suggests for me...

Started by kko, June 18, 2013, 12:13:50 PM

Previous topic - Next topic

kko

Hi, i would to know your opinion.

to know Back Box and understand what means "hacking" and "security"  which is the best road map?

i should to begin from?

Thanks

ZEROF

#1
How many people asked this question ? I think few 1 000 000, no ? 1st when you ask question like this, i'm not sure that you are ready to be one security expert. Why ? Because security expert is open mind looking how to resolve security issues and how stuff actually works. How most of people start ?

WRONG WAY

1. Going against vulnerable system without knowledge how actually system works  ?
2. If you are not in measure to fix your own system errors, don't try to find other people errors.
3. You need to think what you want to be ? System, web, code, network pentester or something else ?
4. Thinking that you are hacker after 2 months of learning and using "how to do" tutorials.

GOOD WAY

1. Pick last book about your Linux system. Learn all what you can. Install, reinstall, fix issues etc ..
2. You want to run wifi attacks ? Get book about. You want to run against servers ? Get book about.
3. Use all online resource to learn about last attack tech.
4. Join some Linux community in your area and join linux communities and hackers forums.

This will take some time, but you can do if other people can do. Faster way ? Yes, if you have few 1000$ in your pockets get online training. Some cheap solution and basic, try to find free online webinars about hacking.

So you'd like to... Become a Computer Security Expert: http://amzn.to/16E0RZO

Happy hacking.

Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*

kko

thank , Zerof.

i thought the same, but unfortunately without money or job and without time it's hard to find a correct way to improve... and so i try to find a way between thousands of tutorials... not good like a book... not good like a online training... but i have only few hours and my "i want"...


sinflooddotnet

You wil have to learn how to search for good online materials. There's plenty of free but very valuable information on supplier's websites, open source groups, wikipedia, conference videos, etc.

However, focussing on all subjects is impossible. My advice is to focus on your main interest(programming, networking, policy making, auditing, etc) and you'll get there if you have the drive to take it to the next level.

b4sil

Let me make it easy for you.

- Start with learning TCP/IP
- In parallel learn regex, bash and at least one programming language like php, python, ruby etc.
- Learn how major protocols works such as HTTP, SNMP, SMTP, DNS, FTP etc.
- Learn web and web service architecture
- Learn how operating systems work

Phase 2

- Setup lab in your home, you can do it easly by using virtualization tool like vmware virtualbox parallels
- Install different test systems such as metasploitable, etc.
- Time to start to learn metasploit
- time to start to learn intercep http  and web service traffic with a proxy tool such as webscarab etc. and play with it
- time to read OWASP website, everything
- Time to apply whole knowledge to this test machines

Phase 3

- go further with networking
- go further with Endpint security products such as IDS, Firewalls, Routers etc.
- Learn how web application firewalls work
- go further how automated scanners work, how they use related signatures, how they crawl the web site, how they parse dom etc.

Phase 4

- Go further with malwares
- learn malware analysis
- learn a little bit assembly
- learn reverse engineering

After those phase you will have enough sense to choose your future and interest to focus.

Hope it helps.