LawBobLoblaw Posted May 1, 2010 Share Posted May 1, 2010 Hello, New guy here, referred by some folks on Reddit. Recently, a department where I work is opening up to digital forensics and ethical hacking. I'm interested in ethical hacking enough to make it a career. Currently, I'm studying to take ECCouncil's Certified Ethical Hacker exam. I believe by the time the position is open, I'll have passed the test. Nonethless, my hands-on experience is lacking. I've read through some threads here and it seems like ethical hacking may be more of capitilizing on a hobby rather than a trade I could pick up within 6-12 months. Regardless, I'm willing to learn, try, and keep motivated. My question to you guys is if you may provide any tools I can put this theory to the test on, or books I could read, or other websites that would help me learn. Thanks in advance! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 1, 2010 Share Posted May 1, 2010 (edited) First off all welcome to Hak5 forums. Secondly there are so many books and tools available that I am not sure which one to recommend. But what I would definitely recommend is to go back and watch some of the Hak5 videos, there are so many tools they use for hacking, like ophcrack for cracking windows passwords, backtrack 4 which a Linux distribution for doing network penetration testing. I think you should head over to this link http://www.youtube.com/hak5 and watch some of their videos, to get bit more of insight on the tools they use. Edited May 1, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
LawBobLoblaw Posted May 1, 2010 Author Share Posted May 1, 2010 Right on. I have an old desktop I'll load Ubuntu on and tinker with Linux. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 1, 2010 Share Posted May 1, 2010 Right on. I have an old desktop I'll load Ubuntu on and tinker with Linux. No problems, any questions just hit me up. Quote Link to comment Share on other sites More sharing options...
H@L0_F00 Posted May 1, 2010 Share Posted May 1, 2010 Here's a typical way I learn about things. 1. I read about X from a forum post, blog, tech "news" site, etc. I don't know much about X, so I research it because it seems interesting or I just want to broaden my knowledge, if I already have some sort of an understanding. 2. While reading about X, I come across Y. I don't know much about Y either, so step one repeats. 3. I don't get to step 3 very often, because I get lost in learning about whatever it may be that I somehow ended up at. Example: Google SSH Read about SSH Come across "public-key cryptography" Follow the link to "public-key cryptography" Read about public-key cryptography Come across "RSA" Follow the link to "RSA" Read about RSA Anyways, some sites you may want to check out are: SecurityTube Social Engineering Back|Track Linux Metasploit Unleashed Quote Link to comment Share on other sites More sharing options...
digip Posted May 1, 2010 Share Posted May 1, 2010 Dont forget http://www.offensive-security.com/ too. They are the creators of BackTrack and give courses on using it. My thing is, if you want to learn to be an ethical hacker, its the same thing as learning to be a black hat. Its how you use what you have learned, not what you know that defines the ethical hacker. To me, a good ethical hacker should be able to do all the attacks of a black hat, but in the process learn how to protect against those attacks, thus using his or her skills for good, not malicious intent. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 2, 2010 Share Posted May 2, 2010 If you want to get a taste of some of the hacking tools, here are a list. You might want to do a bit of research before using them Hydra Tsgrinder Nmap NetCat MD5 Word's fastest password cracker Ophcrack Hiren's Boot CD Netstumbler Backtrack 4 Kismet PwdDump Cain and Abel WireShark Can't think of anymore. Quote Link to comment Share on other sites More sharing options...
joeypesci Posted May 2, 2010 Share Posted May 2, 2010 And Kon Boot-Seems to work well for getting past the local admin account on Windows machines. I'm interested in all this security but most of it appears too complicated for me so I get confused easy and then lose interest. Practice I guess is the way to go. From the little knowledge I know, you could setup a VM of an XP machine and/or Server machine and try and break in, once you have some knowledge. In IT what I really like is when I know an area enough that I can use my experience to work out a solution to an issue and not have to look back at my notes. When I have to keep looking back at my notes it becomes a bit annoying. This happens with IT security. I only know the basics to get round some minor systems, none impressive at all. My point is, I think it will get easier, once you're in a roll and doing it every day as a job. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 3, 2010 Share Posted May 3, 2010 (edited) And Kon Boot-Seems to work well for getting past the local admin account on Windows machines. I'm interested in all this security but most of it appears too complicated for me so I get confused easy and then lose interest. Practice I guess is the way to go. From the little knowledge I know, you could setup a VM of an XP machine and/or Server machine and try and break in, once you have some knowledge. In IT what I really like is when I know an area enough that I can use my experience to work out a solution to an issue and not have to look back at my notes. When I have to keep looking back at my notes it becomes a bit annoying. This happens with IT security. I only know the basics to get round some minor systems, none impressive at all. My point is, I think it will get easier, once you're in a roll and doing it every day as a job. That's when Google comes in, when you can't find your notes. And most of all the experience. Edited May 3, 2010 by Infiltrator Quote Link to comment Share on other sites More sharing options...
joeypesci Posted May 4, 2010 Share Posted May 4, 2010 That's when Google comes in, when you can't find your notes. And most of all the experience. True :) Many a time I sat at a users PC at work googling the issue. They'd be amazed when I'd fix their PC asking me how I remember it all etc. I said "Some of it I don't. As you can see I just use Google" :) or I'd RDP to my desk machine and check my notes. Quote Link to comment Share on other sites More sharing options...
LawBobLoblaw Posted May 4, 2010 Author Share Posted May 4, 2010 Alright, I just spoke with the lead from the security response team and he stated the GAIC test is better than the CEH--I guess this explains why people laugh at the CEH, as a simple brain-dump study guide will get you passed. Thanks for the suggestions so far guys: I've installed Linux, am looking into other certs concerning hacking, and am keeping myself involved in the latest hacking programs. Thanks so far, and feel free to keep adding suggestions! Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 4, 2010 Share Posted May 4, 2010 Alright, I just spoke with the lead from the security response team and he stated the GAIC test is better than the CEH--I guess this explains why people laugh at the CEH, as a simple brain-dump study guide will get you passed. Thanks for the suggestions so far guys: I've installed Linux, am looking into other certs concerning hacking, and am keeping myself involved in the latest hacking programs. Thanks so far, and feel free to keep adding suggestions! Sorry for my ignorance, what does GAIC stands for? Quote Link to comment Share on other sites More sharing options...
ParMan Posted May 4, 2010 Share Posted May 4, 2010 Sorry for my ignorance, what does GAIC stands for? Global Information Assurance Certification Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted May 4, 2010 Share Posted May 4, 2010 Global Information Assurance Certification I knew what CEH stood for, not GIAC but thanks for that, much appreciated. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.