#
1. Learn TCP/IP, Basic Information
gathering, Proxies, Socks, SSL, VPN,
VPS, RDP, FTP, POP3, SMTP, Telnet,
SSH.
2. Learn Linux, Unix, Windows -
You can do this using vmware or
any virtual desktop utility.
3. Learn a programming language
that's compatible with all OS - Perl,
Python, C, ASM
4. Learn HTML, PHP, Javascript, ASP,
XML, SQL, XSS, SQLI, RFI, LFI
5. Learn Reverse engineering and
crack some programs for serials
easy ones like mirc, winzip, winrar
or old games.
6. Code a fuzzer for common
protocols - ftp, pop3, 80, 8080 -
Pick some free software like ftp
server, mail server, apache or iis
webserver or a webserver all-in-
one pack, or teamspeak, ventrilo,
mumble.
7. Code a tool that uses grep to
sort out unique code in source
codes.
8. Make a custom IPtable, IPsec
firewall that blocks all incoming
traffic and out going traffic and
add filters to accept certain ports
that your software or scripts use.
9. Pick a kernel in linux or unix,
also pick a Microsoft OS version
lets say Winxp pro sp2 put them
on the virtual desktops (vmware)
and find and code a new local
exploit in those versions, then
install a Apache webserver on the
Linux/ Unix and a IIS webserver
on the winxp pro and attempt to
find and code a new local reverse_
tcp_shell exploit.
10. Learn Cisco Router and Switch
configuration and setup.
11. Learn Checkpoint Setup and
Config
12. Learn Wifi scanning, cracking,
sniffing.
13. Pick a person in you
phonebook for the area code you
live in or city then ring the person
on a anonymous line like skype or
a payphone or a carded sim and
attempt to social engineer the
person for his name, address,
data of birth, city born, country
born, ISP connected with, Phone
company connected with, What
bank he/she uses and anything
else you can get. Then Attempt to
ring using a spoof caller ID
software with the person's phone
number - call the ISP and try reset
the password to his/her internet
connection/ web-mail, get access
to bank account or ask them to
send out a new *** to a new
address (drop) with a new pin,
reset of phone company
passwords.
14. Use your information
gathering skills to get all the
information off a website like a
shop then use the spoof caller-id
software or hack your phone to
show a new number of the
Webserver's Tech Support
number then ring the shop owner
and try get the shop site
password.
15. Do the same thing but attempt
to use a web attack against a site
or shop to gain admin access.
16. Once got access upload a shell
and attempt to exploit the server
to gain root using a exploit you
coded not someone else s exploit.
17. Make your own Linux Distro
18. Use your own Linux Distro or
use a vanilla Linux gnome (not
kde) keep it with not much
graphics so you can learn how to
depend on the terminal and start
from scratch install applications
that you will only need for a
blackbox (Security test box), make
folders for fuzzers, exploits,
scanners..etc Then load them up
with your own scripts and other
tools ( By this stage you shouldn't
need to depend on other peoples
scripts).
19. Learn macosx and attempt to
gain access to a Macosx box
whether it be your own or
someone's else.
20. Create a secure home network
and secure your own systems
with your own Security policies
and firewall settings.
All this isn't a over night learning
it will take a nice 3 - 4 years to
learn a bit of this 5+ years to learn
most of it and even then you may
need time to keep learn as IT
keeps changing ever day.
As long as your dedicated to
learning you won't have any
problems and if you learn all that
you should easy get a job in any
company if you show proof that
you can do these things (print out
scripts that you made or put on
disc) to show the companies.
1. Learn TCP/IP, Basic Information
gathering, Proxies, Socks, SSL, VPN,
VPS, RDP, FTP, POP3, SMTP, Telnet,
SSH.
2. Learn Linux, Unix, Windows -
You can do this using vmware or
any virtual desktop utility.
3. Learn a programming language
that's compatible with all OS - Perl,
Python, C, ASM
4. Learn HTML, PHP, Javascript, ASP,
XML, SQL, XSS, SQLI, RFI, LFI
5. Learn Reverse engineering and
crack some programs for serials
easy ones like mirc, winzip, winrar
or old games.
6. Code a fuzzer for common
protocols - ftp, pop3, 80, 8080 -
Pick some free software like ftp
server, mail server, apache or iis
webserver or a webserver all-in-
one pack, or teamspeak, ventrilo,
mumble.
7. Code a tool that uses grep to
sort out unique code in source
codes.
8. Make a custom IPtable, IPsec
firewall that blocks all incoming
traffic and out going traffic and
add filters to accept certain ports
that your software or scripts use.
9. Pick a kernel in linux or unix,
also pick a Microsoft OS version
lets say Winxp pro sp2 put them
on the virtual desktops (vmware)
and find and code a new local
exploit in those versions, then
install a Apache webserver on the
Linux/ Unix and a IIS webserver
on the winxp pro and attempt to
find and code a new local reverse_
tcp_shell exploit.
10. Learn Cisco Router and Switch
configuration and setup.
11. Learn Checkpoint Setup and
Config
12. Learn Wifi scanning, cracking,
sniffing.
13. Pick a person in you
phonebook for the area code you
live in or city then ring the person
on a anonymous line like skype or
a payphone or a carded sim and
attempt to social engineer the
person for his name, address,
data of birth, city born, country
born, ISP connected with, Phone
company connected with, What
bank he/she uses and anything
else you can get. Then Attempt to
ring using a spoof caller ID
software with the person's phone
number - call the ISP and try reset
the password to his/her internet
connection/ web-mail, get access
to bank account or ask them to
send out a new *** to a new
address (drop) with a new pin,
reset of phone company
passwords.
14. Use your information
gathering skills to get all the
information off a website like a
shop then use the spoof caller-id
software or hack your phone to
show a new number of the
Webserver's Tech Support
number then ring the shop owner
and try get the shop site
password.
15. Do the same thing but attempt
to use a web attack against a site
or shop to gain admin access.
16. Once got access upload a shell
and attempt to exploit the server
to gain root using a exploit you
coded not someone else s exploit.
17. Make your own Linux Distro
18. Use your own Linux Distro or
use a vanilla Linux gnome (not
kde) keep it with not much
graphics so you can learn how to
depend on the terminal and start
from scratch install applications
that you will only need for a
blackbox (Security test box), make
folders for fuzzers, exploits,
scanners..etc Then load them up
with your own scripts and other
tools ( By this stage you shouldn't
need to depend on other peoples
scripts).
19. Learn macosx and attempt to
gain access to a Macosx box
whether it be your own or
someone's else.
20. Create a secure home network
and secure your own systems
with your own Security policies
and firewall settings.
All this isn't a over night learning
it will take a nice 3 - 4 years to
learn a bit of this 5+ years to learn
most of it and even then you may
need time to keep learn as IT
keeps changing ever day.
As long as your dedicated to
learning you won't have any
problems and if you learn all that
you should easy get a job in any
company if you show proof that
you can do these things (print out
scripts that you made or put on
disc) to show the companies.
No comments:
Post a Comment