, is to find out what interests you in the field of security. Then focus on becoming the best you can be for your own personal gain. The more you learn, the easier it will be to pass cert exams.

ZeroOne wrote:Finally, let´s say I finished CCNA, and I had about 6 months experience of working in networks, also I had a basic hacking certification...


This sounds more to me like: How can I hurry up pass exams and make more money... Nothing wrong with the concept, but the industry is cluttered with entry level people who have beginner "hacker" certs along with CCNAs.

My suggestion, first find the area of security which most interests you and learn as much as you can about it. Focus on making yourself the top expert in that category, read study break, break study read. Understand as much as you can until any question you're asked, you will not hesitate to answer. Once you're comfortable and you start seeing many people come to you for help, to ask a question, then start focusing on the exams. By the time you get here, it will be from experience and learning. Then start banging out the exams.

What too many people nowadays is rush the issue. A LOOOOOONG time ago, individuals were required to learn, then apprentice for years before taking the exam. Nowadays, it seems everyone is in a rush and when things are rushed, they barely go right in the long run. This is your life, no one's comment is going to make any impact on your life, only you can make an impact by doing what is right for you. Logically: "the right way is the only way..." The right way comes from time, patience, experience and learning... Not trying to rush through 6 months experience and oh college and oh... Learn as much as you can at the pace you feel comfortable with. Learn it because you want to learn it, because it interests you, not because everyone else is doing X or Y. If I had a dollar for every answer I have to shake my head at, I would be able to dish out monthly payments on a pretty nice car.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software