Hello, and Becoming a "White Hat" questions

General technological topics without their own forum go here

Hello, and Becoming a "White Hat" questions

Post by kdb424 on Wed Dec 22, 2010 5:31 am
([msg=50916]see Hello, and Becoming a "White Hat" questions[/msg])

Hello HackThisSite community. I am somewhat new to the hacking world, and had some questions. But first a little background on me so you may better answer my questions.

Programming languages I have some to a lot of experience in
*Ruby
*Java
*C++(limited)
*python(learning)

Background experience
*Run my own web server (debian 5 http://kdb424.homelinux.com/kdb424)
*Built my desktop, and run gentoo X64 on it most of the time (I have OS X , and Windows XP, and 7 also on it)
*My network is run on a DD-WRG router
*Knowledge of basics in networking hardware and software (SIN ACK, ect)
*Done several challenges a while back on HackThisSite

Other Information
*Specialty is Social Engineering
*Live in the USA
*20 Years of age

Now the questions that I have to ask. I am wanting to learn to become a hacker as a career. I understand that this is a difficult field to get into because of the massive amount of work needed to learn, and keep up with current software (programming languages) and exploits (assuming it's not a 0-day).

Specific questions
*Where should I start looking for information on hacking from a reliable source (other than HackThisSite and affiliates, though they are a great help)?
*What programming languages are best for exploits in most cases (research suggests anything not browser based would be c, and python, though is C++ a good c replacement?)
*Should I look into the social engineering aspect as I understand it is one of the more difficult skills to come by?
*Other than becoming a CEH (Certified Ethical Hacker) are there any ways of proving that I am a reputable person to an employer (and is becoming a CEH worth the money or time other than the skills learned)

I hope this was enough information, and is not too big of a question. I am not looking for a mentor, or a red team, or anything like that at the moment. Just hoping to find a somewhat more direct path to becoming a White Hat hacker, without the general Black Hat step.

*Definitions on "Hat" hackers used here are thus
White Hat - Legal, ethical Hacker
Grey Hat - Usually illegal, but meant to have good intentions
Black Hat - Generally illegal, and meant to cause harm/problems, or theft of data
kdb424
New User
New User
 
Posts: 2
Joined: Tue Dec 21, 2010 1:04 am
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by neuromanta on Wed Dec 22, 2010 6:03 am
([msg=50917]see Re: Hello, and Becoming a "White Hat" questions[/msg])

First of all, try not to be over confident (braging about your stuff), as most of the people here will think that you're just a moron. Sadly I often make this mistake too.
As to where you should look for info, I don't know... there's no "one above all" information source for this. You could try to get the CEH tutorials from warez (I got it, the v6 is about 20gigs, heavy stuff), or other books about security.
I think the best languages for exploits are ASM (x86 of course, assuming you want to work with the PC platform) and C. I'd suggest you learn C before C++. C++ has a habit of oversimplifying things like memory management (and the other languages you mentioned do so even more), and if you really want to get into writing exploits, you should learn low level programming.
I don't think that social engineering would be a requirement if you want to make a career from hacking. Social engineering is done by black hats (using your terminology), there's simply no practical use of being able to decieve others (not for me at least).
As for how to prove to an employer that you are a security professional... I don't know. Sometimes it works that you crack the system of the company, and then they employ you, but I wouldn't go that way, it's dangerous.

Btw I looked at your website, and seen you're fooling around with RPGmaker too :D. Keep it up.
User avatar
neuromanta
Poster
Poster
 
Posts: 302
Joined: Mon Nov 30, 2009 9:29 am
Location: Hungary
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by insomaniacal on Wed Dec 22, 2010 8:03 am
([msg=50921]see Re: Hello, and Becoming a "White Hat" questions[/msg])

Most of us here are hobbyists, but if you're looking for a job doing this, then you should look into Pentesting. I've heard it is generally a difficult field to get into, but start doing some freelance work to build your portfolio.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1210
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by Vulpine on Wed Dec 22, 2010 9:51 am
([msg=50926]see Re: Hello, and Becoming a "White Hat" questions[/msg])

Pen-testing is what you're probably after if you really want to do the White-Hat thing as a professional. There's a very large amount of demand, but talented pen-testers are exceedingly rare. So... Good luck with that.

Sound advice in both of the above posts. I'll add social networking (not Facebook) to your list of things to do. You'll need to go out and mingle with other security professionals in your area. Look for chapters, organizations, conferences, public meetings, et cetera... Who you know will get you the job. What you know will let you keep it.

Or... perform some righteous h4x3z, spend time in jail, and get a killer job offer.
User avatar
Vulpine
Poster
Poster
 
Posts: 379
Joined: Fri Mar 26, 2010 11:14 pm
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by fabianhjr on Wed Dec 22, 2010 2:54 pm
([msg=50939]see Re: Hello, and Becoming a "White Hat" questions[/msg])

lol to the last option. xD

If you can afford it get some Offensive Security Certs and the CompuTIA A+, Sec+, and Network+

I am saving for my A+, tough, won't take it anytime soon.
Donate bitcoins to me! [1DhRP3hHgmSLQdRTZyT8VPTmzAj7Z2rsGA]
Dunno what bitcoins are? BitcoinMe
fabianhjr
Poster
Poster
 
Posts: 286
Joined: Tue Sep 21, 2010 7:48 pm
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by kdb424 on Wed Dec 22, 2010 4:20 pm
([msg=50944]see Re: Hello, and Becoming a "White Hat" questions[/msg])

Thank you all so for with your replies. I believe pen-testing is most likely my best option from what you all were saying, and what my research concluded

*neuromanta: I Appolonia if it looked like bragging. I was nearly meaning to let others know what I have done so they could better guide me to information my level, instead of sending me to "Hacking For Dummies" is all. Also, thank you for helping my see why c is better for many things than c++. Memory can be managed as well in c++, but if that's the goal, than it's just more of a hassle. Also, I do not support piracy, though thank you for guiding me on what to look into. As for RPG maker, I have been playing with that since I had 128MB of ram way back, so it's fun just to keep it around, and I can have my artist do some of the work haha.

insomaniacal: Thank you for the encouragement,

Vulpine: I'm trying to avoid the blackhat work, though I lol'd at that. As for social networking, I'll be looking into that really soon, and thank you for that.
kdb424
New User
New User
 
Posts: 2
Joined: Tue Dec 21, 2010 1:04 am
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by tgoe on Wed Dec 22, 2010 6:44 pm
([msg=50949]see Re: Hello, and Becoming a "White Hat" questions[/msg])

User avatar
tgoe
Contributor
Contributor
 
Posts: 715
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: Hello, and Becoming a "White Hat" questions

Post by fashizzlepop on Sat Dec 25, 2010 2:17 am
([msg=51101]see Re: Hello, and Becoming a "White Hat" questions[/msg])

Social Engineering knowledge WILL help you out with getting behind enemy lines, per se. For instance, making sure every employee doesn't just plug a random USB drive they find into there computer. Bad, bad, bad. Also, check out as many DefCon videos as you can. And, like said above, network. Find people in your area to meet up with and ask questions or even try to find an internship (most likely unpaid). A+ cert won't help as much as a Cisco cert and Network+ and Sec+.
The glass is neither half-full nor half-empty; it's merely twice as big as it needs to be.
User avatar
fashizzlepop
Developer
Developer
 
Posts: 2303
Joined: Sat May 24, 2008 1:20 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests