[RFC] Hacking the InfoSec Track

I am looking at Kali since the videos that I am following uses one. I know there are other tools too. I haven’t got into pentesting or hacking, so trying to learn. Once I know what other hackers in the forum are talking about, I can explore other tools.

Do you at lease know basic command line Linux and Networking?

ok, so I’ll be blunt about this because it’s the best help anyone can give. only using tools is kiddie pool stuff.

Being good at tools is not the same as knowing the tools or why they work.

Try picking up c programming and network engineering.

If one doesn’t know how the stack works then gaining root is never going to happen.

if one can’t setup routing tables or know the protocols of a random port then sniffing for passwords over the wire is impossible.

Infosec is the level 42 of IT and takes a lot of separate hard skills that need to cross pollinate to be effective.

All I’m saying is if you’re really wanting to learn infosec then don’t start at level 42 when you’re level 5. Grind the lower levels to learn the system and how things work to get up to level 42. You’ll have a lot more respect and career possibilities if one did instead of trying to be “31337 haxor that cracks government site”.

now that out of the way, sure by all means try Kali Linux it’s a fair distro of Linux with extra tools. Just try to learn how they work and why they do then it will come naturally when something wierd shows up doing a ctf or pen test.

3 Likes

I’ve always been kinda tangentially interested in this stuff, and I know about 0%-1%

Do you know of any sites that you’d recommend to learn about this stuff?

1 Like

The first step to learning InfoSec is to learn literally everything in full depth. Once you’ve completed that, the rest will follow.

For example, you want to run ARP poisoning to MiTM some traffic. You can open a program, and hope it works, or you can understand how switches work, what tasks they are and aren’t capable of, and then from there understand when ARP poisoning will and won’t work.

What @denzuko was saying was there isn’t really a “fast path” to learn this sort of stuff, but more of a once you have the foundational knowledge required you should start picking it up pretty quickly. It’s a very interesting field in that aspect.

2 Likes

What @denzuko was saying was there isn’t really a “fast path” to learn this sort of stuff, but more of a once you have the foundational knowledge required you should start picking it up pretty quickly. It’s a very interesting field in that aspect.

Nicely put, and that’s exactly what I’m saying.

any sites that you’d recommend to learn about this stuff?

By this stuff I assume (and please do correct me on that) your meaning C Programming, Network engineering, System Administration, and the Linux Kernel?

That’s the stuff I was referring to, yes. I know that’s a really broad category, so really any links to online learning resources would be appreciated. There’s a ton out there so it’s hard to narrow down which sites have better reputations.

Like I was saying my interest in these things is mainly because my work’s network is a mess, c++ I’m mainly interested in because of Arduino etc. And I’ve been able to manage some extremely basic tasks in Linux, and that’s mainly from my raspberry pi tinkering. I’ve installed various distros on old laptops but always end up running home to mother Windows because Adobe.

1 Like

My starting point was actually installing Gentoo Linux. It’s a very manually configured distribution, so you learn quite a bit along the way. If I recall correctly, the first install took be a couple of weeks in college, and most of that was reading about all the steps I was taking in depth. If you want a good feel for what it’s like, read the section on first network setup:

https://wiki.gentoo.org/wiki/Handbook:AMD64/Installation/Networking

You would at least tick the boxes for Networking, low level hardware, reading some C, getting familiar with the linux command line and bash, choosing your favorite text editor and forming opinions on that, understanding the linux kernel and how drivers (modules) are loaded. I’m sure if you started using it as your daily driver, you’d learn a lot more.

Thanks, sounds like good advice. I’ve only ever messed with Mint, TAILS and Ubuntu.
Drivers is exactly where I hit a wall the last time I tried teaching myself Linux. I have an old netbook I used as my Linux lab rat, but I was never able to get the ethernet drivers installed.

I think I might dual boot and make Linux the default tonight to try to immerse myself, thanks for the suggestion.

I forgot a skill!

If you are planning on installing gentoo (or any other manually partitioned distro) then make sure you have a separate hard drive to install on. Physically remove your current hard drive, and install gentoo onto the new one. You’ll have far too much fun trying to figure out how to partition windows and then chainload it, and you’re likely to mess up the first time.

That’s actually what I had in mind. Not risking my windows install. It takes forever to get all my programs reinstalled.

Gentoo is great. Personally I’d go Arch Linux + Blackarch but I am being a contributor to both I’m a bit bias. For the hard core go freebsd or open solarius. They’re true UNIX systems and are more in common with Apple’s OS or Cisco’s OS than anything else.

Overall go with what you feel comfortable, spin up a virtual machine with the new system and play with that to learn it.

1 Like

not risking my windows install

Then try Vagrant + VirtualBox or VMWare. Sure it a hypervisor but its not going to effect your filesystem.

2 Likes

Created an article for tracking resources used by hackers. Feel free to contribute but keep in mind the goal isn’t to load down with a bunch of third party things or “how-tos” but articles that come from the source and teach the fundamentals at a professional level or used in everyday R&D.

1 Like

That’s the stuff I was referring to, yes. I know that’s a really broad category, so really any links to online learning resources would be appreciated. There’s a ton out there so it’s hard to narrow down which sites have better reputations.

Like I was saying my interest in these things is mainly because my work’s network is a mess, c++ I’m mainly interested in because of Arduino etc. And I’ve been able to manage some extremely basic tasks in Linux, and that’s mainly from my raspberry pi tinkering. I’ve installed various distros on old laptops but always end up running home to mother Windows because Adobe.

Ok so networking and C++, those are fairly easy items to start diving into but do take a while to learn on one’s own. Though are highly rewarding when one does.

We can easily setup a networking lab for you to learn.

Lets start off with the C++ part…

Those three links plus a good copy of Linux are going to get one started but will not hand hold you through learn it. One really does need to take a class on many of the concepts in there. Something that’s a large task for the committee at this time but can be done with the MIT online and EdX Courses.

Plus building a small set of programs in one’s own time to solve challenges they’re facing in their own systems.

Now the Networking stuff…

The Cisco lab hardware we have in storage and depending on classroom availability and demand we should be able to setup a series of sessions.

Hardware for labs

A fully stocked IT shop typically has tools for every occasion to repair anything. InfoSec, well they focus more on virtualization, networking, and servers. But hackers… now we’re a special breed. We’ll have tools for not just those to but also to build and tear apart. Be low is a good starting point for running labs or setting up a hacking shop.

Many of which are located in the Studio for general use.

Tools and equipment

Supplies

Books

Let’s hope these two threads don’t attract too much attention, or you will get our domain blocked at work for a lot of users.

Let’s hope these two threads don’t attract too much attention, or you will get our domain blocked at work for a lot of users.

Since the focus is more on professional / hobbyist that “dude how U hax b4nk” kind of stuff I’m fairly sure we will be ok in that aspect.

but the point is valid and checking our domain show our IP in two (minor) RBLs but not on the major RBLs so we’ll have to double check things on the server but overall we’re good.

For those that are not aware RBL’s are the first layer of automated
“domain blocks” used by infosec. The next is keyword and malware checks which “hacking” shows up twich but the rest of the domain doesn’t have it. So more than likely the two urls would be blocked not the domain.

C or C++ or Python? Did you ask us to learn C in general or is there any special need of C being the language of hackers?