hacking courses

polishpaddy

Does Anyone know if they're any good, or, would i be better off learning to hack myself?

Martyr

you'd be better off in long term getting certified papers on operating systems and networking devices..

start with something like CCNA, MSCE and keep getting more along the your way up the ladder, so to speak.CISSP for example..

i've been "hacking" on my own for probably 8 years now and i've never got any work in security to date, not 1 cent.

i've been told to get certifications if i want this to change.

so thats my advice, if you can afford it, get certified or be prepared to work 10 times harder to get same recognition.

polishpaddy

Glad to talk with someone who knows about this.
Is there much work in ireland if i was to get them certificates?
Cheers.

Martyr

if you have recognised certifications from M$ or Cisco, yes, you'll get work easily in most places.(don't know about ireland atm, but always good to have for future)

check out IT certification forum:

http://boards.ie/vbulletin/forumdisplay.php?f=882

polishpaddy

you said you've been doing it for 8 years.
How come you never bothered doing it as a job?
thanks for the link

Martyr

i applied for jobs, just never called for interview.
probably because of my lack of qualifications/work experience.

Package

i always though hacking was against the law?

since you dont use it professionally, do you have a lot of fun doing it under the table?

Martyr

yes, it is illegal..but not for the BBC

i said "hacking" to mean learning about computer security, obviously with your own hardware/software..your own property.

you can setup network environments now with VMWare and other emulator software to play around with.

Independent colleges are now doing a range of security courses including Ethical hacking.

http://www.independentcolleges.ie/faculties_and_courses/arts/msc_computer.html


But it costs E17,000 :eek:

Martyr

cisk wrote:

But it costs E17,000

ffs

money can buy you anything..i'd say you could be qualified doctor after 1 year training + 30,000 or less.

polishpaddy

The price is insane.

pieface_ie

Disgracefull prices all right,there aimining them at corporate companys.
certification is the only way really as Martyr said,then you would want to be looking for a job as a Penetration tester,you will need a vast knowledge of the diffrent operating systems,Linux is also worth learning at present,and you will need to understand the diffrent types of attacks and exploitation framework.Its not something you will get the hang of over night,and im sure Martyr will agree it takes years to understand and be able to implenment the diffrent types of attacks.

FruitLover

Package wrote: »

i always though hacking was against the law?

Depends on what you mean by "hacking".

The general public seem to ignorantly interpret this word as 'breaking into computers or networks without permission', probably due to the media.

They tend to put em into different categories such as white hat (“ethical hacking”), grey hat, black hat and script kiddie.

ntlbell

can you define hacking?

janusz0001

ntlbell wrote: »

can you define hacking?

getting to know computers

FruitLover

janusz0001 wrote: »

getting to know computers

Hmm, electronics hackers are pretty boned then.

Black Swan

Security+ certification might be worth a visit? In order to reduce your vulnerabilities you have to understand attacks. Of course, it depends on what you mean by "hacking," although I assumed that because you posted this on a security forum you were really talking about cracking?

Security+ link: http://www.guidetocareereducation.com/comptia.html?source=google_gtts_comptia&kw=security%2B%20certification&content=&gclid=CKadpMGmx5kCFRMUagodZgretg

There's also a rather interesting book on hacking/cracking called Steal This Computer Book 4.0 by Wallace Wang.

Amazon link: http://www.amazon.com/Steal-This-Computer-Book-4-0/dp/1593271050

AARRRGH

cisk wrote: »

Independent colleges are now doing a range of security courses including Ethical hacking.

http://www.independentcolleges.ie/faculties_and_courses/arts/msc_computer.html


But it costs E17,000 :eek:

The reason that course is so expensive is because you are picking up 7 industry certifications (e.g. 2k each) as well as a masters degree.

BaconZombie

And there is on way in hell your going to pass all 7 of then in under a year IMHO.

AARRRGH wrote: »

The reason that course is so expensive is because you are picking up 7 industry certifications (e.g. 2k each) as well as a masters degree.

biko

Most common hack attacks are SQL Injection and XSS. You can learn about these by googling or searching on youtube.
If you know how to work them you can understand how to defend against them.

The Cuckoo's Egg is a good book to read. The author's supervisor asked him to resolve a USD$0.75 accounting error in the computer usage accounts. He traced the error to an unauthorized user, and eventually realized that the unauthorized user was a hacker who had acquired root access to the LBL system by exploiting a vulnerability in the movemail function of the original GNU Emacs.

Snake Logan

ntlbell wrote: »

can you define hacking?

Here's a good summary:
http://www.catb.org/~esr/jargon/html/H/hacker.html

Gavin

Computer security is a large area. You really need to build up from the basics and that means getting to know the main operating systems, so Linux, Windows and Mac to some degree. The best way to do this is to get a job as a junior sys admin somehwere, or even technical helpdesk. When you are familiar with the operating systems and configuring them, you'll find that a lot of the tools you use are actually what hackers use (A words meaning is what people think its meaning is. Hacking means breaking into computers/network at this stage). You'll be familiar with security policies, password management, firewall configuration, anti-virus, intrusion detection etc.

At that point you can probably start looking a bit more at the offensive side. The easy option is to start using network assessment tools on your own network to look for potential threats. The likes of Nessus, nikto. Test them with metasploit. It is however a good idea to have a technical understanding of how most attacks work, such as buffer overflows, cross site scripting as mentioned above and sql injection. Apparently big business for security companies nowadays is web application security assessment. Corporations are au fait with lower level network security.

Then, if you aren't getting the jobs you want, it should be trivial to pick up some of the certifications, they are fairly straightforward. From what I have read of them anyway, I don't have any industry certifications.

There are a surprising amount of security related companies in Ireland, but there are also an increasing number of masters and bachelor level degrees covering security, so competition for jobs is tough. If you have the option of going abroad, then that may be the way to go to get started.

the_syco

cisk wrote: »

Independent colleges are now doing a range of security courses including Ethical hacking.

http://www.independentcolleges.ie/faculties_and_courses/arts/msc_computer.html


But it costs E17,000 :eek:

The "Ethical Hacking" cert is meant to be sh|te, and out of date. Look into PEN testing. Seems to be what some people are using these days.

ifah

the_syco wrote: »

The "Ethical Hacking" cert is meant to be sh|te, and out of date. Look into PEN testing. Seems to be what some people are using these days.

can you provide more details of this ? am very interested in how you've formed this opinion or whether you're replaying someone elses experience.

BaconZombie

PEN {Penetration } Testing and Ethical Hacking are the same thing....

the_syco wrote: »

The "Ethical Hacking" cert is meant to be sh|te, and out of date. Look into PEN testing. Seems to be what some people are using these days.

the_syco

BOFH_139 wrote: »

PEN {Penetration } Testing and Ethical Hacking are the same thing....

Sorry, I think I didn't explain myself correctly. I've looked at the Certified Ethical Hacking course, and although it tells you a lot, it's seems to be mainly theory, with the labs as a "hands on" view. Whereas the PEN courses seem to involve a lot of practical classes, with a view to teach you how to PEN test, as opposed to getting a cert out of it.

Having an in dept knowledge of a current OS such as Vista, and a working knowledge of how to use Linux will help going into the courses.

CEH does look nice, though, on the CV. PEN courses are often updated, and thus don't always come with a cert at the end. It seems PEN testers get the CEH for the cert, as opposed to what they learn.

In saying that, this may have changed since I last looked into it (about 3 years ago), but I doubt it.

[-0-]

Teach yourself C and assembly for x86. Read The Shellcoder's Handbook again and again. Start reverse engineering some apps and writing exploits. Stick them on your cv. Being self taught goes a long way. You just have to know how to present it, and get your name out there.

harney

There is a fair bit of interesting information on this site

http://vulnerabilityassessment.co.uk/

The link was passed on during a SANS course on Pen Testing - the SANS GPEN 560.

A CCNA would probably help, as well as getting to know various OS's and firewalls.

[-0-]

http://pauldotcom.com/2009/05/getting-started-in-information.html

Gavin Cotter

Polish paddy.

There's nothing quite like learning at your own pace, as you've plenty of time to actually understand how something works.

Learning x86 architecture along with an assembler will give you an intimate understanding of how everything works.And from there, you will save yourself alot of time and money jumping from one subject to the next trying to piece it altogether.

Buy a second hand pc,install a few operating systems.If you enjoy programming alot, I would suggest you write some beautiful programs and write about that on your cv.Having a passion for what your trying to achieve will get you in the door.