Re: learning ethical hacking

[David King <davewking () gmail com>]

Heya Everyone-
   One thing you might check out is O'Reilly Safari
http://safari.oreilly.com.  Here you pay a monthly subscription fee
and get access to several books.  They have a 14 day trial so you can
try it out.  I've found this is a great way to read a lot of books for
less cash.  If I really like the book then I usually buy the hard copy
as well.  Looks like they currently have 55 books right now
categorized as security books from many different publishers.

As for which books are good it all depends on what kind of security
you're looking at.  Here are some of my favorites:

General Hacking Techniques with specific examples:
Hacking Exposed 4th ed

Social Engineering:
The Art of Deception - Kevin Mitnick (also great for policy writing)

Coding Security:
Writing Secure Code 2nd Ed
or
Exploiting Software : How to Break Code (a little more advanced)

Forensics:
Incident Response & Computer Forensics 2nd Edition

Wardriving:
Wardriving Drive, Detect, Defend 

Wireless Security:
Maximum Wireless Security

Encryption:
Applied Cryptography

Threat/Risk Anaylsis:
Threat Modeling

Web Security:
Web Security -- Hack Notes (nice quick read, very condenced)

Network Security Monitoring
Snort
The Tao of Network Security

Shell Coding:
Shell Coder's Handbook

Also, if you want to practice web hacking give
http://www.owasp.org/index.jsp a look.  You can download WebGoat from
them which will install a jsp server on your local computer with some
webpages to be hacked and some hacking lessons.  They also have other
cool tools.

If you want to learn about some free tools look at nmap, nessus,
netcat, achilles, john the ripper, snort, metaspoloit, and kismet.

Another website that I don't believe was mentioned was the Open Source
Vulnerability Database (http://www.osvdb.org).  After you get a little
knowledge under your belt you can volunteer with them and this gives
you a great opportunity to look over and learn about all kinds of
vulnerabilities.  This volunteer work also counts for experince time
needed for many certifications.

Good luck,
Dave King
http://www.thesecure.net 


On Tue, 31 Aug 2004 11:13:59 +0300, linux user <linuxteam () gmail com> wrote:
> Hi All,
>
> Could you please let me know where should i start learning about
> network, and web security, I   have been using linux mainly for
> several years, windows for a couple of years, and solaris from time to
> time, I would like to consolidate  my knoweldge regarding the above
> operatings system through a deep exopsure to security. i am thinking
> of books, mailing lists, and training courses, i also stumbled once on
> a hacker group that would let you joing if you solve a puzzle, some
> kind of message encryption, but i do not remmber the site any more,
> the main objective is secure a career in network security.
>
> TIA
>
> ant ant
>
> ---------------------------------------------------------------------------
> Computer Forensics Training at the InfoSec Institute. All of our class sizes
> are guaranteed to be 12 students or less to facilitate one-on-one
> interaction with one of our expert instructors. Gain the in-demand skills of
> a certified computer examiner, learn to recover trace data left behind by
> fraud, theft, and cybercrime perpetrators. Discover the source of computer
> crime and abuse so that it never happens again.
>
> http://www.infosecinstitute.com/courses/computer_forensics_training.html
> ----------------------------------------------------------------------------