Re: Programming SKills for PT...?

[Joe Hlasnik <jhlasnik () gmail com>]

Hi

I also am fairly new to the security realm I have been working on
firewalls, internet/dmz networks, proxies, IPS, & VPN technologies for
about 1.5 yrs myself.  I too am fascinated by the other side be it pen
testing, vuln assessments, etc.  In college when I was doing my
undergrad I avoided C/C++ and only took intro to java and VB.net. Now
I regret that as I struggled thus far in my masters because of it.  I
bit the bullet and took a data structures course and have learned to
really enjoy C and the way it works.  I'm by far still a novice but I
can get the job done when needed, for a course or whatever. Anyway to
answer your questions from someone trying to do the same:

 1. What are the programming/scripting languages needed to accompolish
 the above?
I have been told like others have said to learn C/C++ inside out,
python/perl are good to have in your arsenal as well, also assembly as
well.  From what I have noticed thought is once you become proficient
in one language the others come much easier than the first.

 2. I see most of the real hackers are well proficient in almost all of
 the the technologies like Networking, Application/WebApplcn testing, OS
 etc. Is it so...?
The best part about security is that you get to dabble in a bit of
everything, I would never be completely happy doing just one thing in
my position, just knowing you can deal with so many different
technologies since security can tie into everything now.
 3. Are there any other skills/requirements that you can suggest to be a
 successful Hacker?
In my personal opinion a good drive, a thirst to constantly be
learning and bettering yourself, and having the ability to quickly
adapt and catch on to new things are extremely important.  In my
opinion they are pretty much necessary to be really good, but that
just my opinion.


On Mon, May 4, 2009 at 11:32 AM, Swaminathan, Balaji
<Balaji.Swaminathan () kla-tencor com> wrote:
> Hi all,
>
> I work on Firewalls, IDS/IPS for the past 3yrs approx since I have
> finished my graduation. I had no interest on programming and I almost
> hated it (2 be frank I have bunked even my C, C++ classes in college).
> Luckily I was into Networking, Security etc. But I am very much
> fascinated towards Vulnerability Assessment, Penetration Testing stuffs
> and am into similar projects for the past 6 months and want to shift my
> career to it. Though I had played with some tools (Nessus, retina, ISS,
> Metasploit, netcat...), I want to get into the real programming stuff
> required to find vulnerabilities, write exploit codes and develop tools.
>
>
>   In my opinion, though all the open source exploits, tools are
> available, you cannot call urself as an hacker atleast an ethical hacker
> unless you try to figure out them on your own. So pls let me know:
>
> 1. What are the programming/scripting languages needed to accompolish
> the above?
> 2. I see most of the real hackers are well proficient in almost all of
> the the technologies like Networking, Application/WebApplcn testing, OS
> etc. Is it so...?
> 3. Are there any other skills/requirements that you can suggest to be a
> successful Hacker?
>
> Thanks in advance.
>
> Regards
> Balaji
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------



--
Joe Hlasnik, CCNA, MCP

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------