Reddit reviews Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
We found 3 Reddit comments about Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques. Here are the top ones, ranked by their Reddit score.
Wow, 24 hours and no replies?!
Fine, you know what? FUCK IT!
Alright, first off - While you can concentrate on physical, understanding the basics of the digital side of things will make you more valuable, and arguably more effective. I'll take this opportunity to point you at Metasploit and tell you to atleast spend an hour or so each week working to understand it. I'm not saying you have to know it backwards or inside-out, just get a basic understanding.
But you said you want to go down the physical path, so fuck all that bullshit I said before, ignore it if you want, I don't care. It's just a suggestion.
Do you pick locks? Why not? Come on over to /r/Lockpicking and read the stickied post at the top. Buy a lockpick set. You're just starting so you can go a little crazy, or be conservative. Get some locks (Don't pick locks you rely on!) at a store, and learn the basics of how to pick.
Your fingers will get sore. Time to put down the picks and start reading:
That reading list right there gives you over 2000 pages to read. Read. Read More.
Tired of Reading? Have you been listening to the Social-Engineer.org Podcasts? 53 quality podcasts right there. Time to catch up!
Tired of listening? Take a break! And by "Take a break" I mean grab your lockpicks, a lock, and start picking while you relax with a Jayson Street video. He's fun to watch, and will hopefully distract you while you try picking a lock. Also, he highlights how you don't have to be a computer-genius to be good at PenTesting. Go watch more of his videos while you pick locks - It's entertaining at least, and informative/educational at best. Now go watch Deviant Ollam's videos if you're done with Jayson Street.
Sounds like a lot? It's not. You'll spend a bit of money getting started with picks, locks, and books. It's the nature of the game, no good way around it. It's time-consuming. You may have to give up playing your favourite games for a while. But the things you learn and skills you develop will pay more than that game did. By the time you're halfway through any one of those books you'll have a much better idea of what questions you want or need to ask in order to progress further and faster every day.
Go to Security Cons. DerbyCon is awesome, and happens in late September, plenty of time to start saving money and making reservations. Talk to people, ask questions, and make connections. You will learn more in those 4 days than some people learn in months or years and you'll have tons of fun.
If you can swing it, attend Deviant Ollam's "Physical Security Skills for Penetration Testers" class. The things you will learn in that class will make it worth every damned penny, and you'll feel like a bad-ass at the end of it.
Is this what you wanted?
best advice i can give is to start reading anything and everything you can get your hands on related to programming, operating systems, networking, security, etc......
a few books i'm reading/have read/on my list to read and all are excellent starting points:
BackTrack 4: Assuring Security by Penetration Testing (this book was just released and still relevant when using BackTrack5)
Metasploit: The Penetration Tester's Guide
Ninja Hacking: Unconventional Penetration Testing Tactics and Techniques
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning
Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition
plenty of links to keep you busy for awhile:
Open Penetration Testing Bookmarks Collection
Most of the book recommendations here aren't that great. Here's the best of the best hands down. I highly disregard anything written by Richard Bejtlich btw. Also steer clear of anything written by Kevin Mitnick.