Starter resources for white hat/grey hat hacker skills?
August 30, 2004 12:15 PM Subscribe
I'd like to learn some white hat/grey hat hacker (as in cracker) skills. I'm interested in focusing on Windows systems and possibly web mail, as I think knowledge in these areas would probably be the most marketable. What's a good resource to pick up the basics? What are some good websites to follow the discovery and status of vulnerabilities?
There's always BugTraq
As far as the basics go, there's a myriad of hacker books (aka network security books) out there now, like the Hacking Exposed series.
posted by falconred at 1:32 PM on August 30, 2004
As far as the basics go, there's a myriad of hacker books (aka network security books) out there now, like the Hacking Exposed series.
posted by falconred at 1:32 PM on August 30, 2004
The O'Reilly book "Security Warrior" is not a bad overview. You can purchase it or easily find it ripped online.
posted by sonofsamiam at 2:38 PM on August 30, 2004
posted by sonofsamiam at 2:38 PM on August 30, 2004
Proper hacking, including security hacking, is more a way of thinking than any particular set of skills. While it's a good idea to keep up with bugtraq and the latest and greatest news, and a flip through a book or two will help, them thar book larnin' ain't gonna getcha very far if you want to be marketable.
A serious sercurity professional with a hacker mindset works from the bottom up: you need a good, solid understanding of IP, the TCP protocol, how it is implemented on the target platforms, a fair grounding in system internals as well as library components (a fair number of Windows holes aren't in the Windows OS proper, but in the swarm of userspace DLLs that accompany it), a deep and innate grasp of application level protocols (for Windows, you should get to know the RPC system, HTTP, and the name & file services protocols), and at least a good handle on the process memory model (since buffer overflows are the cheap and easy way in).
A book'll give you an overview of this stuff, but security folks who know what bugtraq and a couple of O'Reilly books can tell you are a dime a dozen. I work around some of these folks, and frankly, they're clowns; I deal with auditors who can blather in excruciating detail over what @stake WebProxy told them about an application, but don't know jack shit about HTTP or what the difference between an app server and web server is.
If you really want to understand security and implementation, you need to get in there and know the guts of the system. Learn Win16 and Win32. Get a handle on how the NT kernel works. Discover some of the dark, weird corners of NTFS. Learn about IIS and how it's assembled from its components. Take apart the applications you'd like to hack -- tinker, dammit, instead of reading!
Get familiar with VMWare, and set up systems you can fiddle with. Get Bochs and learn for yourself why that's a better analysis tool. Play with protocol analyzers and sniffers. Good grief, get your hands dirty and experiment!
posted by majick at 6:35 PM on August 30, 2004
A serious sercurity professional with a hacker mindset works from the bottom up: you need a good, solid understanding of IP, the TCP protocol, how it is implemented on the target platforms, a fair grounding in system internals as well as library components (a fair number of Windows holes aren't in the Windows OS proper, but in the swarm of userspace DLLs that accompany it), a deep and innate grasp of application level protocols (for Windows, you should get to know the RPC system, HTTP, and the name & file services protocols), and at least a good handle on the process memory model (since buffer overflows are the cheap and easy way in).
A book'll give you an overview of this stuff, but security folks who know what bugtraq and a couple of O'Reilly books can tell you are a dime a dozen. I work around some of these folks, and frankly, they're clowns; I deal with auditors who can blather in excruciating detail over what @stake WebProxy told them about an application, but don't know jack shit about HTTP or what the difference between an app server and web server is.
If you really want to understand security and implementation, you need to get in there and know the guts of the system. Learn Win16 and Win32. Get a handle on how the NT kernel works. Discover some of the dark, weird corners of NTFS. Learn about IIS and how it's assembled from its components. Take apart the applications you'd like to hack -- tinker, dammit, instead of reading!
Get familiar with VMWare, and set up systems you can fiddle with. Get Bochs and learn for yourself why that's a better analysis tool. Play with protocol analyzers and sniffers. Good grief, get your hands dirty and experiment!
posted by majick at 6:35 PM on August 30, 2004
And for us clueless folks just starting out, there's the Metasploit Project.
posted by yerfatma at 5:02 AM on August 31, 2004
posted by yerfatma at 5:02 AM on August 31, 2004
Like majick said, it is a way of thinking.
To whet: try2hack.
posted by pedantic at 9:08 AM on August 31, 2004
To whet: try2hack.
posted by pedantic at 9:08 AM on August 31, 2004
This thread is closed to new comments.
posted by dodgygeezer at 12:21 PM on August 30, 2004