Re: Intro To Hacking
From: Miles Stevenson (miles_at_mstevenson.org)
Date: 10/16/04
- Previous message: Jason Chung-Tung: "IT Security organizational structure"
- In reply to: Jason Dusek: "Intro To Hacking"
- Next in thread: Jonathan Loh: "Re: Intro To Hacking"
- Reply: Jonathan Loh: "Re: Intro To Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Fri, 15 Oct 2004 21:12:26 -0400
Hi Jason,
First of all, I URGE you to please take your "insecure" machine OFF the
network! Please do us all a favor and keep your machine from becoming "0wned"
by an attacker and used to attack others. Even though I'm sure you don't
intend to harm others, you are still responsible for that harm if it should
happen. Honeypots are NOT for beginners, but for advanced security
researchers that know what they are doing, and carefully monitoring their
systems with numerous controls in place to keep that honeypot from being used
to attack others.
WIth that being said, there are tons of resources out there for beginners, but
few that follow a systematic approach to learning offensive attack methods in
a logically organized way. I would say that one of the BEST out there is the
SANS Track 4 "Hacker Techniques" class taught by Ed Skoudis. Less costly
options include popular books like the "Hacking Exposed" series.
One free option, would be to check out the SANS reading room and read the
papers written by SANS Track 4 students: http://www.sans.org/rr
In general, I would avoid "blackhat" resources while you are a beginner,
because they tend to be less organized, full of grammatical errors that can
make it difficult to understand the material, and usually aren't as good at
thouroughly verifying their facts. Leave this stuff for when you get to an
intermediate stage, and it will be a lot easier to swallow. But this stuff
DOES become valuable once you get to that point because you can pick out the
clever ideas and apply them in a practical way.
Finally, you are going to have a MUCH easier time with this stuff if you have
a strong background in networking and programming. It's no coincidence that
so many successful security people out there usually have 5-10 years of
experience in one or both of these professions before moving on to security.
The better grasp you have of networking and programming, the better off
you'll be.
Good luck in your endeavors.
-- Miles Stevenson miles@mstevenson.org PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63
- application/pgp-signature attachment: stored
- Previous message: Jason Chung-Tung: "IT Security organizational structure"
- In reply to: Jason Dusek: "Intro To Hacking"
- Next in thread: Jonathan Loh: "Re: Intro To Hacking"
- Reply: Jonathan Loh: "Re: Intro To Hacking"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
