Jump to content

Please Provide Tools On Becoming An Ethical Hacker


LawBobLoblaw

Recommended Posts

Hello,

New guy here, referred by some folks on Reddit. Recently, a department where I work is opening up to digital forensics and ethical hacking. I'm interested in ethical hacking enough to make it a career. Currently, I'm studying to take ECCouncil's Certified Ethical Hacker exam. I believe by the time the position is open, I'll have passed the test. Nonethless, my hands-on experience is lacking. I've read through some threads here and it seems like ethical hacking may be more of capitilizing on a hobby rather than a trade I could pick up within 6-12 months. Regardless, I'm willing to learn, try, and keep motivated. My question to you guys is if you may provide any tools I can put this theory to the test on, or books I could read, or other websites that would help me learn.

Thanks in advance!

Link to comment
Share on other sites

First off all welcome to Hak5 forums. Secondly there are so many books and tools available that I am not sure which one to recommend. But what I would definitely recommend is to go back and watch some of the Hak5 videos, there are so many tools they use for hacking, like ophcrack for cracking windows passwords, backtrack 4 which a Linux distribution for doing network penetration testing.

I think you should head over to this link http://www.youtube.com/hak5 and watch some of their videos, to get bit more of insight on the tools they use.

Edited by Infiltrator
Link to comment
Share on other sites

Right on. I have an old desktop I'll load Ubuntu on and tinker with Linux.

No problems, any questions just hit me up.

Link to comment
Share on other sites

Here's a typical way I learn about things.

1. I read about X from a forum post, blog, tech "news" site, etc. I don't know much about X, so I research it because it seems interesting or I just want to broaden my knowledge, if I already have some sort of an understanding.

2. While reading about X, I come across Y. I don't know much about Y either, so step one repeats.

3. I don't get to step 3 very often, because I get lost in learning about whatever it may be that I somehow ended up at.

Example:

Google SSH

Read about SSH

Come across "public-key cryptography"

Follow the link to "public-key cryptography"

Read about public-key cryptography

Come across "RSA"

Follow the link to "RSA"

Read about RSA

Anyways, some sites you may want to check out are:

SecurityTube

Social Engineering

Back|Track Linux

Metasploit Unleashed

Link to comment
Share on other sites

Dont forget http://www.offensive-security.com/ too. They are the creators of BackTrack and give courses on using it. My thing is, if you want to learn to be an ethical hacker, its the same thing as learning to be a black hat. Its how you use what you have learned, not what you know that defines the ethical hacker. To me, a good ethical hacker should be able to do all the attacks of a black hat, but in the process learn how to protect against those attacks, thus using his or her skills for good, not malicious intent.

Link to comment
Share on other sites

If you want to get a taste of some of the hacking tools, here are a list. You might want to do a bit of research before using them

Hydra

Tsgrinder

Nmap

NetCat

MD5 Word's fastest password cracker

Ophcrack

Hiren's Boot CD

Netstumbler

Backtrack 4

Kismet

PwdDump

Cain and Abel

WireShark

Can't think of anymore.

Link to comment
Share on other sites

And Kon Boot-Seems to work well for getting past the local admin account on Windows machines.

I'm interested in all this security but most of it appears too complicated for me so I get confused easy and then lose interest.

Practice I guess is the way to go. From the little knowledge I know, you could setup a VM of an XP machine and/or Server machine and try and break in, once you have some knowledge.

In IT what I really like is when I know an area enough that I can use my experience to work out a solution to an issue and not have to look back at my notes. When I have to keep looking back at my notes it becomes a bit annoying. This happens with IT security. I only know the basics to get round some minor systems, none impressive at all.

My point is, I think it will get easier, once you're in a roll and doing it every day as a job.

Link to comment
Share on other sites

And Kon Boot-Seems to work well for getting past the local admin account on Windows machines.

I'm interested in all this security but most of it appears too complicated for me so I get confused easy and then lose interest.

Practice I guess is the way to go. From the little knowledge I know, you could setup a VM of an XP machine and/or Server machine and try and break in, once you have some knowledge.

In IT what I really like is when I know an area enough that I can use my experience to work out a solution to an issue and not have to look back at my notes. When I have to keep looking back at my notes it becomes a bit annoying. This happens with IT security. I only know the basics to get round some minor systems, none impressive at all.

My point is, I think it will get easier, once you're in a roll and doing it every day as a job.

That's when Google comes in, when you can't find your notes. And most of all the experience.

Edited by Infiltrator
Link to comment
Share on other sites

That's when Google comes in, when you can't find your notes. And most of all the experience.

True :)

Many a time I sat at a users PC at work googling the issue. They'd be amazed when I'd fix their PC asking me how I remember it all etc. I said "Some of it I don't. As you can see I just use Google" :) or I'd RDP to my desk machine and check my notes.

Link to comment
Share on other sites

Alright, I just spoke with the lead from the security response team and he stated the GAIC test is better than the CEH--I guess this explains why people laugh at the CEH, as a simple brain-dump study guide will get you passed.

Thanks for the suggestions so far guys: I've installed Linux, am looking into other certs concerning hacking, and am keeping myself involved in the latest hacking programs. Thanks so far, and feel free to keep adding suggestions!

Link to comment
Share on other sites

Alright, I just spoke with the lead from the security response team and he stated the GAIC test is better than the CEH--I guess this explains why people laugh at the CEH, as a simple brain-dump study guide will get you passed.

Thanks for the suggestions so far guys: I've installed Linux, am looking into other certs concerning hacking, and am keeping myself involved in the latest hacking programs. Thanks so far, and feel free to keep adding suggestions!

Sorry for my ignorance, what does GAIC stands for?

Link to comment
Share on other sites

Global Information Assurance Certification

I knew what CEH stood for, not GIAC but thanks for that, much appreciated.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...