JamieJay Posted November 9, 2020 Posted November 9, 2020 Hello all. I hope you are all well. I am looking for a start up set into ethical hacking. I have a Raspberry Pi to start with and looking to add bits from the Hak5 shop. Does anyone know any guides or tutorials for people looking to get into white hat hacking, also what bits and pieces I should pick up from the shop itself? Also is there anyone on here tutor individuals for a set fee? Thanks for your time. Kind regards, Jamie Jay
Rkiver Posted November 9, 2020 Posted November 9, 2020 I say this every time, and once again it's not meant to be mean. Learn to use a search function. https://forums.hak5.org/topic/913-hacking-where-to-begin/ There's a whole section on it. But, to start, learn how your own computer works, how your own network works. Then have a plan. You want to get into penetration testing? Why. What part? Go from there.
JamieJay Posted November 9, 2020 Author Posted November 9, 2020 Hi Rkiver, Apologies I just came across this shortly after my post. I have a small understanding of networks. I can build a PC but purely for gaming. This seems to be an interesting venture into a new possible career in the longterm. I will look for a tutor as I am the kind of person who learns by seeing more than reading. Thanks again. Kind regards, Jamie Jay
chrizree Posted November 9, 2020 Posted November 9, 2020 There is a lot of "Deadpool attitude" needed when it comes to cyber security, it's not just buying some stuff and hope to magically elevate, "Maximum effort" is valid in a lot of areas. One thing that is important to remember is that all areas of cyber sec is based on the everyday use of technology. So, one of the best things is to actually work professionally in the areas that you want to help to defend. I.e. work as a PC tech/sys admin, work as a network tech, work as a software developer, etc. etc. Of course it's not a quick start, but if you want to get really good at security, you have to know the fundamental technology behind it all. Everything that I have learnt over the years as a tech pro is really the base for every understanding and knowledge I have within cyber sec, be it scripting, software development, how OSes work, how networks work, etc. It's many times difficult to cover the full spectra of cyber sec, at least in the start. Try to narrow down what you want to focus on when it comes to platforms (the Windows eco system, Linux servers, networks, web applications, etc.) and go from there. If you are to position yourself within the "white" field of hacking you also most likely need to study information security. Begin to learn about standards, models and methods available such as ISO27000, CIS Controls, NIST CSF, Lockheed Martin Cyber Kill Chain, Mitre Att&ck, etc. since you will be acting in the "defense" area of expertise as an ethical/white hat professional. To be a white hat you need to understand the business side of things since this is something you most likely will confront in one way or the other as businesses and organisations want to know why and it might be your task to provide them with answers and understanding. Being able to identify which assets that are extra important to protect is vital with a white hat on. Hak5 will probably chop my head off (Deadpool style) for saying this, but you don't really need a lot of equipment to start your journey. Some few computers and a physical network (or just one computer and a virtual set of computers/servers and a virtual network) will be enough to start with. You will have to learn a lot of basics anyway before having real use of certain devices. On the other hand, devices such as Hak5 gear can also open doors for you in terms of knowledge since they are easy to use. It's a balance if you ask me. I'm most often following the path of learning the hardcore basics first and then utilize tools to make things easier and automate when I know what the different tools actually do. In that way the selection of tools gets easier. Just blindly filling a cart with hardware and check out isn't the way to go according to me. It might end up with pure disappointment and frustration. If one of your goals is to establish yourself in the Hak5 community specifically, I guess I would recommend the WiFi Pineapple Mk7 since it's recently released and the most discussions will probably circulate around that device at the forum for some time ahead. But... it all depends on your goals and what you want to achieve. And, of course, also your budget. Other areas to learn is for sure software development and scripting. When it comes to programming it's good to chose a language to start with just to learn the basic logic, then traversing into other languages is rather easy. Start with for example Python to have something in the bag. Then there is scripting, a good mix to develop skills in is bash and Powershell. If you are a skilled programmer/scripter you can also be a resource in making software solutions more secure. Programmers/developers are sometimes pure laughing stock in hacking communities since they make mistakes which makes the life as a threat actor easier to live so understanding this area is more or less vital. Cryptography is of course also something that is good to know. Also dig down in Kali Linux (or Parrot OS and such). Offensive Security has a free Kali ebook and a free online course available. If you aren't already familiar with Linux, you need to get your hands dirty in that area of expertise. Using Kali is a good way to go since you will get a distro commonly used in the cyber sec community with a lot of support and a lot of tools built in. Start to familiarize yourself with basic tools like, for example, Wireshark and nmap.https://kali.training/ Then there are of course myriads of resources online. Download some vulnerable virtual machines such as Metasploitable or machines from VulnHub and start hacking them. There are also resources available directly online such as Hack The Box that offers legal opportunities to hack stuff without hosting the servers in your own environment. Also take part in CTF (capture the flag) competitions/challenges that is being made available online. VulnHubhttps://www.vulnhub.com/about/ Metasploitablehttps://github.com/rapid7/metasploitable3https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities Hack The Box - an example of an online platform allowing you to test your penetration testing skillshttps://www.hackthebox.eu/ Example of a CTF resource, not sure if it's any good since I've never used it myselfhttps://www.hackerone.com/for-hackers/hacker-101https://www.hacker101.com/ And, last but not least, use YouTube as a source of knowledge. Hak5 is for sure a good starting point and not just recent videos but way back as well. There are a lot of good stuff to look at even if the videos have been around for some years. Null Byte is also a good source if you ask me.
JamieJay Posted November 10, 2020 Author Posted November 10, 2020 Hi Chrizree, Firstly thanks not just for the reply but also for the time you have put into your response. I will go over all this information and act accordingly. Much appreciated! Jamie Jay
Recommended Posts
Archived
This topic is now archived and is closed to further replies.