Top question I got from my previous post is "How can I get into your line of work?"
Ah. Bet you thought I was going to teach you how to hack your boyfriend's Facebook. *hand slap*. I can't tell you how many times I've heard "Can you show me how to hack Facebook?" after telling people I work in network security.
Your job as a white-hat hacker is to protect information. You're not the hacker Gotham wants. You're the hacker that Gotham needs.
If you do wrong, there's a laundry list of criminal charges that can come your way. Not to mention you can't get or keep CISSP certification if you have a criminal record.
Ah. Bet you thought I was going to teach you how to hack your boyfriend's Facebook. *hand slap*. I can't tell you how many times I've heard "Can you show me how to hack Facebook?" after telling people I work in network security.
Your job as a white-hat hacker is to protect information. You're not the hacker Gotham wants. You're the hacker that Gotham needs.
If you do wrong, there's a laundry list of criminal charges that can come your way. Not to mention you can't get or keep CISSP certification if you have a criminal record.
Learn how to nmap
I briefly debated about making this my first real point. Learning Windows domains is also very important as 90% of the networks you will attack will be Windows.
Computers on networks--including the Internet--listen for connections. Ports are usually very common to an application. For instance, every time you come to imgur, your computer opens a remote port 80 connection to imgur. Almost all websites use port 80 for HTTP. Open ports is really where all external vulnerabilities are.
Nmap will scan a host on a network or the Internet and tell you what ports are open. It can also try to identify the version of the software that is running on the other end. You can use these version numbers to search for vulnerabilities. Launch the appropriate attack and you're in.
Domains? How do they work?
It's important to learn how domains work. Start out by learning how Windows domains work specifically. 90% of targets will be Windows domains. Please don't get me wrong: I love *nix/bsd domains.
The crown jewel of hacking is getting the domain administrator or root login. Once you've got that, you've won. You have full control over the domain and all hosts attached. You can install printers, delete files, look through anyone's files, emails, delete users, etc. As an administrator you're always trying to protect this user most of all.
Even though you have domain admin, you still have to check for all vulnerabilities and report them to the client.
Getting started
The best way to get started is to build up your confidence by exploiting some very easy vulnerabilities.
I recommend two things:
First: Install Damn Vulnerable Web App. There are instructional videos online about how exploit its many vulnerabilities.
Second: Install a very old and unpatched version of Windows XP to a Virtual Machine and try to exploit the ms08-067 bug. This is one of the worst bugs ever found in Windows. Exploiting it can give you a remote shell. Back in the 2k0* years, Windows admins didn't like updating the software on the systems. They were considered to be "stable" and hard to update. Nowadays, Windows systems are very good at updating themselves even in a network with thousands of systems. For this reason, most dangerous bugs are patched as soon as they're discovered.
Tools of the trade
To exploit the ms08-067 bug, you can use metasploit. It's got a small learning curve but stick with it and you'll quickly understand what you're doing.
I also highly recommend Canvas and Nessus which are commercial tools that are very expensive.
What is in a packet? That which we call a rose.
Knowing what's happening over the ports on the network or Internet can really open your eyes. Seeing how a protocol works first hand will open your eyes to what's going on in the background. This knowledge is important.
This is called Wireshark and it shows you the data that's going over the network and allows you to inspect it.
Many sites, like Facebook, send their information in plain text so you could see things like Facebook messages as they go through the network.
Go legit
Just like Jim Jefferies, you'll eventually want to be considered a professional.
First get a job: Make sure you have a really great resume that's padded with some practical experience like DVWA, Wireshark, metasploit, and nmap. I got my job because I had a programming diploma and some nmap/metasploit/wireshark experience. I was largely inexperienced at hacking when I first started.
Second: Get five years of experience and write the CISSP. CISSP teaches you lots of great things. In fact, if you just read this book, you should be a somewhat proficient security specialist.
