We're finding that one of the most successful techniques to educate yourself in the widely-arranged subject of hacking is searching the internet and providing for yourself a development station to test your newly discovered ideas that you will, no doubt, accumulate while researching.

You must also consider what part you would like to begin with. Our suggestion is that you begin by using a proper workstation designed specifically for your studies. We use openbsd and lfs ourselves but if you are not familiar with bsd or linux right now then you have the choice of learning one of them and thus providing a perfect working environment. You might find url below refering to The Linux Documentation Project for your informational needs in that regard. As we are saying...consider what part you would like to begin in your research, we are pretty sure that what your are asking for regards the Auditing process. When you discover online somewhere that someone refers to an exploit it was discovered by auditing the source. Exploits are basically software bugs left behind from the developers and that is where 'hackers' (white or black) begin. Also you must understand that these people are all very familiar with the products they are using and auditing just as they are familiar with the workstation they are using to do their research on. If you already know what platform you will use and how it works thoroughly then begin learning the 'hackers' trade by auditing various applications and learning where the bugs lay. To begin this you must accuire basic auditing tools, most you'll find freely available to you within linux itself. Descriptions of what these tools are and how they work are readily available to you just about anywhere you search.

Stay ontop of the latest security matters that are within your research environment. security auditing is a large area to cover with alot of people providing certain information like the latest exploits for every type of operating system and application available. There are sites describing every technique thats been publicly discovered. Using this information is good to know as it helps you secure your own system, but what you also should consider is what they have NOT discovered and find out the Ws for it (What, Where, When, Why and How).

We hope you find this useful and not confusing. If you would like us to reiterate more thoroughly maybe you could talk one of us into writing a tutorial about auditing for you to use.

There are but a few resource links that we find interesting and very informative:

Google // positively a must use tool.

Computer Science Technical Reports //wide variety of useful information published by students, professors and researchers.

The Linux Documentation Project //linux being our prefered development operating system, this is a decent document resource.

Linux Library