Jump to content
Guests can now reply in ALL forum topics (No registration required!) ×
Guests can now reply in ALL forum topics (No registration required!)
In the Name of God بسم الله
Sign in to follow this  
DigitalUmmah

currently studying to be a professional hacker, looking for help

Recommended Posts

Salam, Ya Ali (as) Madad and Lanat upon the enemies of the AhlulBayt (as)

I am currently studying towards becoming an ethical hacker/ penetration tester and am looking for some help regarding firstly the course material and secondly the career path. 

my qualification route is as follows:

- CompTIA Security+ qualification (Passed)
- Cisco Routing and Switching (currently studying the two exam route)
- Cisco Security (not started)
- Council of Ethical Hackers (not started)

REGARDING THE COURSE MATERIAL
is there anyone with any experience with cisco routing and switching that I can ask a few questions for? I can memorise the notes like a parrot to pass the test but theres a few concepts that I do not fully understand/ cant get my hear around. also does anyone know if there is any point getting a CREST/ TIGER qualification instead of CEH, are they all the same or is CEH seen as a bit of a joke? are there any other qualifications you would suggest for me?

I have been browsing a few web forums and a few have mentioned that it is useful to know a language such as python or c++, is this something I should do?

REGARDING THE CAREER PATH
would you say it is better to become a career man at one organisation (my current employer has openings for penetration testers all the time, there is a huge turnover) or to become a freelance?

 

 

Share this post


Link to post
Share on other sites
19 minutes ago, Ruq said:

Before you do any of that you need a name. Something shadowy and vague.

nah man, I only wish to be an ethical hacker, I am pretty sure being an unethical hacker is haram innit. not gonna feed myself/' my family off haram income

btw how is the name "shad0w KillA N1njA Luvva" as a psuedonym?

Share this post


Link to post
Share on other sites
5 minutes ago, DigitalUmmah said:

hmmm

how about "Sayf al Rawafidh".....?

Better, but a little crusadery. You need something intriguingly imaginative, confident yet humble.

Share this post


Link to post
Share on other sites

You need to be able to code, or at least understand it and not look like an idiot when having to view it. So, yeah, learn at least some network programming.

Also, KaptainKhatmal sounds cool.

Share this post


Link to post
Share on other sites

Ethical hacker? Penetration tester?

Bro just get married lol

 

If you're looking for a new name, how about 'EthicalPenetrator'. Sounds halaalish.

 

Share this post


Link to post
Share on other sites
21 hours ago, Darth Vader said:

Master unix and a low level language like C. Hang out with hackers on line on IRC or wherever they meet, befriend them, get your tools of the trade.

thanks, I am currently learning the hardware side of cisco products eg the Catalyst so am picking up the command prompt they use to set things up. I have nearly a decades experience of VBA so I think It shouldnt be too hard for me to pick up C. I am a total beginner at these languages, would you suggest C first for me, or python or ruby on rails? 

I just popped over to the pen testing team and had a chat with them. they said once I get certified they dont mind me shadowing them for a few hours a week if my boss approves. that should be a good way to learn the ropes as a beginner. 

21 hours ago, starlight said:

Mister frightening volunteer

done. this is one of those names that is so rubbish, its awesome. 

20 hours ago, Brained said:

You need to be able to code, or at least understand it and not look like an idiot when having to view it. So, yeah, learn at least some network programming

yeah I get that impression. by my estimation, I should be fully qualified to the minimum requirements by June 2016 InshaAllah, but I am going to give myself a few months after I get all the certificates to really get stuck into learning programming languages. my plan is to be ready to apply for penetration testing jobs at my current employer by this time next year. 

19 hours ago, saas said:

Ethical hacker? Penetration tester?

Bro just get married lol

ROFL

your mind is a GUTTER!

Share this post


Link to post
Share on other sites
55 minutes ago, Darth Vader said:

You could have asked the pen testing team on their recommendation of first language to learn. My own would be C, but I am retired since a while.

I forgot to ask them lol. they've gone home now for the day, Ill ask them in the new year. 

Share this post


Link to post
Share on other sites
On December 29, 2015 at 3:19 PM, DigitalUmmah said:

Salam, Ya Ali (as) Madad and Lanat upon the enemies of the AhlulBayt (as)

I am currently studying towards becoming an ethical hacker/ penetration tester and am looking for some help regarding firstly the course material and secondly the career path. 

my qualification route is as follows:

- CompTIA Security+ qualification (Passed)
- Cisco Routing and Switching (currently studying the two exam route)
- Cisco Security (not started)
- Council of Ethical Hackers (not started)

REGARDING THE COURSE MATERIAL
is there anyone with any experience with cisco routing and switching that I can ask a few questions for? I can memorise the notes like a parrot to pass the test but theres a few concepts that I do not fully understand/ cant get my hear around. also does anyone know if there is any point getting a CREST/ TIGER qualification instead of CEH, are they all the same or is CEH seen as a bit of a joke? are there any other qualifications you would suggest for me?

I have been browsing a few web forums and a few have mentioned that it is useful to know a language such as python or c++, is this something I should do?

REGARDING THE CAREER PATH
would you say it is better to become a career man at one organisation (my current employer has openings for penetration testers all the time, there is a huge turnover) or to become a freelance?

 

 

Salam,

 

I currently work as a Cyber Security Consultant, and I do Penetration testing and vulnerability analysis for my clients. As well as implementations of other security programs  

In the Cyber Security Industry, CompTIA Security is not taken seriously. Neither is CEH, but it holds a lot more weight. Your fellow peers won't take CEH seriously, but clients love that certification a lot. 

I would try to go for Offensive Security Penetration Testing. I would get acquainted with Kali Linux very well. If you haven't done the metasploitable labs, then I would suggest you try that. 

Also, the best security certification you can obtain right now is CISSP. It isn't a technical certifications. It is 8 domains (used to be 10) of Security, but it covers all facets. This is the number one certifications clients look for. Plus, if you ever want to get into management, this looks great on your resume. Because you have a decent understanding of all domains of security. 

Also, I would not suggest for you to go the solo route. Be with a major consulting firm, do not be a penetration tester in the industry. If you work for a security department in the industry, you aren't touching enough technologies, and getting as much training.  I used to be in the industry, then I switch to the consulting firm I am currently working for.

 

In consulting firms, they send you to a bunch of trainings and certification courses. I would build your resume and maybe in the future when you're much older then go for the solo route. Right now, you are way too young and green for companies to hand over their keys to you. You need a reputable company behind you in order for them to do that. 

 

Regarding the languages  C++ is always great to master or get acquainted with, but most cyber security things are written in Python or Ruby.  I would start C++ to get accustomed to programming, but mainly focus your efforts on those two languages for this field.

I can type a lot more brother, I mentor a bunch of people getting into this industry, so I would love to help you (at no charge). Shoot me a PM If you are interested. 

Edited by Nader Zaveri

Share this post


Link to post
Share on other sites
2 minutes ago, Nader Zaveri said:

Salam,

 

I currently work as a Cyber Security Consultant, and I do Penetration testing and vulnerability analysis for my clients. As well as implementations of other security programs  

In the Cyber Security Industry, CompTIA Security is not taken seriously. Neither is CEH, but it holds a lot more weight. Your fellow peers won't take CEH seriously, but clients love that certification a lot. 

I would try to go for Offensive Security Penetration Testing. I would get acquainted with Kali Linux very well. If you haven't done the metasploitable labs, then I would suggest you try that. 

Also, the best security certification you can obtain right now is CISSP. It isn't a technical certifications. It is 8 domains (used to be 10) of Security, but it covers all facets. This is the number one certifications clients look for. Plus, if you ever want to get into management, this looks great on your resume. Because you have a decent understanding of all domains of security. 

Also, I would not suggest for you to go the solo route. Be with a major consulting firm, do not be a penetration tester in the industry. If you work for a security department in the industry, you aren't touching enough technologies, and getting as much training.  I used to be in the industry, then I switch to the consulting firm I am currently working for.

 

In consulting firms, they send you to a bunch of trainings and certification courses. I would build your resume and maybe in the future when you're much older then go for the solo route. Right now, you are way too young and green for companies to hand over their keys to you. You need a reputable company behind you in order for them to do that. 

I can type a lot more brother, I mentor a bunch of people getting into this industry, so I would love to help you (at no charge). Shoot me a PM If you are interested. 

JazakAllah brother, I really appreciate your advice, I will be getting in touch. 

I bought a package through an online company for these qualifications - it works out pretty well because their online lectures are quite easy for me to study. CEH is part of the package but like you said the impression I get is that its a bit of a joke. I have PRINCE2 foundation & practitioner too so I can understand something that looks great to clients but is pretty useless in real life lol

are you familiar with cisco? at the moment I am studying Cisco routing and switching followed by cisco security so this is my main focus for the next few months InshaAllah. 

I will definitely look into CISSP and Kali Linux, thanks for the advice. This is something that I am absolutely committed to, and focused towards. 

Share this post


Link to post
Share on other sites

Salam,

Regarding the languages  C++ is always great to master or get acquainted with, but most cyber security things are written in Python or Ruby.  I would start C++ to get accustomed to programming, but mainly focus your efforts on those two languages for this field.

 

Brother, if you haven't touched Kali Linux at all, then no one will take you seriously in the industry. You need to create yourself a lab with Kali Linux, as soon as you can.  I have an excellent book called Penetration Testing with Kali Linux. That book is an excellent starter for anyone. All my clients either are using or starting to use Kali Linux for their own security department. 

 

I am good with Cisco, but not an expert. That is my brother who is the expert. He is CCNA, CCNP, CCDA, CCDP. So if it is networking you want to get into then Cisco is the route. But I'll let you know, Cybersecurity is becoming so big, major companies are creating separate Cybersecurity departments and the networking team is being swallowed into that department. 

Share this post


Link to post
Share on other sites
3 minutes ago, Nader Zaveri said:

I am good with Cisco, but not an expert. That is my brother who is the expert. He is CCNA, CCNP, CCDA, CCDP. So if it is networking you want to get into then Cisco is the route. But I'll let you know, Cybersecurity is becoming so big, major companies are creating separate Cybersecurity departments and the networking team is being swallowed into that department.

Nope, networking isnt something I am interested in, but I can see the logic behind knowing how things are set up in order to try and find their weaknesses. I dont mind learning CCNA and CCNB as a fall back in case I fail at cyber security. 

 

Share this post


Link to post
Share on other sites
6 minutes ago, Nader Zaveri said:

Brother, if you haven't touched Kali Linux at all, then no one will take you seriously in the industry. You need to create yourself a lab with Kali Linux, as soon as you can.  I have an excellent book called Penetration Testing with Kali Linux. That book is an excellent starter for anyone. All my clients either are using or starting to use Kali Linux for their own security department. 

I will definitely do this tonight InshaAllah. I have never touched linux so it looks like I will be doing a lot of google-fu

Share this post


Link to post
Share on other sites

Salam,

 

In reality, focus your efforts on only these certifications. 

 

CISSP

CEH

SANS has a nice course on Penetration Testing (that course has a special subject just on Python scripting for penetration testing) 

 

After youve done done those three, I don't see a need for anything else. If you want to be solely a penetration tester. Maybe a few networking certifications, but that's it. 

Share this post


Link to post
Share on other sites
2 minutes ago, DigitalUmmah said:

I will definitely do this tonight InshaAllah. I have never touched linux so it looks like I will be doing a lot of google-fu

I am not quite sure you understand Kali Linux. Kali Linux is just an OS, like Windows, it is GUI-based and the programs that come preloaded in Kali Linux is what makes it special. It has hundreds of programs for hacking. 

Get to know Linux OS structure, a good easy Linux to start off is Ubuntu. 

Definitely get a lab going with Kali Linux. Upload the metasploitable labs on there and get to cracking. It's really fun your first time. Shoot me a PM and we can exchange contact info. I live in the US. 

Share this post


Link to post
Share on other sites

*Slides into Nader Zaveris PMs*

sup?

Im committed to finishing my cisco qualifications as Im half way through them, realistically I will be done with them in a few months. I dont like leaving things unfinished (and I have already paid lol) so I might as well get them.

in the next few months, I guess a good idea would be to:

- get hold of a cheap laptop and learn how to load/ use kali linux and get comfortable with it (my home PC is nearly 10 years old and i used by the whole family)
- begin to learn c++ and python. I know I can learn python on codecadamy for free, do you know anywhere similar I can pick up c++?
 

I have looked at CISSP. I think I would prefer the intensive 5 day course:

http://qa.com/booking?code=CISSP

it comes to approx £3500, you have to pay the exams separate. It will be a few months before I can pay that. I would rather pay it and get qualified as life only gets busier.

Edited by DigitalUmmah

Share this post


Link to post
Share on other sites
3 hours ago, Nader Zaveri said:

Feel free to shoot me a PM at anytime. 

once again, JazakAllah. Let me focus on becoming cisco certified in the next few months, then I will turn towards what you suggested. I have been watching youtube vids of Kali installation, then realised I know nothing of Linux/ Unix so am currently learning what I can.

17 minutes ago, repenter said:

btw, as much as i like to see you squirm as a penetration tester, my advice is, go find out why there is so much turnover ;)

Hint: It's a poo job!

its an area that fascinates me, the pay is better than anything I have done before and there is scope to become incredibly rich as the world is slowly waking up to the importance of cyber security and online privacy. the high turnover is due to lots of different factors, none of which are the job being no good

Share this post


Link to post
Share on other sites
2 hours ago, DigitalUmmah said:

its an area that fascinates me, the pay is better than anything I have done before and there is scope to become incredibly rich as the world is slowly waking up to the importance of cyber security and online privacy. the high turnover is due to lots of different factors, none of which are the job being no good

Meh, I worked as a penetration tester and security developer for 4 years, the pay is good, but it's not any more than other IT jobs on the same level. Most security nowadays comes in software packages and configuration sets that you need to set up, little coding or "new" inventions involved anyways. After 3 months of doing the same tests with a set of tools you get over and over and over again you might want to shoot yourself.

 

Penetration testing is not like you see in the matrix with cool green letters running down your screen. If you really want to make a good foundation for yourself, that makes you easily adapt to any field in IT, then learn programming properly. Learn C/C++ or even Java. I also suggest you learn assembly to actually understand what the compiler does. Many people just learn programming, but don't really understand the software hardware interaction. Once you become good at that, you should look into networking and databases. 

Script languages, are ok.........to learn?.....but waste of time if you really want to just jump into it. 

Share this post


Link to post
Share on other sites

I doubt that he plans on working as a pen tester. Rather I can wager that he wants to learn it so he can hack his way into and do savage things to wahhabi websites. :D Just don't get caught bro. And on that note, practicing safety and cleaning up as you "withdraw" is a whole art necessary for avoiding the law, and something which penetration testers are probably not masters of. Sometimes you need a lot of remote boxes all penetrated and under your control and remote shells to proxy your attack. But I don't know about the 21st century doctrines on the art. There must have been improvements?

Edited by Darth Vader

Share this post


Link to post
Share on other sites
29 minutes ago, Darth Vader said:

 

I doubt that he plans on working as a pen tester. Rather I can wager that he wants to learn it so he can hack his way into and do savage things to wahhabi websites.

 

I have NO IDEA what you are talking about :shifty: 

Share this post


Link to post
Share on other sites

Join the conversation

You are posting as a guest. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...