How does one get into ethical hacking? Do i watch a series on YouTube to get the basic then experiment on my own? Where should I start? I don’t want to do it as a job or anything like that. I want to get the Ethical Hacking Cert and I want to know the basic and treat it like a hobby for the time being. i think it sounds like a great way to practice and get a deep understanding of Networking and programming as well as refine my skill set. I do not intend at the moment to make it into a job, just as something that looks good to employers.
I want to get the the point later on where I have enough knowledge where I could make it into a job, from my understanding it is a very competitive to get a real job in, but I think it would be fun.
Let me know where to start I am very interested in it, i have been for a few months, just havent had time till now to pick up a new project/skill.
I freakin love this forum,
Heard about it a few months ago, such a great source of knowledge.
And it does pay to sign up even if you a lurker.
Though in an attempt to answer your question more specifically, what area are you interested in? (i.e. Reverse engineering, NetSec, pentesting (if so, at wut scale?), etc)
Not really sure, a bit of everything at the moment. It all seems fun to learn about. I was thinking of looking what all is on the EHC and starting with that. so i guess pentesting
I would say one of 2 things works best
1: dumster diving, get 3-5 machines set them up in different situations and network them
2: Have one good server(or even desktop) and virtualize the above machines and network gear
Then, break in! Start with older more vulnerable versions of programs and OS’s and once you understand the basics then try to break into newer and newer systems
Pentesting is probably the easiest way to get your feet wet.
0x00sec has quite a bit on that
But the best way to start imho is with something like what @RotaryWombat suggested with, if your just starting out, Kali Linux.
Yes that makes you only a little more than a straight up skid but if you get comfortable with the tools that shows a certain understanding of what works when and how, after that exposure, you’ll have a basic understanding of terms and structure, protocols and all that good stuff, after that you’ll have a better idea of what you want to do and the avenue for such learning will open up for you. note this “feeling around” stage should only last for maybe a month or two
IMO the ram is perfect, the CPU might need some work later down the line for a few reasons:
its only got 4 cores 8 threads. for basic stuff like 1 client, 1 server and some network stuff thats fine but once you scale it up to like 2-3 clients + server + router/switch/firewall youll run into bottlenecking issues very quickly. You could always tack on more physical clients but im not sure if its an elegant solution in the long run.
2: desktop grade CPU’s sometimes can be lacking in server-based features/management department. vPRO for example doesnt exist on the 4790K, and vPRO is used for low level IT management and threat detection/protection(oversimplified, but you get the point). Since most of these pentests generally are targetted towards servers/networks themselves as an end goal, may as well replicate the hardware as closely as possible.
3: desktop based chips are designed more for single-threaded applications and speed in mind. server chips are degisned for multi-thread heavy load operations and accuracy, so a lower end xeon can sometimes outperform a desktop flagship.
Don’t get me wrong, for a starter setup youll be fine. Older systems need less resources, thus are less taxing and can handle it better, but scaling up to more modern applications will quickly start to tax the CPU.
If youre really dedicated to this, i’d recommend selling off the mobo/CPU for something more server oriented, like a higher core count E5 xeon and a server oriented board(maybe even dual socket?). You’ll get a lot more money’s worth that way, and you can always reuse that hardware for yourself later. Lots more flexibility for pentesting since now you can also experiment with low level server management/security features that arent always present on desktop chips.
Alternatively, buy a retired server and setup all virtual servers and networks on it and use the desktop hardware you have to setup a VM for only client-type/end-user machines(since most business/client machines generally use typical consumer parts anyways itll be a more natural setup). This setup would even more closely emulate a real world setup. Throw a few NIC’s into both machines, give each VM a port or 2, hookup some ethernet cables and off you go.
I may get a few old retired servers and go that route, it seems like it would be the most like a real environment and the PC i have now is mostly for gaming so do not really want to sale it at the moment.
Not a bad option, but if power is expensive in your area then consider one high end server to handle all VM stuff in it. less physical space, more consolidated, and tonnes of room for performance, and generally more power efficient overall. Multiple smaller servers is nice too if theyre cheap, but they do use more space and can consume more power overall.
Fair point. As i’ve said, for just a small client-network-server type VM structure your hardware will handle it fine, but once you feel comfortable with scaling up then absolutely consider used server hardware.
Do a quick google search in your area for electronics surplus shops or business liquidation type warehouses. These places usually have servers laying around and dont mind selling it off for not too much money. Governments, organizations and businesses also like to throw away or auction off old server hardware every now and then so be on the lookout. These can be super useful for cheapo hardware. Electronics Recycling centers also tend to have lots of stuff, though do beware that their stuff doesnt always work and sometimes you cant buy from them. Used Mac Pro towers also make excellent cheap servers and can offer lots of flexibility. check the above places for these as well.
Will keep a look out for cheep servers i think there is a eletonics surplus store shop not to far from me will check there, how old is to old? like DDR2ish would be my guess as much to old.
I would argue that a pimped out DDR2 based rig would be as old as you’d want to go. They can be had for very cheap, and honestly dual socket board, two quad/hex core xeons and 32GB of cheap ecc ddr2 ram and you should be set for a while. Bear in mind used server parts can be very cheap so sometimes getting a low end ddr3-type rig and adding a few parts manually could be a cheaper option.
All in all it depends what your area has. My area is useless so i rely on ebay and local classifieds but yours might be different
I may have to go to ebay as well, but I do know of one shop (if it is still open) that may have something about like what I need. And yeah used server stuff is a lot cheaper than I thought it would be. I may get one around the holidays (school and stuff gonna take a good bit of time to out grow the desktop).