Thanks, sounds like good advice. I’ve only ever messed with Mint, TAILS and Ubuntu.
Drivers is exactly where I hit a wall the last time I tried teaching myself Linux. I have an old netbook I used as my Linux lab rat, but I was never able to get the ethernet drivers installed.
I think I might dual boot and make Linux the default tonight to try to immerse myself, thanks for the suggestion.
I forgot a skill!
If you are planning on installing gentoo (or any other manually partitioned distro) then make sure you have a separate hard drive to install on. Physically remove your current hard drive, and install gentoo onto the new one. You’ll have far too much fun trying to figure out how to partition windows and then chainload it, and you’re likely to mess up the first time.
That’s actually what I had in mind. Not risking my windows install. It takes forever to get all my programs reinstalled.
Gentoo is great. Personally I’d go Arch Linux + Blackarch but I am being a contributor to both I’m a bit bias. For the hard core go freebsd or open solarius. They’re true UNIX systems and are more in common with Apple’s OS or Cisco’s OS than anything else.
Overall go with what you feel comfortable, spin up a virtual machine with the new system and play with that to learn it.
not risking my windows install
Then try Vagrant + VirtualBox or VMWare. Sure it a hypervisor but its not going to effect your filesystem.
Created an article for tracking resources used by hackers. Feel free to contribute but keep in mind the goal isn’t to load down with a bunch of third party things or “how-tos” but articles that come from the source and teach the fundamentals at a professional level or used in everyday R&D.
That’s the stuff I was referring to, yes. I know that’s a really broad category, so really any links to online learning resources would be appreciated. There’s a ton out there so it’s hard to narrow down which sites have better reputations.
Like I was saying my interest in these things is mainly because my work’s network is a mess, c++ I’m mainly interested in because of Arduino etc. And I’ve been able to manage some extremely basic tasks in Linux, and that’s mainly from my raspberry pi tinkering. I’ve installed various distros on old laptops but always end up running home to mother Windows because Adobe.
Ok so networking and C++, those are fairly easy items to start diving into but do take a while to learn on one’s own. Though are highly rewarding when one does.
We can easily setup a networking lab for you to learn.
Lets start off with the C++ part…
Those three links plus a good copy of Linux are going to get one started but will not hand hold you through learn it. One really does need to take a class on many of the concepts in there. Something that’s a large task for the committee at this time but can be done with the MIT online and EdX Courses.
Plus building a small set of programs in one’s own time to solve challenges they’re facing in their own systems.
Now the Networking stuff…
The Cisco lab hardware we have in storage and depending on classroom availability and demand we should be able to setup a series of sessions.
A fully stocked IT shop typically has tools for every occasion to repair anything. InfoSec, well they focus more on virtualization, networking, and servers. But hackers… now we’re a special breed. We’ll have tools for not just those to but also to build and tear apart. Be low is a good starting point for running labs or setting up a hacking shop.
Many of which are located in the Studio for general use.
Let’s hope these two threads don’t attract too much attention, or you will get our domain blocked at work for a lot of users.
Let’s hope these two threads don’t attract too much attention, or you will get our domain blocked at work for a lot of users.
Since the focus is more on professional / hobbyist that “dude how U hax b4nk” kind of stuff I’m fairly sure we will be ok in that aspect.
but the point is valid and checking our domain show our IP in two (minor) RBLs but not on the major RBLs so we’ll have to double check things on the server but overall we’re good.
For those that are not aware RBL’s are the first layer of automated
“domain blocks” used by infosec. The next is keyword and malware checks which “hacking” shows up twich but the rest of the domain doesn’t have it. So more than likely the two urls would be blocked not the domain.
C or C++ or Python? Did you ask us to learn C in general or is there any special need of C being the language of hackers?
C has an ability to address bits, bytes and memory structures in a predictable bare metal format not shared by any of the other higher languages. That makes it the generally preferred language for IO of all sorts, but especially accessing data off the network to modify it in ways not intended by the protocols.
C, C++, or Python?
All of them. When one learns C++ they in a way learn C. Python goes one step above C++ in that it has modules like scapy, scrappy, tensorflow, and ansible which makes writing tools, building botnets, and working with large scale datasets a easy task. Python itself even uses C to go faster
But, again core fundamentals are needed. C is what the kernel is written in and therefore has access to bare metal, with a bit of understanding on x86 assembly then reverse engineering malware becomes a fun task. Plus operating at this level one’s able to grok what’s going on at near kernel space instead of python’s user space.
For example; if one was trying to write shellcode they would need to know assembly and C/C++ to find the security vulnerability, then use python as the code for the exploit, C to create the exploit[1], and finally word to write up the CVE Report.
Another example and more real world than anything is doing post processing of malware captured by a honeynet. One absolutely needs to understand C to discover the internals of the malware and be able to shut down the botnet that is attacking the network under one’s watch.
[1]: debasish dot in /2012/04/execute-shellcode-using-python.html
I had taught myself C as a programming language in college. Is there any specific area of C you want us to get expertise?
But the order of those bytes does depend the system… Little-endian vs Big-endian
C is closer to the actual machine codes compared to python. But it depends on which type of hacking you are doing. If you are just doing security research for sql injection, python is far easier. If you are doing any sort of buffer overflows with compiled code, you will need to know the assembly language of the system you are testing. Many things that are compiled are written in C, so you will be looking at complied C code in assembly from the perspective of the system. So, knowing C will help you.
Could someone take a Prep class in DMS, for someone who is exploring Cyber Security. Topics like vulnerabilities, back doors, brute force testing, Dark web etc…This will be a good start…
Or provide some website url which has this all…
I think we are working toward having classes on things like that. One of the fun ways is to learn CTF or Capture the Flag. It is a way to polish your skills and learn new ones. Basically, you are given a puzzle to find a text flag. Depending on the challenge it could be embedded in text or it could be a file on the system that you have to find a way into to find or any number of places depending on the challenge
Here is a simple one that anyone can do:
the flag is somewhere here,
will you be able to find it?it seems like the flag is invisible,
if you look Carefully, you will find it!you could try looking at the Letters,
Or you can just try with any wordbut i reCommend you the first hint,
already all said,good lucK!
You can find many events online and we are planning to host several as well.
check out https://ctflearn.com/
That’s a fairly ok site but can be seen as not infosec approved, even if half of their team would bookmark it.
Is there any sites that you can post that detail why injection works and how to fix it?