Guide to be a Security Hacker

Printable View

March 24th, 2003, 06:09 AM
tyger_claw

Guide to be a Security Hacker

Hey All,

When someone becomes comsumed with the idea to become a hacker/cracker, they visit the internet (sites like hackers.com, networkpunks.com, etc) and find dated tutorials (most recent are dated 1996) about what it takes to become a hacker. Tutorials like "Ultimate Beginner's Guide To Hacking" by Revelation, or "Beginner's Guide" by Phooey talk about having to drown yourself in tutorials and books about programming, networking, os's, viruses and more so.

And most people who want to be a hacker (not a cracker - whatever title you prefer, be it security guru, safety admin....) must know how the opposition works (ie: hacker's know the weaknesses in your system, shouldn't you?)

So, my question for everyone here at AO is what does it take now to be a (security) hacker?

Must we tell everyone that they need to know every programming language under the sun?
Or that they must know every type of OS?

So this is what my question for this tread is.

Why not write an AO beginner's guide to security hacking?

What do you people think?

(ie: talk about honeypots, firewalls, palms, antivirus, programming, networking, etc...)

Edit: I moved this tread from Addicts so that everyone can contribute, those who know and those who want to know about certain subjects.

Kinda like compiling the useful information from this site into a guide for those new to the scene.
March 24th, 2003, 06:34 AM
kilerboots

I think thats a great idea. I think you might try to move it to site suggestions maybe.

>I'd like to know what it takes.
March 24th, 2003, 06:40 AM
phaza7

It would be great including tuts about $M, Mac, and Unix.

This would compile a great study for those new to the scene

When in doubt do a rm -rf *
March 24th, 2003, 08:18 AM
GreekGoddess

I thought Ennis did a really great job in outlining the basics with his Ultimate Newbie Guide in the tutorials section:

http://www.antionline.com/showthread...hreadid=218093

And a look at the tutorials forum index is also a great resource full of tutorials from beginning to advanced.

http://www.antionline.com/showthread...hreadid=133897
March 24th, 2003, 08:49 AM
HTRegz

Hey Hey

I think it's a great idea... I looked at Ennis's Newbie Guide and it's great, but it's almost more of a guide to the Computer "underworld" community.. When I hear tyger_claw talk about this. I'm thinking actual information, and yes there are tutorials, but it would be nice to do up a really nice document, footnotes, appendices, glossaries, and so on, on everything the basics of all areas of computer security..

I'd definately be interested in assisting in a project like that.
March 24th, 2003, 09:24 PM
tyger_claw

I'm up to do my part (I'll even write it all to a .pdf file with Acrobat - bookmarks and all) but with need of some assistance from several aoer's

Ennis's tutorial is great, but a little vague on some topics, no mention of other topics and has little to no examples (Ennis, if you read this, take no offense, it's a great tut. - heck I'd love the help!)

But I'd like to make something for everyone. Kinda like spoonfeeding the newbies, but just to say not fully. As well, it would help myslef and others (i'm assuming) to learn a vast amount of information that we wouldn't go and find ourselves...

I know about viruses, but not everything (if that is possible)
And I know about networking, but never did the N+ course, so obviously lacking major there
Also, I know some programming, but not to the extent of some AOer's

Kinda get what I mean?

ie:
Table of Content
1.OS's
1.1.Linux
1.2.Windows
1.3.MacOS
1.4.DOS
1.5.OS/2.....
2.Networking
2.1.Typologies
2.2.Hubs,Switches,Routers......
3.Programming
3.1.BASIC
3.2.Python
3.3.C/C++
3.4.HTML.......
4.Anti-Hack
4.1.Honeypots
4.2.Profiling.....

????? Suggestions, comments, questions?
March 24th, 2003, 09:35 PM
prodikal

Or how about instead of spoon feading people as you put it ;) give the full of AO (or those who are interested)homework so to speak :p like say if it was codeing in C direct people to a C tutorial link and tell them to write up small programs and stuff or if it was networking give people a few chapters of tcp/ip to read and test them on it it would be a good learning experience and maybe a new way to rank members at AO other than the antipoints system ? thoughts ...feedback....or just a plain ole **** idea :p
March 24th, 2003, 09:56 PM
HTRegz

That's a cool idea prodikal but the implementation of it would involve way too much work, plus it would require a lot of people coming together and putting in a lot of extra time.

If we stick with the document idea... ( I love the PDF idea TC) then each person can write they're own section and contribute it.. Everyone interested can post that they are interested and we can break up the work to be done and then each person can just submit it back to TC to be added to a single compilation in PDF format... I think it could really fly and it would be a great idea. I remember when I first got into computers (early - mid 90s) everything out there was dated and most of the material you found on "hacking" sites was useless.. If you put it all together into a nice document available for everyone and keep it up-to-date it could be a very valuable document for everyone.. Not only the newbies.. but also the experienced as a quick reference guide.
March 24th, 2003, 10:08 PM
prodikal

people comeing together and stuph aint so bad HTRegz :p but it would be a much better way to rank people at AO other that the AP sytem which is way to easy to abuse and at least we know people will be learning stuff :)
March 24th, 2003, 10:10 PM
HTRegz

Wouldn't be bad at all.... It's just that it requires a lot more effort. A lot of people come here to ask and answer questions only.. they aren't going to want to have to put in time doing tests and reading information to prove they're knowledgeable in the area. Either way both are good ideas...
March 25th, 2003, 04:05 AM
tyger_claw

I see it both sides.
What if we did something similar to a wargame like testing setup.
The guide has it's underlined information, say programming c, then have a project at the end to complete (by choice) and then go to a site (whether ao.com (needs Jupiter Media's approval) or one/several sites of ours.) and do an online quiz (in .php or whatnot) and move up the ranks like hackerslab.org?

Just a though for both ideas together. Thoughts?
March 25th, 2003, 10:16 AM
HTRegz

Great Idea.....

Although it's starting to sound more like a side project to be undertake by AOers who are interested instead of being an AO addition...

I've got some server space kicking around in a few places. I'm not averse (God I love that word) to using some of my space to host a site, or even just files off it.

Let me know what you're thinking...
March 25th, 2003, 10:44 AM
prodikal

Quote:

I see it both sides.
What if we did something similar to a wargame like testing setup.
The guide has it's underlined information, say programming c, then have a project at the end to complete (by choice) and then go to a site (whether ao.com (needs Jupiter Media's approval) or one/several sites of ours.) and do an online quiz (in .php or whatnot) and move up the ranks like hackerslab.org?

Just a though for both ideas together. Thoughts?

Wargame sounds good to me isnt that how cyberarmy ranks there members ? exept instead of it being webbased Jupitermedia hopefully will be kind enough to set up a dedicated server *hint *hint with a few levels webbased a few local and a few remote exploits hmm it shouldnt be that hard for a corporation such as jupitermedia to set up a small server for this maybe they have a old server lying about that they could use
great idea tyger_claw :thumbsup: now just need to wait for a response from one of the new mods or admins
March 25th, 2003, 03:42 PM
tyger_claw

HTRegz> Not at all. This will still be a "how to" guide, just with a practical component to ensure people understand. Some can come to ao.com, take the guide and be done with ao, others can come to this site, read the guide and be interested in a certain area and indulge into it with the practical parts and so.

It is a little similar to cyberarmy's ranking system. (from what prodikal is looking for) To make it as blantant as cyberarmy's way however is not what I would want. Other sites record the amount of times you attempt something, discouraging people to go for a trial and error session (peer labeling and whatnot) I'd rather it be annonimous and that all they try to retrieve is a password or something (similar to hackerslab.org). Now, either way we look at it, it's as exploitable as the antipoint system. People will devulge passwords for next levels, explain (even walkthru) steps for others to get to. So that would be something to cram upon.

As for the guide itself, all help, suggestions, submissions and whatnot are welcomed. Personally, I've never been a fan of Mac's, so my knowledge of them is nil. So anyone who has indept knowledge would be more then wanted. Also, while I romp through Linux now and then, my unfortunate dominating OS is Windows. So *nix experts are also needed. Even windows users are needed because I cannot, in any form, call myself a pro, expert, etc.

Samething applies to programming, networking, etc....

Also, those who have read tutorials here that believe should be formatted and placed into the guide, point em' out, and either yourself or the author can edit them into a chapter like submission.

Questions?
March 25th, 2003, 04:38 PM
HTRegz

Nope, no questions.. I think it's a great idea....

I think the discussion should end and some action should be taken....
March 26th, 2003, 01:37 PM
tyger_claw

Agreed. So who want to work on what section(s)?
March 26th, 2003, 02:41 PM
Wispy

Its my personal experince with pojects like this, without a definate leader telling people what to do things wont get done,
So who want to work on what section(s)?

I personaly suggest makeing a new thread :) listing a number of sections you would like to be covered and get peopoe ot say they'll do it and give a deadline of such, some people wont meet the deadline but they'll at least of started

if you just ask who wants todo what very few will reply because they wont be sure as to what needs to be done, or what they could do :)

just my 2 cents
Thanks
Wispy
March 28th, 2003, 04:44 AM
tyger_claw

Totally agreed, but I'm not exactly sure what sections/information people want in this tutorial.

Let's, as a group, compile a list of exactly what this guide should contain, and then assign different parts to different people?

So exactly what should be there?
What type of OS Information (*nix, dows, mac, others?)
What type of networking information (tcp/ip, lan, http, wireless, ?)
What type of programming information (all?, some?, none?)
What type of IDS info?
What type of virus info?
What type of profiling & forensics info?
What else?

Mention of phreaking? other stuff?
March 28th, 2003, 09:28 PM
HTRegz

Networking has the potentional to be huge.

Ports/Services, Firewalls/Honeypots, All the protocols (IP, TCP, UDP, IGMP, ICMP, etc), OSI model, Routers, Switching, Cisco IOS Information, The 802 Series... etc.

Programming in reality has the same problem... but I think it could be a little smaller

C, C++, Assembly, Perl, PHP, HTML (could fit in here), TCL, Basic, VB.. etc......

Where do we draw the line? Just how extensive do we want this to be?
March 29th, 2003, 09:03 AM
tyger_claw

Let's start with the basics and have a "version 1" out, then we can add new sections and more content to certain areas.

I'll elect myself to cover PDAs (while not quite popular yet, still got some stuff to talk about)
Also, I'll explain simple crypto with samples
As well as HTML programming (if needed)
And I'll compile the information into a .pdf file (with cute :D graphics and diagrams)
March 31st, 2003, 06:55 AM
dworm

Thanks you guys but well me as a newbie need some assistance here.How on top of being a hacker at AO do i get those points?
April 4th, 2003, 12:25 AM
tyger_claw

If you are talking about AntiPoints, you write useful, constructive posts and others will give you points for your work.

Either compose a tread with useful information or reply to someone's question with the answer they need.

It takes time, but eventually, you will have a wealth of information inside that head and the points will come in flooding!
April 4th, 2003, 03:40 PM
Negative

I'd be more than happy to help out with the 'logistic' part of this project (make posts sticky, make sure everyone knows what's going on,...)

Here are some suggestions:
If I were you, I'd keep this thread to discuss the basic outlines (I'll make it sticky), and create a private conference room for every topic you're going to cover. You could make the keys for the private rooms public in this thread: that way everyone interested can join, and you'll avoid useless posts.
And if you have something concrete, I'm sure JUPM will be kind enough to create a separate forum for it.

Just a little note on this project: we all know how much trouble MsMittens is facing to find decent articles for her newsletter...

If I can be of any help, just lemme know.
April 6th, 2003, 07:09 AM
eXterNaLity

Nice idea maybe but you must think it ove what is the bennefit of that and I'd like to know what it takes.