Security Basics mailing list archives

Re: Programming SKills for PT...?

From: George Huber <kharmon () optonline net>
Date: Thu, 07 May 2009 19:17:27 -0400

Swaminathan, Balaji wrote:

   In my opinion, though all the open source exploits, tools are
available, you cannot call urself as an hacker atleast an ethical hacker
unless you try to figure out them on your own. So pls let me know:

1. What are the programming/scripting languages needed to accompolish
the above?
2. I see most of the real hackers are well proficient in almost all of
the the technologies like Networking, Application/WebApplcn testing, OS
etc. Is it so...?
3. Are there any other skills/requirements that you can suggest to be a
successful Hacker?

Thanks in advance.

Hi,

Here are my thoughts on this.

Hacking, at least with the original definition of the word, is reallythe ability to find new and novel solutions to difficult problems. Thisis done by a very deep and though knowledge of the subject field.Now, hacking (or ethical hacking) is really the same thing -- using adeep understanding of a system to make it do strange and interestingthings. So in my opinion you will need a deep understanding ofoperating systems, networking and networking protocols.

If you are aspiring to be more then a "script-kiddie", and write yourown exploits, you will need to understand assembly language -- rememberthe shell code is nothing more then assembly. Moving away fromassembly, while scripting languages might be nice for automationpurposes -- from what I've seen the serious exploits (as well asapplications) are still done in C or C++.With this I would strongly recommend that you start with C...learn itwell, inside and out (and my your own admission, this might be difficultfor you).Try to understand how things work, and more importantly why they workthat way. Look for assumptions that might be made about something -- beit a protocol, program or system -- and see what happens if you removeone of those assumptions or you break one of them.




------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

Current thread:

Re: Skills needed to become a Security Expert and Penetration Tester? Joseph McCray (May 04)
- Message not available
  - Re: Programming SKills for PT...? George Huber (May 08)
- Message not available
  - Re: Programming SKills for PT...? Robin Wood (May 08)
    - RE: Programming SKills for PT...? K K Mookhey (May 08)
- Message not available
  - Re: Programming SKills for PT...? JoePete (May 11)
    - RE: Programming SKills for PT...? Swaminathan, Balaji (May 18)