Reddit reviews The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy
We found 11 Reddit comments about The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy. Here are the top ones, ranked by their Reddit score.
Syngress
Yes and no... Like I mentioned, 90% of what I've learned is via brute-force problem solving. I start an app, I add some code, I fix the errors (by Googling a lot), and then repeat. That being said, I did eventually just start Googling the basics and working up from there.
For example, I read a book that basically covered this. I forgot what the name of the book was which is a shame. It covered each of the 4 layers of the internet in easy-to-understand terms. That helped me understand what is happening with my data when someone clicks
submit.I felt that networking sounded interested and I wanted to be a l33t h@x0r so I read, The Basics of Hacking and Penetration Testing. It wont' help much with web development, but it did show me some unique perspectives on networking. Pen testing is really just sitting around hoping someone fucked up. With cloud servers (ignoring the recent exploits), you have big companies monitoring your server for you. Applications are pretty well protected compared to an application 15 years ago. As long as you follow security conventions, you'll avoid script kiddies which account for most nuisances and you should be safe from real penetration attempts.
When I was just freelancing, I was desperate for work. I literally worked for free for three months. I helped a Coach setup a Raspberry Pi for his Hockey team. It displayed a calendar of their events and periodically displayed advertisements. Another guy wanted a website for his coffee shop, but that fell through after a lot of design went into it. I built a website for some guy's whiskey decanter he wanted to sell online.
One big leap I took was building a full-fledged production application with a small user base. A company hired me at $20/hr to be IT and simultaneously build an application to manage their leads, sales, and finances. So I did that as well. It's pretty shit - TBH. But they were paying like $1,000.00 a month in licensing for an application that only ran on ONE computer in the office which was dying every other week. So, I saved them money in the long and short term. Building a production application basically forced me to solve hundreds of real-world problems. User management, security, database size, server costs, server speed, etc... I had a small database ( ~10,000 ) rows. But it still showed me how quickly SQL queries blow up.
Ruby on Rails
While Googling a lot of issues, 90% of the security / user management issues brought me to this commonly referenced book. I never read it start to finish in order, but I should have. It's a great introduction. I'm positive it's somewhere in the FAQ of this subreddit.
JavaScript
I was so scared of JS. I didn't touch it for 1.5 years because of all of the online hate. Then, I learned Node.js. I followed the tutorials on Express and Node for a standard Hello World application. Then I made this piece of shit, "news flash" in about an hour to learn asynchronous calls to a simple news API.
But after that, I felt so free. After being hankered down by Rails conventions, I was so excited to run an application with just a few lines of code (and 1,000 of node_modules). I eventually started making JS asynchronous calls with Ruby. It made my applications appear much more responsive. No more pointless re-renders / redirects to data. Being able to hit an API endpoint in JS is super important.
A month ago, I learned React JS. It's a lot of work to get business applications up and going on React, but it's great for small applications. I recommend it. I learned by using React JS's website's tutorials and then following Redux's tutorials.
I never closely learned Vanilla JS. I was one of those JQuery fan-boys. That's changing now. I'm using vanilla JS for anything outside of a framework like React.
CSS
I am bad at CSS because I'm a bad person. I am still fumbling with it when it comes to making "clean CSS/SCSS". I generally just do what it takes. I am a big fan of the new
display: gridstandard.I don't have resources for this.
___
TO be honest, I don't recommend Ruby on Rails as a first framework. Yes, it's easy once you learn the convention. But it's hard to break away from convention afterwards. The conventions basically put blinders on me. It wasn't until I learned JS / Node / PHP that I realized most web servers are a lot more custom than the RoR convention. They let you get your hands dirty with routes, database models, SQL, and more. RoR is my favorite web dev tool, but it's so opinionated that it doesn't work well as a teaching tool (IMO obviously).
EDIT Just read some other replies. Looks like they also feel that frameworks don't help! Maybe this trend should be the real answer to your question (without providing resources). Learn web development without a framework first. Then learn the framework second That's going to be my take-away.
Sorry if my reply sucks. I'm getting reamed at work by a new client. I am taking a break waiting for his reply after my latest updates, but I don't have a lot of time to revise.
Learning to hack, with little knowledge of it, will be a journey. You have some background in CS which will definitely help.
Learning to hack, from scratch, is where things become difficult. Where do you start? How do you learn? Luckily there's a vast amount of resources to learn from online.
To start learning is a matter of what you prefer.
Like watching videos/lectures?
https://www.udemy.com/penetration-testing/
https://www.udemy.com/learn-ethical-hacking-from-scratch/
Prefer reading books on the subject?
https://www.amazon.com/Penetration-Testing-Hands-Introduction-Hacking/dp/1593275641
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442
Most universities have Ethical Hacking / Cyber Security courses, can always check there.
I'd recommend learning Python, SSH, and the Linux Terminal in general to get started. But learning how those apply to hacking is a matter of learning and practice.
Hope this helped, and good luck!
Buy a decent book on pen testing using kali. A great starting point for beginners: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442
I'm 30 years old and currently working 30% in pen testing, and 70% with developing electronic warfare systems at the most reputable cyber security company in Scandinavia. I wish I had found this interest at your age! If you put some effort into it and have a genuine interest in the field, the possibilities are truly endless.
It might be a boring answer, but seriously.. Read! Don't get stuck playing around with tools, but read up on the subject as well. The book I linked is a very easy read, and will get you started with the practical aspects very quickly. Once you have the basics down you might also want to check out "The Hackers Playbook 2". If you find reading tedious I suggest enrolling in a course on udemy.com, that way you can alternate reading with video lectures.
Good luck! The industry needs more young and hungry minds :)
B: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442
This book was my bible
Everyone has their own way. I would say start off small and organized, start with something easy and branch off into the more harder stuff. As for me I and how I did it (and I'm still learning btw, it's a never ending process) is to pick up a couple books about "hacking" or penetration testing. I highly recommend this book to start: https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_2?ie=UTF8&qid=1483325710&sr=8-2&keywords=basic+to+penetration+testing, it covers the concept of hacking and breaks it down into steps so that a beginner could understand. After I got the concepts, I started to learn Linux (it's kinda a rule of thumb for hackers to know how to use Linux) I learned how the operating system works, the history of it, how to use the terminal, etc. I even completely stop using windows and using entirely Linux for several months.
After that I started to pick up programming languages and I'm still learning them to this day. I would recommend starting out with a scripting language like python and branch out, you don't need to learn it to a point where you become a software engineer, I mean it's a big plus but you don't need to go that hard. Enough where you get familiar with the syntax and know how to create simple programs.
After that I started to use Kali Linux and learned to use the tools and I started to do CTF challenges which I think is the best way to learn is hands on learning and CTFs do just that
good sites:
https://www.hacksplaining.com/
https://www.cybrary.it/
https://www.vulnhub.com/
https://www.hak5.org/
www.securitytube.net/
if you're willing to read I recommend this book
I have 3 semesters left so my plan has been to seek an internship next summer closer to graduating. Do you think it's unwise to wait that long? My independent study could be better but I've become proficient with Linux using Arch as my daily driver and reading through The Linux Command Line. I'm also going through The Basics of Hacking and Pentesting which had me set up a "lab". Just finished the recon chapter. Also proficient in Python/Java/C++ ("proficient" might be a bold claim, rust considered).
Download boot2root VM's from vulnhub.com and try to pwn them. It's slightly dated now, but when I started learning a couple of years ago, https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=redir_mobile_desktop?ie=UTF8&ref_=dp_ob_neva_mobile was extremely helpful for learning Kali and the tools, as well as the penetration testing process.
Check out the OWASP webgoat project and DVWA to practice hacking web applications--a large amount of pentest work these days is webapps vs the traditional network pentest. Read the Web Application Hacker's Handbook and practice a LOT.
Lastly, find infosec meetups and other communities in your area and go network. The easiest way to get into a field is to find professionals working in the area and buy them beers.
Yes, most Gov jobs require at least Sec+.
Depending on how much you did as an LEO you may look into computer forensics. Network Security etc. You may also want to beef up knowledge of networking as well. So either the Net+ and/or CCNE cert.
Books are always a good place to start. I don't know about this one but have read a few other books by this publisher that have been pretty good.
Ones I have read/skimmed:
Haven't picked this one up myself, but it has good reviews
I spent seven hours one night trying to download and install a VM on a spare laptap we have, because I was interested in learning about this stuff. I got the book https://www.amazon.com/dp/0124116442?ref_=ams_ad_dp_asin_1 in hopes that it would teach me something but it seemed to presume you already had knowledge of some things. I never could get a VM to work and I finally gave up. Still disappointed about it.
I read this book, it is an amazing one however it is pretty big and might be hard for you since you are not advanced as you said.
On my opinion, I highly recommend this book
https://www.amazon.com/Basics-Hacking-Penetration-Testing-Second/dp/0124116442/ref=sr_1_18?ie=UTF8&qid=1481534935&sr=8-18&keywords=hacking+books
It is easy to read and follow. And the way the book was written makes you never stop reading, I promise. (: good luck on you education my friend I hope this helps.