Ethical hacking

[LinuxLover69]

Hello fellow human, i want to learn ethical hacking, can someone of you help me or advise me which tutorial have to follow.

(I by the way know how to type python.)

[Tan3l6]

I'm not a hacker but it probably begins by defining what are you trying to hack? Networks, copy-protection, wood?

 

[Vishera]

Finding vulnerabilities and reporting them to the developer is a typical white hat work.

Just don't do grey or black stuff.

Practice on your own devices/accounts and never target something that belong to someone else.

[Radium_Angel]

15 minutes ago, LinuxLover69 said:

ethical hacking

"Give me 14 lines written by the most honest of men

and I shall find something (within) to hang them" - supposedly attributed to to Torquemada.

 

While you might call it "ethical hacking" the target might very well decide it's "cyber terrorism" and react accordingly.

Tread lightly...for you walk among Dragons.

[sub68]

umm is this agents cs?

[Lurick]

44 minutes ago, Radium_Angel said:

"Give me 14 lines written by the most honest of men

and I shall find something (within) to hang them" - supposedly attributed to to Torquemada.

 

While you might call it "ethical hacking" the target might very well decide it's "cyber terrorism" and react accordingly.

Tread lightly...for you walk among Dragons.

It depends on how you go about it. There are companies out there that do nothing but pen testing and other companies will hire them to give their network a roundhouse kick for example. They (the hired company) will report the vulnerabilities they find to the paying company and the hiring company might or might not let others in the company (ie the ops teams) know it's coming to see how they react to different scenarios.

Another way is to offer services and get hired for internal testing by a company to either develop pen testing tools or to attack and try to break/test their equipment before it hits production and customers find these issues.

[WkdPaul]

* thread cleaned *

 

If you're not interested in giving an answer, then don't reply and move on.

[Radium_Angel]

3 hours ago, Lurick said:

There are companies out there that do nothing but pen testing and other companies

The key word there is "companies".

Not "individuals"

Hence the line about being careful how you tread

OP needs to get onboard with these folk, I hear they are very good with this sort of thing.

 

[piratemonkey]

I'd say, look at Hacker1's material. That's a good jumping off point. Go down a youtube rabbit hole. Learn dorking. And don't try to learn all attacks at the same time. Start with one, learn it, execute it, report it and continue on. XSS (cross site scripting) would probably be the most useful; RCE (remote code execution) for the big bucks, as they're almost always critical. Oh and, make sure you know basic HTML and JS, and maybe some python

[WkdPaul]

Hak5 is a good source of knowledge and tools for sys admins and pen tester, highly recommended to anyone interested in security in general.

[LAwLz]

Check out NextGenHacker101 on Youtube. He got some interesting tutorials like how to find someone's IP and connection speed.

It should be right up your alley. It's how I got started on my career in network security. The video is a little old at this point but it still works the same. The basics of cyber security doesn't really change.

 

 

[viking_power]

Ec council has an ethical hacker cert

 

https://www.eccouncil.org/

[AngryBeaver]

This is a hard one to answer. It depends on what level you want to operate. Are you wanting to just run a few programs to scan and look for vulnerabilities or are you wanting to craft your own so you can operate at a higher level.

 

Then it comes down of your understanding of the entire process. You will need to know how to code/script, how multiple OSs operate and their inherent weaknesses, you need to understand networking in great detail, then understand how a pc/server works and the function of all the components.

 

When you go into the infosec space you pretty much need to understand the entire IT umbrella. I mean sure you can get away with little knowledge and just run pre-built vuln scanning software, but you won't move much farther than entry level.

 

As for resources... they are everywhere many or them free. The problem is unless you can understand everything they are covering you won't get much... so it is best to start with your basic Comptia areas like A+, Network+, and Security+.. from there I would dive into understanding how programming works (writing basic programs, scripting, how to harden code, etc)

 

Now for the final and most important peice. When testing do it in a secure way and make sure none of your traffic is escaping your local network. Then if you do find someone to pentest make are you have your documentation in order... there needs to be clear and concise ROE(Rules of Engagement) with a defined scope. This is the most important peice, because without it you are literally a criminal.