Penetration Testing mailing list archives
Re: [PEN-TEST] How to "break into" the Pen-Testing field
From: Dragos Ruiu <dr () KYX NET>
Date: Sat, 9 Sep 2000 18:01:26 -0700
May I break with convention here and recommend an alternate recommended pen-test educational path recipe bucause I don't think there is a one book answer(sorry bout the unix bias): "The C programming Language" = Kernighan&Ritchie (sorry, the classic is still the most concise, clear, best damn book on C ever) Any book on x86 assembler programming. The O'Reilly Perl book. "The Design of the Unix Operating System" - Bach "The Design of the 4.3 BSD Unix Operating System" - Lefler, McKusik, Carels, Quarterman then... Stevens TCP/IP book.... and a glance through Douglas Comer's TCP/IP Vol 1 Aho Hopcroft and Ulman's, Data Structures book... The O'Reilly "Managing IP networks with Cisco Routers" book... Add a sprinkle of Christian Huitema's excellent "Routing in the Internet" and season with Bruce Schneier's "Applied Cryptography" Have a good look through the Linux source code, HOWTOs, and Microsoft MSDN docs... Then go implement some networking to get some practical experience. Become familiar with the default Win2K, Solaris, Linux, and Free/OpenBSD installs by building up some systems. Read every phrack ever published throroughly... Then spend a lot of time reading through the code at www.technotronic.com Then get familiar with the utilities at www.whitehats.com, and packetstorm.securify.com Read Ron Gula's, how to become a Level 12 Hacker paper... (Sorry don't have a URL, but hey if you're gonna start, you should at least be able to find that yourself... check NSW's site library ;-) Try re-writing an exploit from scratch. Analyze a coredump. Scan though the bugtraq archives. Go read the BOFH stories... :-) Hang out in the ADM suite at DefCon. ;-) My point here is that the more you understand how something works the better you will be at understanding its strengths and weaknesses, and taking advantage of them or giving someone else an estimate of this... cheers, --dr -- dursec.com ltd. / kyx.net - we're from the future pgp fingerprint: 18C7 E37C 2F94 E251 F18E B7DC 2B71 A73E D2E8 A56D pgp key: http://www.dursec.com/drkey.asc
Current thread:
- [PEN-TEST] How to "break into" the Pen-Testing field Lashley, Bryan (Sep 08)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Drew Simonis (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field El Nahual (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field INOM (Sep 10)
- <Possible follow-ups>
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bob Radvanovsky (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field gatekeepr (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Dragos Ruiu (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 10)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bennett Todd (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field gatekeepr (Sep 09)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Carric Dooley (Sep 12)
- Message not available
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 12)