Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Where to start?

from [Chris Halverson] Network Security [Permanent Link]
Subject: Re: Where to start?
Date: Thu, 31 May 2007 08:33:20 -0600 
Being a Team lead in the security practice hear at the place I work I
have gotten that question asked a few times and the best advice I can
give is that you have to try with some of the tools in your internal
network.  Port scanning is a good start for a basic examination but
you need to research what each open port represents and start there.
It takes time. Whereas Vulnerability Scanners such as Metasploit
Framework is one of the best tools that you can use to learn about
attack vectors.  They help show different vulnerabilities on different
systems. Prepare internal installations such as a base version of
Apache on your linux box and then attack it with a different host.
Install a default version of MySQL, or Squid and try attacking it, or
even a base fedora core 2 install or Windows 98.  Learn what default
instances of these components have problems and you will be able to
pentest 90% of companies infrastructure.  Scary thought...

I have to ask why 'C'?  I remember going through courses back in 1994
in college on my i386 learning ANSI C and creating word processors for
DOS.  Yuck...  I personally would look at Perl, Python or Ruby or
anything Object Oriented.  Even C++ would be better, because as soon
as you understand the concept of layout and theory it is far easier to
adapt the syntax between Languages.

On 29 May 2007 08:27:55 -0000, graciejj_82@yahoo.com
<graciejj_82@yahoo.com> wrote:

Hello everyone,


I'm looking forward to a career in the security field.  Specifically, I'm interested 
in Pentesting.  I concider myself "early" in my education, and have alot to 
learn, but my biggest concern is, where do I need to start?


I mean, what do I need to learn about to become a pentester, and where can 
i gather and explore my knowlage?


In order to not leave this question TOTALLY OPEN, I'll give a quick 
background of what I know so far.


I'm currently enrolled in classes to learn to be a Network/Server Admin, including 
classes in Cisco, Basic Hardware and Microsoft Servers.  I currently hold certification 
for CCNA 1&2, and hope to get 3&4 in June of this year.

Also, I have a linux server, and a couple of linux VM's that I've been learning on.  And 
I'm fiddling with "C" right now to get a basic background in programming.  But 
with the knowlage I have, I don't think I could offer any value in a pentest.  I've done 
some port scans of various, random IPs (sorry if I gave any of you a scare at work :), 
and I've seen open ports, but I dont' know what to do next...


So, what information do i need to study to start getting a grasp of what I 
would be doing in my job?  (other than just start hacking random computers, 
which I'd rather not do)


I appreciate your help,

Michael


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: GSEC Study Materials, Francois Yang
Next by Date:  RE: CCSP Self-Study, Pawan Saini
Previous by Thread:  RE: Where to start?, Johnson, Joseph
Next by Thread:  Re: Where to start?, flyingmunk
Indexes:  [Date] [Thread] [Top] [All Lists]