Learning to white-hat

"Please leave a message at the beep, we will get back to you when your support contract expires."

Moderators: phlip, Prelates, Moderators General

Learning to white-hat

Postby quantumnerd » Wed Mar 09, 2011 2:27 am UTC

I'm a first year compsci student in the frozen land of Canadia. However, I rushed through high school so I don't have as much experience with computers as I would have liked. I have basic familiarity with command line file navigation and have astounded my neighbour's stepdad by opening the CONTROL PANEL in their computer. I put together my own computer, proved an existential proof with a quick script and played with Lua when I was in elementary school, but when people start talking about network hierarchy and Domain Name Servers and server software, I get lost and can't make sense of much.

One thing I'm wondering is about all the white-hats (and grey-hats and black-hats) that I see on the internet talking about how they screwed with their school's network when they were in school. I'm in university and I still don't have to chops to mess with anything. Where do you learn that kind of stuff? I don't know enough about practical networking to even figure out what's secure or not.

This occurred to me when I was reading the thread about the school compute hacking and I realized I wouldn't be able to set up my home network securely or make a webpage that wouldn't fall down like a sack of bricks after being hit by a script kiddie.
quantumnerd
 
Posts: 6
Joined: Wed Mar 09, 2011 2:19 am UTC

Re: Learning to white-hat

Postby hintss » Wed Mar 09, 2011 4:08 am UTC

what do you want to mess with?
"s/god/flying spaghetti monster/"
User avatar
hintss
 
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC

Re: Learning to white-hat

Postby ++$_ » Wed Mar 09, 2011 10:21 am UTC

First of all, make your goal "learn about computer security" rather than "learn how to break into other people's computers." Even if you are really dead-set on the second goal, you should attempt to achieve the first goal, because then you will develop a deep understanding of what you are doing instead of becoming a script kiddie.

Anyway, here's the advice I would give about how to learn about computer security. (This is pretty much how I went about doing it, except that some steps have been changed in order from the way I actually did it to the way I should have done it.)

First, learn C really well.

Learn to use Unix. (The lessons you learn are applicable to other operating systems too, but Unix provides a better environment for learning this stuff.) Reading the man pages of common commands will teach you a fair amount about how the system works. The man pages are kind of like Wikipedia, in that by reading one page you will find references to other things that you need to know. Get a book on the design of the Unix operating system (e.g. The Design of the Unix Operating System), read it, and understand it.

Go through djb's "security holes" course slides, and understand them. Where details are missing (because they're just the slides from a course, not a complete course), fill them in. (Note: I thought that the first half of the course was significantly more difficult than the second half! So you might want to skim until you get to something you can understand, and go back later.) There may be an equivalent course at your university.

Take a class in network architecture or "computer systems", if your university offers it. This will hopefully introduce you to network protocols and such things, which you expressed interest in. I found that the unix man pages had poor coverage of these topics, so I needed to supplement my knowledge from some other source.

At this point, you'll probably know enough to figure out what bits of knowledge you still need.
++$_
Mo' Money
 
Posts: 2370
Joined: Thu Nov 01, 2007 4:06 am UTC

Re: Learning to white-hat

Postby quantumnerd » Wed Mar 09, 2011 8:16 pm UTC

Sorry for phrasing my question wrong- I just want to learn the techniques. Not trying to break everything I touch (I do that well enough in the physical world by accident).

Thanks for the tips!

P.S. "(Warning: you need about 32MB of disk space free.)" LOL 32MB
quantumnerd
 
Posts: 6
Joined: Wed Mar 09, 2011 2:19 am UTC

Re: Learning to white-hat

Postby Kromix » Wed Mar 09, 2011 10:10 pm UTC

[quote="quantumnerd"] I just want to learn the techniques./quote]


what good are techniques if you can't understand what each technique does or why it does it...

i could write a long list on how to infiltrate a network and break into a computer, but that would only be into specific networks and computers with specific security holes. in order to "master" or be efficient into "hatting" you need the understand the what/when/why/and hows of computers and networking. else you are a script kiddie and therefore, loose all respect.

PS: no im not writing you a script or a list detailing break-ins. i only use them to test my networks and people that pay me to test their networks.


read the whole site and every link, its some of the basics but not enough to hat arround :) . http://learn-networking.com/
Image
Click Me! <---- Click There! :)
Spoiler:
Image
User avatar
Kromix
 
Posts: 289
Joined: Thu Mar 25, 2010 7:26 pm UTC
Location: DFW, Great State of Texas

Re: Learning to white-hat

Postby _Axle_ » Wed Mar 09, 2011 10:24 pm UTC

Don't rule out Social Engineering as well, for a way to compromise a system.
Yakk wrote:Computer Science is to Programming as Materials Physics is to Structural Engineering.
_Axle_
 
Posts: 253
Joined: Fri Sep 24, 2010 7:33 pm UTC

Re: Learning to white-hat

Postby hintss » Thu Mar 10, 2011 12:15 am UTC

_Axle_ wrote:Don't rule out Social Engineering as well, for a way to compromise a system.

This is especially true. Get good at lying.

also, if you break everything IRL, are you sure you're not my clone/twin?
"s/god/flying spaghetti monster/"
User avatar
hintss
 
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC

Re: Learning to white-hat

Postby quantumnerd » Thu Mar 10, 2011 4:15 am UTC

Well for testing my own private network, a social engineering attack would be... erm... of interest to my psychologist.

And when I said I want to learn the techniques, I'm actually really interested in the fundamental principles because I can generalize them to other things I do. EG: if I'm coding a game, I know that the same things that would make any computer a target would also make a dedicated server a target and adjust the code accordingly. Thanks for the articles, I'll be sure to research them to death- like Gordon Freeman.

Edit: if I were your twin, you'd like sci-fi games where everything glows menacingly out of sharp hulls. Do ya?
quantumnerd
 
Posts: 6
Joined: Wed Mar 09, 2011 2:19 am UTC

Re: Learning to white-hat

Postby hintss » Thu Mar 10, 2011 8:27 am UTC

quantumnerd wrote:Well for testing my own private network, a social engineering attack would be... erm... of interest to my psychologist.

And when I said I want to learn the techniques, I'm actually really interested in the fundamental principles because I can generalize them to other things I do. EG: if I'm coding a game, I know that the same things that would make any computer a target would also make a dedicated server a target and adjust the code accordingly. Thanks for the articles, I'll be sure to research them to death- like Gordon Freeman.

Edit: if I were your twin, you'd like sci-fi games where everything glows menacingly out of sharp hulls. Do ya?

yes, actually.

especially if it is glowing red, blue, or green
"s/god/flying spaghetti monster/"
User avatar
hintss
 
Posts: 1294
Joined: Wed Nov 25, 2009 7:19 am UTC

Re: Learning to white-hat

Postby quantumnerd » Thu Mar 10, 2011 4:03 pm UTC

Wow. So you must have a Steam account, right? Add me on steam: QuantumNerd
quantumnerd
 
Posts: 6
Joined: Wed Mar 09, 2011 2:19 am UTC

Re: Learning to white-hat

Postby yawningdog » Mon Mar 14, 2011 3:19 pm UTC

I recommend the book "The art of Intrusion". What I learned from that book is that hacking is a lot like Jeet Kune Do. The best hackers do not maintain a repertoire of techniques and use the ones that work. The best hackers seek to understand how the machine works and develop the technique that works for that particular situation.

My steam ID is "Captain Smollett"
"I fear not the man who has practiced ten thousand kicks once. But I fear the man who has practiced one kick ten thousand times."
- Bruce Lee
yawningdog
 
Posts: 71
Joined: Fri Feb 25, 2011 7:00 pm UTC
Location: Glen Allen, Virginia

Re: Learning to white-hat

Postby c0smic » Thu Mar 17, 2011 4:52 am UTC

_Axle_ wrote:Don't rule out Social Engineering as well, for a way to compromise a system.

I really agree with this, social engineering is a very important skill that most people don't give a second thought about. If you get good at it, you can bypass all the technological filters and get right to the information with a few phone calls.

What I'd suggest is like what other's have suggested, is pick up a book on what you want to learn. "The Art of Intrusion" is a good one, or Kevin Mitnick has some books out on social engineering. Learning C and other languages is very important if you want to understand networks more as well.

http://www.2600.com/ This is a great magazine. 2600 comes every season packed with great articles and techniques and stories on things on the white & black hat side of things. Available in eBook and Paper format.

The HOPE Conference is a yearly event which has many great talks on all subjects in the hacking/computer community. Here's the complete list of talks from the last HOPE. - http://thenexthope.org/talks-list/

My Steam ID ^^: c0smic6
User avatar
c0smic
 
Posts: 27
Joined: Fri Mar 11, 2011 5:22 pm UTC

Re: Learning to white-hat

Postby spedione » Fri Mar 18, 2011 2:52 am UTC

For Social Engineering, go read "The Art of Deception", by Kevin Mitnick (Also mentioned by c0smic).
spedione
 
Posts: 51
Joined: Wed Dec 02, 2009 11:16 pm UTC

Re: Learning to white-hat

Postby naschilling » Wed Apr 06, 2011 4:46 pm UTC

For years, I've been trying to convince my school that they need to add a new course to the CS curriculum: Defense Against the Dark Arts. While I may very well get sued by J.K. Rowling for stating that, the idea she put forth is solid. One can only properly defend against an enemy by knowing what an enemy may bring to fight with. This is an idea as ancient as Sun Tzu's "Art of War" and it is every bit as truthful today as it was then.

Social Engineering is a powerful tool for attacking a specific target, but it serves no educational purpose. You would be best served learning what telnet is and how to use telnet for basic web-based operations. For instance, use telnet to fetch a web page. Using C to write your own telnet clone would be educational as well.
Code: Select all
$ telnet google.com 80
GET / HTTP/1.1
Host: google.com


(Note: The the empty line at the end IS significant.)

Once you begin to understand simple cases, configure an Apache server locally and learn basic PHP code to demonstrate your knowledge with. Cookies, Post data, and Get variables are the heart of most web-based vulnerabilities. A simple web page like below would help you learn Cookies, Get variables, and Post data and how to manipulate them from telnet.
Code: Select all
<?php
echo 'GET Variables: ';
print_r($_GET);
echo PHP_EOL . 'POST Data: ';
print_r($_POST);
echo PHP_EOL . 'COOKIES: ';
print_r($_COOKIE);
?>
User avatar
naschilling
 
Posts: 142
Joined: Wed Apr 06, 2011 2:52 pm UTC


Return to The Help Desk

Who is online

Users browsing this forum: No registered users and 4 guests