Re: learning ethical hacking

From: Anirudhya Mitra (
Date: 09/24/04

  • Next message: Gautam R. Singh: "Fwd: nc help needed."
    To: <>
    Date: Fri, 24 Sep 2004 03:56:31 +0530

    Great Gillett! What ever you have written seems to be very realistic to me.
    I am also a computer security enthusiast but I don't want to be
    script-kiddie. But when it comes to learning the technology, it seems that
    there is no end of learning, and frankly, that's why i sometimes get
    confused and fraustrated.
    Is there any roadmap that a beginner can follow?

    ----- Original Message -----
    From: "David Gillett" <>
    To: "'Shawn Duffy'" <>; "'Nick Falcon'"
    Cc: <>; <>; "'D K'"
    <>; "'linux user'" <>;
    Sent: Thursday, September 16, 2004 12:20 AM
    Subject: RE: learning ethical hacking

    > > -----Original Message-----
    > > From: Shawn Duffy []
    > >
    > > What many people fail to recognize is that if you get into this in an
    > > effort to "learn how to hack", you're not going to get very far. This
    > > isn't about learning how to compromise systems, per se, it is about
    > > learning the technology behind it all. If you simply want to know how
    > > to "hack", you may end up being no better than a script kiddy... If
    > > you want to really succeed and differentiate yourself from the
    > > kiddies, learn the technology. When you learn the technology, you
    > > will learn how it works and how to break it.
    > I've seen an awful lot of exploit descriptions from folks who very
    > clearly had no idea how the system/technology being exploited was
    > designed to work, kind of the "let's see what happens if we press
    > this button" school of system exploration. That's bad for anybody
    > who aspires to be a White Hat (ethical), because it risks breaking
    > things unintentionally. And it's bad for Black Hats because it tends
    > to leave a fairly obvious trail of failed attempts....
    > On the flip side, though, well-built products are supposed to be
    > thoroughly tested by folks who DO understand the design, before their
    > released into the world. Experience suggests that the ignorant (I'm
    > not being derogatory here, just factual) approach pretty regularly
    > uncovers flaws in areas that were incorrectly or incompletely specified
    > in the design. The vulnerability is triggered by doing something that
    > nobody who understood the design would ever think to do!
    > I would say that your goal should be to achieve a deep, expert
    > understanding of the systems whose security you want to study -- but
    > it may be counterproductive to put off starting to study until you have
    > achieved that level of understanding.
    > Dave Gillett
    > --------------------------------------------------------------------------
    > Computer Forensics Training at the InfoSec Institute. All of our class
    > are guaranteed to be 12 students or less to facilitate one-on-one
    > interaction with one of our expert instructors. Gain the in-demand skills
    > a certified computer examiner, learn to recover trace data left behind by
    > fraud, theft, and cybercrime perpetrators. Discover the source of computer
    > crime and abuse so that it never happens again.
    > --------------------------------------------------------------------------

    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (
    Version: 6.0.759 / Virus Database: 508 - Release Date: 9/9/2004

  • Next message: Gautam R. Singh: "Fwd: nc help needed."