Wednesday, 3 September 2014

THIS is where you should start



when i woke up this morning and went on reddit's /r/hacking and /r/netsec i swore to everything holy to make this post because god knows if i saw another "Where do i start" or "im new pls guide me guysh" post im going to spontaneously combust.


Last guy who read a "where do i start" post

Where should i start ?

a wise man that i don't remember his name once said "if i had four hours to cut down a tree i'd spend the first two sharpening my axe."  Pretty deep stuff.
Apart from the depth of the guy what he meant was if you were going to do something you damn better be prepared ! so "jumping right in" won't really do you any good when it comes to computer security.. trust me ... i tried.......

What you need to do is to build an essential amount of knowledge about an essential amount of topics so you would be able to understand what that guy at Defcon is talking about.



Networking

If you think that by some miracle you can learn anything about computer security without knowledge of networking then boy aren't you in the dark..
Learning networking is a crucial skill to have as a hacker pentester ! because almost all of the tools and the techniques you'll be using and the books and tutorials you're going to be reading will somehow be linked to networking. Some will argue that programming is more important than networking but i say there's no use of a program that can't reach outside, after all if you want to start writing tools of your own someday its networking then programming not the other way around.

There are multiple sources where you can have a comprehensive overview on the whole networking thing and by comprehensive overview i mean just enough to get you going, after all you're not having a PHD in networking so don't go too deep. (or go if you're interested)
I recommend Head first networking by Al Anderson and some other guy, you will see me recommending the Head first series a lot in this post because unlike all-text-no-pictures books its designed to attract your brain to it and not bore you at all, And by designed i mean they actually consulted people from the Metacognition field which is basically the science of how people think.
Look at me complaining about books which don't have pictures while doing the same thing..




Here's a picture of a cute cat sleeping peacfully
because it knows its networking.


If however you're not a book person then i suggest you take a video course about it and i recommend Comptia's Network+ (That's how i learned about networks)
and yes you can have CCNA courses as well but what i hate about the CCNA courses and books is that they're revolve around the exam and not the Course material itself, Pick whatever makes you feel comfortable as long as at the end of the day you'll know what im talking about when i say something like "24-bit network mask" or "DNS record".













Programming

Before we dive into the whole programming this i need to clarify some concepts.
Programming languages fall into two categories, Scripting languages and Programming language.
Well... some apples don't
have whiskers..
Scripting languages are the ones you use to write well .. scripts .. Scripts are small programs that you write to automate a lengthy process or write a nifty little tool that you use often.
Programming languages on the other hand are languages that you will use to write big programs and tools if you ever make it to the big programs level, Now don't get me wrong i'm not saying that one is better than the other or that one is more powerful than the other, In fact comparing these will be like comparing apples to baby seals, Each of them has it's own uses.



In order to be a decent hacker pentester you need to speak one programming language and one scripting language, then you may increase these based on how far you wanna go with your whole pentesting "carrier"

Programming languages include languages like the C group (C, C++, C#), Java and Brainfuck.
(Yes it's a programming language and it has a wikipedia page.)
while scripting languages include but not limited to Python, Perl and Ruby.
So go do your research and choose the ones you feel more comfortable with, I'm not going to recommend any language here because in my humble opinion i think programming languages are like shoes, so what may make your friend comfortable might not be so comfortable for you, also you need to weigh that pros and the cons of every language so you won't spend a year learning a language then be like oops..
i know C and Java (not from A to Z) and each of them has their pros and cons, C is relatively easy and it's used in most books and tutorials you're going to find on the internet, however it lacks security and it follows the old Structural Programming Paradigm, Java on the other hand follows the OOP (Object oriented programming)  Paradigm which i found much more easier to work with and most convenient for code re-usability,
Plus of course the features the JVM (Java Virtual machine) provide for you which includes Garbage Collection and Sandboxing add to that the Type and boundary checking features that renders your code virtually Overflow free
besides hey its a multi-platform language which means that the program that you write in windows will work on linux, solaris, and MacOS.

Again i recommend that head first series for any programming language that you will choose because of what i mentioned above.
And again if you're not a book person then head on to Old bucky's YouTube channel for some video learning, That guy knows how to teach a programming language i tell you that !



Computer Basics

 And no i'm not talking about how a keyboard is an input device and the screen is an output device and that crap they teach at schools, i'm talking about how computers work at the most fundamental level Because if you're gonna start searching for vulnerabilities and patching them you'll need to know your basic computing, and you also need to speak the binary language perfectly which is the language the processor uses and understand when consist of only 1's and 0's
okay just kidding on the binary part.
You'll need to know how data travels in the computer, How a program is loaded in the RAM (Random Access Memory) when you double click its colorful icon, you need be familiar with terms like Stack and Heap and Page Fault.
That is if you ever want to progress to an advances level.
for that i recommend Chapter 2 of the book Reversing: Secrets of reverse engineering by Eldad Eliam.




HTTP Basics:

 Http stands for HyperText Transfer Protocol and it's the protocol your browser uses when you surf the internet, Basically its a Predefined set of rules of how your computer (the client) and the website (the server) should exchange data, you'll need to know Basics of HTTP if you're interested in Web Application pentesting, Again you don't need get a PHD in HTTP but you only need to know the basics,for that i recommend HTTP Essentials by Stephan Thomas or the beginning of The web application hacker handbook by Dafydd stuttard













Linux

Last but no least you need to learn about Linux OS, while not a CRUCIAL skill you must have but every good hacker pentester knows their linux, and it'll be a VERY useful skill to have because one way or another you're going to have to use the famous BackTrack linux Distro. and by then if you think that you can treat Linux like windows you're in for a surprise..
Linux comes in Multiple "Distributions" which basically means a bunch of software stuck to a linux kernel which makes a distribution or a "Distro"
Now Linux is far from having a shortage of distros, here are some of the examples:

I'm going to quote from an  article on Howgeek.com on what linux distros are because i feel that i can't explain it as well as them:
Linux isn’t like Windows or Mac OS X. Microsoft combines all the bits of Windows internally to produce each new release of Windows and distributes it as a single package. If you want Windows, you’ll need to choose one of the versions Microsoft is offering.
Linux works differently. The Linux operating system isn’t produced by a single organization. Different organizations and people work on different parts. There’s the Linux kernel (the core of the operating system), the GNU shell utilities (the terminal interface and many of the commands you use), the X server (which produces a graphical desktop), the desktop environment (which runs on the X server to provide a graphical desktop), and more. System services, graphical programs, terminal commands – many are developed independently from another. They’re all open-source software distributed in source code form.
If you wanted to, you could grab the source code for the Linux kernel, GNU shell utilities, Xorg X server, and every other program on a Linux system, assembling it all yourself. However, compiling the software would take a lot of time – not to mention the work involved with making all the different programs work properly together.


Note: The BackTrack R5 Distro is Based on Ubuntu, While its successor Kali linux is Based on Debian

 As a learning resource i recommend The Linux Bible by Christopher Negus & Christine Bresnahan 










Conclusion

 Now that you're pointed in the right direction the rest depends on you, If you want to be good at this you've got to dig around for information, research what you don't know and ASK. Because if you choose this Path then from the second you reach the last period of this post till the last day in your life you're going to be learning new things, So if you want to learn hacking because you want to impress people, look cool, spy on girls in their bedrooms then close this tab right now because this is most defiantly not for you, However if you're a Curious kind of Person that is interested in computer and the whole hacking and computer security thing then get your books and start reading and trying.


~Fin~
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)