From: rajat swarup (rajats@gmail.com)
Date: Thu Aug 09 2007 - 22:05:36 EDT
On 8/8/07, Ryan <phaleproof@gmail.com> wrote:
> Hello all - long-time lurker, first-time poster,
>
> I'm about 2 quarters away from finishing my education (majoring in
> network security and systems administration), and I'm currently
> interning at a company, doing monitoring IDS and SOX compliance.
>
> I've always been interested in security, and now that I've got some
> spare time I would really like to start getting prepared for a potential
> position doing penetration testing.
>
> My school offers a few courses in security, however I've always been of
> the mind-set that it's better to explore it yourself than try to have
> someone teach it to you.
>
> That being said, I was wondering if anyone would be kind enough to give
> a novice some helpful pointers on how to get started.
>
> I've downloaded VMware and I've got a Windows XP, Ubuntu, and shortly a
> Fedora Core 7 VM - I also plan on downloaded Windows Server 2003 with my
> MSDNAA license. I've downloaded a copy of BackTrack2 and I'm in the
> process of trying to turn that into a VM as well.
>
> I installed nmap on both systems, as well as nessus, and soon
> metasploit. I've played around with the former a little bit at work (I
> must say, it's the most amazing tool I've used - not that I have much
> experience).
>
> I'm really interested in getting into the 'hacker' mindset and walking
> through the steps they use to find, conduct, and cover-up their attacks.
> Surely, it's not all point and chick, and I'm having a little difficulty
> getting into the groove.
>
> I was also hoping the more experienced users might suggest a few tools
> to check out first (I've already bookmarked the sectools.org list but
> there is just so many).
>
> Additionally, can anyone suggest a bunch of good books to read
> pertaining to penetration testing? Someone recommended Counter-Hack, and
> another person said Hacking Exposed, as well as a few others.
>
> All that being said, are there some limitations of VM that I should be
> aware of when conducting my research? I would be very interested in
> seeing if there's a way to get router and network-like functionality
> from a VM since it would seem like currently VMware is essentially
> acting like a hub and a lot of the attacks (ARP spoofing, etc) don't
> seem possible the way I've currently got it implemented.
>
> I know there is a "Basics" mailing list, however since I am interested
> specifically in pen testing, I figured it was probably more appropriate
> to post to this list. If I am incorrect, then I apologize. If not, then
> thanks in advance for tolerating my noobiness and for helping out an
> aspiring pen-tester!
>
> Best Regards,
> Ryan
>
>
i liked reading http://www.phrack.org/ when I started off.
also check out http://sectools.org/
-- Rajat Swarup http://rajatswarup.blogspot.com/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:00 EDT