Security Basics mailing list archives

Re: Intro To Hacking

From: Miles Stevenson <miles () mstevenson org>
Date: Fri, 15 Oct 2004 21:12:26 -0400

Hi Jason,

First of all, I URGE you to please take your "insecure" machine OFF the 
network! Please do us all a favor and keep your machine from becoming "0wned" 
by an attacker and used to attack others. Even though I'm sure you don't 
intend to harm others, you are still responsible for that harm if it should 
happen. Honeypots are NOT for beginners, but for advanced security 
researchers that know what they are doing, and carefully monitoring their 
systems with numerous controls in place to keep that honeypot from being used 
to attack others.

WIth that being said, there are tons of resources out there for beginners, but 
few that follow a systematic approach to learning offensive attack methods in 
a logically organized way. I would say that one of the BEST out there is the 
SANS Track 4 "Hacker Techniques" class taught by Ed Skoudis. Less costly 
options include popular books like the "Hacking Exposed" series. 

One free option, would be to check out the SANS reading room and read the 
papers written by SANS Track 4 students: http://www.sans.org/rr

In general, I would avoid "blackhat" resources while you are a beginner, 
because they tend to be less organized, full of grammatical errors that can 
make it difficult to understand the material, and usually aren't as good at 
thouroughly verifying their facts. Leave this stuff for when you get to an 
intermediate stage, and it will be a lot easier to swallow. But this stuff 
DOES become valuable once you get to that point because you can pick out the 
clever ideas and apply them in a practical way.

Finally, you are going to have a MUCH easier time with this stuff if you have 
a strong background in networking and programming. It's no coincidence that 
so many successful security people out there usually have 5-10 years of 
experience in one or both of these professions before moving on to security. 
The better grasp you have of networking and programming, the better off 
you'll be.

Good luck in your endeavors.

-- 
Miles Stevenson
miles () mstevenson org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63

Attachment: _bin
Description:

Current thread:

Intro To Hacking Jason Dusek (Oct 15)
- Re: Intro To Hacking Miles Stevenson (Oct 18)
  - Re: Intro To Hacking Jonathan Loh (Oct 19)
    - Re: Intro To Hacking Miles Stevenson (Oct 19)
- Re: Intro To Hacking VHP3 (Oct 18)
  - Re: Intro To Hacking Greg Tracy (Oct 18)
    - Re: Intro To Hacking Barrie Dempster (Oct 19)
  - Re: Intro To Hacking Micheal Espinola Jr (Oct 18)
- Re: Intro To Hacking Jon Lawhead (Oct 18)
  - Re: Intro To Hacking xyberpix (Oct 20)
- Re: Intro To Hacking Andrew Smith (Oct 18)
  - Re: Intro To Hacking Jason Dusek (Oct 18)

(Thread continues...)