8 Nisan 2014 Salı

How to Become a Hacker (Everything that the hacker know now you know)

Learning to become hacker is not as easy as learning to become a software developer. I realized this when I started looking for learning resources for simple hacking people do. Even to start doing the simplest hack on own, a hacker requires to have in depth knowledge of multiple topics. Some people recommend minimum knowledge of few programming languages like C, Python, HTML with Unix operating system concepts and networking knowledge is required to start learning hacking techniques. 

Though knowing a lot of things is required, it is not really enough for you to be a competent and successful hacker. You must have a passion and positive attitude towards problem solving. The security softwares are constantly evolving and therefore you must keep learning new things with a really fast pace.

If you are thinking about ethical hacking as a career option, you may need to be prepared for a lot of hard/smart work. I hope these free resources will help you speed up on your learning. If you decide you pursue ethical hacking as a career option, you may also want to read some in depth ethical hacking books

A lot of people (including me before doing research for this article) think that they can become a hacker using some free hacking tools available on web. Its true that some common types of hacking can be easily done with help of tools, however doing it does not really make you a hacker. A true hacker is the one who can find a vulnerability and develop a tool to exploit and/or demonstrate it.

Hacking is not only about knowing "how things work", but its about knowing "why things work that way" and "how can we challenge it". 

Below are some really useful hacking tutorials and resources you may want to explore in your journey of learning to hack

Hacking For Dummies - Beginners Tutorials

These tutorials are not really simple for anyone who is just starting to learn hacking techniques. However, these should be simple starting point for you. I am sure you have different opinion about complexity of each tutorial however advanced hacker are going to be calling this a job of script kiddie (beginner hacker). Even to acquire the skills of a script kiddie you need to have good understanding of computer fundamentals and programming.
  1. Hacking Tutorials for Beginners - By BreakTheSecurity.com
  2. How to learn Ethical hacking - By Astalavista.com
  3. Penetration Testing Tutorial - By Guru99.com
  4. Backtrack Penetration Testing Tutorial
  5. Introduction to Penetration Testing
  6. Information Gathering with Nmap
  7. Simple How To Articles By Open Web Application Security
  8. The Six Dumbest Ideas in Computer Security
  9. Secure Design Principles
  10. 10 steps to secure software

Cryptography Related Tutorials

Cryptography is must know topic for any aspiring security professional or a ethical hacker. You must understand how encryption and decryption is done. You must understand why some of the old encryption techniques do not work in modern computing world.

This is a important area and a lot of software programmers and professional do not understand it very well. Learning cryptography involves a lot of good understanding of mathematics, this means you also need to have good fundamentals on discrete mathematics. 
  1. Introduction to Public Key Cryptography
  2. Crypto Tutorial
  3. Introduction to Cryptography
  4. An Overview of Cryptography
  5. Cryptography Tutorials - Herong's Tutorial Examples
  6. The Crypto Tutorial - Learn How to Keep Secret Secret
  7. Introduction to cryptology, Part 1: Basic Cryptology Concepts

Websites For Security Related Articles And News

These are some websites, that you may find useful to find hacking related resources and articles. A lot of simple tricks and tips are available for experimenting through these sites for improving yourself to become advanced hacker.

In recent years, many people are aspiring to learn how to hack. With growing interest in this area, a lot of different types of hacking practices are evolving. With popularity of social networks many people have inclined towards vulnerability in various social networks like facebook, twitter, and myspace etc. 

Continuous learning about latest security issues, news and vulnerability reports are really important for any hacker or a security professional. Some of the sites that keep publishing informative articles and news are listed here. 
  1. http://www.astalavista.com/
  2. http://packetstormsecurity.com/
  3. http://www.blackhat.com/
  4. http://www.metasploit.com/
  5. http://sectools.org/
  6. http://www.2600.com/
  7. DEF CON - Hacking conference
  8. http://www.breakthesecurity.com/
  9. http://www.hacking-tutorial.com/
  10. http://www.evilzone.org/
  11. http://hackaday.com/
  12. http://www.hitb.org/
  13. http://www.hackthissite.org/
  14. http://pentestmag.com
  15. http://www.securitytube.net/
  16. https://www.ssllabs.com/

EBooks And Whitepapers

Some of the research papers by security experts and gurus can provide you a lot of information and inspiration. White papers can be really difficult to read and understand therefore you may need to read them multiple times. Once you understand the topic well, reading will become much faster and you will be able to skim through a lot content in less time.
  1. Handbook of Applied Cryptography - This ebook contains some free chapter from one of the popular cryptography books. The full book is also available on amazon at Cryptography Book.
  2. Network Penetration testing Guide
  3. How to hack anything in Java
  4. Mcafee on iPhone and iPad Security
  5. A Good Collection of White papers on security and vulnerabilities - This site contains collection of white papers from different sources and some of these white papers are really worth referring.
  6. Engineering Principles for Information Technology Security
  7. Basic Principles Of Information Protection
  8. Open Web Application Security Project - OWASP is one of the most popular sites that contains web application security related information .

Videos & Play Lists

Those who like to watch video tutorials, here are few I liked. However there are many small video available on youtube. Feel free to explore more and share with us if you like something.
  1. Cryptography Course By Dan Boneh Stanford University
  2. Open Security Training- Youtube Playlist of More than 90 hours. I have found this to be the biggest free training available for security related topic.
  3. OWASP AppSec USA 2011: Youtube Playlist containing compilation of OWASP conference highlight in 2011.
  4. Defcon: How I Met your Girlfriend - Defcon is one of the most popular hacker conference. The presenters in this conference are well know inside the hacking industry.
  5. Defcon: What happens when you steal a hackers computer
  6. Defcon: Nmap: Scanning the Internet
  7. Public Key Cryptography: Diffie-Hellman Key Exchange
  8. Web application Pen testing
  9. Intro to Scanning Nmap, Hping, Amap, TCPDump, Metasploit

Forums For Hackers And Security Professionals

Just like any other area, forums are really great help for learning from other experts. Hundreds of security experts and ethical/non-ethical hackers are willing to share their knowledge on forums for some reason. Please keep in mind to do enough research before post a question and be polite to people who take time to answer your question. 
  1. Stackoverflow for security professionals
  2. http://darksat.x47.net/
  3. http://forums.securityinfowatch.com/
  4. http://forums.cnet.com/spyware-viruses-security-forum/
  5. http://www.hackforums.net/forumdisplay.php?fid=47

Vulnerability Databases And Resources

Vulnerability Databases are the first place to start your day as a security professional. Any new vulnerability detection is generally available through the public vulnerability databases. These databases are a big source of information for hackers to be able to understand and exploit/avoid/fix the vulnerability. 
  1. http://www.exploit-db.com/
  2. http://1337day.com/
  3. http://securityvulns.com/
  4. http://www.securityfocus.com/
  5. http://www.osvdb.org/
  6. http://www.securiteam.com/
  7. http://secunia.com/advisories/
  8. http://insecure.org/sploits_all.html
  9. http://zerodayinitiative.com/advisories/published/
  10. http://nmrc.org/pub/index.html
  11. http://web.nvd.nist.gov
  12. http://www.vupen.com/english/security-advisories/
  13. http://www.vupen.com/blog/
  14. http://cvedetails.com/
  15. http://www.rapid7.com/vulndb/index.jsp
  16. http://oval.mitre.org/

Product Specific Vulnerability Information

Some of the very popular products in the world require a special attention and therefore you may want to look at the specific security websites directly from vendors. I have kept Linux. Microsoft and apache in this list, however it may apply to any product you may be heavily using. 
  1. Red Hat Security and other updates Site
  2. Microsoft Products Security Bulletin
  3. Apache Foundation Products Security Repository
  4. Ubunut Software Security Center
  5. Linux Security Repository

Tools And Programs For Hacking / Security

There are dozens of tools available for doing different types of hacking and tests. Tools are really important to become more productive at your work. Some of the very common tools that are used by hackers are listed here. You may have different choice of tools based on your own comfort.
  1. nmap
  2. NSS
  3. Hping
  4. TCPDump
  5. Metasploit
  6. Wireshark
  7. Network Stuff
  8. Nikto

Summary

I have tried to compile some of these resources for my own reference for the journey of learning I am going to start. I am not even at a beginner level of becoming hacker but the knowledge of this field really fascinates me and keeps me motivated for learning more and more. I hope will be able to become successful in this.

A lot of people use their knowledge skills for breaking stuff and stealing. I personally think that doing harm to someone is a weak choice and will not have a good ending. I would recommend not to use your skills for any un-ethical endeavor. A single misuse of your skill may jeopardize your career since most companies do a strict third party background check before they hire a ethical hacker or a security personal. 

There are dozens of companies looking for ethical hackers and security professionals. There are really good number of opportunities in this area and its really niche compensation segment. You will be easily able to get a decent job without even acquiring all the expert level skills to become a pro hacker.
You Also try hack so make perfect in Android Category because  when you out of house you have no laptop (your heart ) ,you learn android and the show is must go on.

Hiç yorum yok:

Yorum Gönder