I am looking for suggested reading and projects to familiarize myself with using the tools in BT4.
Some quick background...
I'm brand new to BackTrack and these forums. I just graduate college, studied Computer Engineering (so I am well versed in everything from software down to machine code and processor design). I am now employed by a company that has me on a network / cyber security team, and I am training up to utilize my technical skills in conjunction with security.
So, I have only a bit of experience (yeah im a noob) with network security/hacking tools out there (ive used sniffers, scanners). And I am eager to learn a lot more. I have strong knowledge of networking hardware and protocols, and I hope to take that a step further into practical skills.
I am less interested in breaking Wifi (although fun, ive already done a bunch of that kind of stuff), and more interested in learning how to case a network environment from a remote location, in prep for pen testing. I know a lot of theory behind this but I am in search of a practical project / reading that can help me familiarize with BT4.
Thanks in advance for the advice, and I look forward to getting more involved with BT (maybe even using my coding skills to contribute someday.)
*another note: I am decent with linux, im no guru but its not at all foreign to me. if that influences suggestions at all.
thanks pureh@ate. Seems I should really be looking to professionally taught courses from the get go. As a tack on question:
what are the most respected certs in this field? I am currently pursuing CISSP, what is next best step (maybe CEH?)
So to break it down simply: If you wanna look good on paper get stuff like a cissp, if you really wanna learn how to produce code, work with buffer overflow, scan and exploit remote box's and other hands on practical tasks then offsec is the way to go. Plus the offsec classes can give you those little points (forgot what they are called), that you need for cissp renewal. I'm sure people with a cissp may have differing opinions so just to be clear this is only my opinion.
amael. I'm actually doing this training / research and learning on my own time separate from my job. I'll only be using my own computer to do anything that could be considered unsanctioned. This is one reason I am searching for outside guidance, I currently don't have a funds to take an offsec course (although a year or so down the road I might).
I am really trying to prepare myself for a future project that I am building towards. My current job doesn't entail a full fledged security position, that is what I get to look forward to a little bit down the line. I just want to be the best possible when I get there.
Metasploit Unleashed - Mastering the Framework
As mentioned above, Heorot courses are also excellent.
edit: Also worth mentioning this course was designed for a charitable cause, if you try it out please donate.
GIAC Certifications in High Demand
Slightly longer answer:
It depends in which area of computer security you want to specialise in (incident handling, intrusion analysis, computer forensics, penetration testing, etc), and it also depends on your market (where you want to work). A good way to get an idea about this is to check job ads in your chosen area and see what they ask for.
For pen testing the best known certifications are the CEH and GPEN, although there are others, including some based on OSSTMM and the OSCP from Offensive Security. My opinion on the CEH is that it just teaches you to memorise lists of tools. GPEN is better, it teaches process and tools, and there is less memorisation by rote, although the test can be overly focused on the SANS courseware. I have a very high opinion of the OSCP - of all the certifications I have done it provided the best verification of technical ability. The certification is not that well known however and by design it doesn't cover all aspects of a penetration test. If you do the GPEN and OSCP I think this gives pretty good coverage for general penetration testing, but you might need to look at something else such as GWAPT to get good coverage of Web App testing and OSWP or GAWN to get coverage of Wireless testing.
As you can probably tell from the link above though, the SANs stuff is pretty well regarded. My experience with them has been positive as well.
There's a discussion thread on the forums here somewhere about the CISSP that you may want to read, and Ive made comments there. My own opinion on the CISSP is that its not overly useful if you're interested in technical work, its better for documentation work (risk assessments, security documentation preparation, etc). I think the description of the CISSP as being an inch deep and a mile wide sums it up.
Given your stated interest in the information gathering stage of pen testing, Id recommend you look into the PWB Offsec course and the OSCP certification. If you cant afford it (the online version is pretty cheap by the way), then read up on DNS enumeration (reverse, forward brute force, zone transfer), whois enumeration, NetBIOS/SMB enumeration, SNMP enumeration, search engine and web information gathering, host/port scanning, operating system and service identification, etc.
Check out penetration testing frameworks such as ISSAF, OSSTMM and the "Penetration Testing Framework" to get some hints. The Hacking Exposed book also has a pretty good overview.
Yes, that really bothers me when I see newbie posters asking for help about "Pen Testing" their own PC using Metasploit....
I would suggest reading thse before you even consider touching another persons computers:
C++ The Language (by the creator, Bjourne)
TCP/IP Illustrated Volumes 1 through 3
Hacking the art of exploitation
No Tech Hacking (Johnny long)
Hardware hacking: have fun while voidng your warrantee
Understanding the linux kernel (and the windows counterpart)
The Art of Assembly
The entire "Stealing the network" series (this is more for methodologies)
This may seem like alot but if you fish it all you will be quie well versed in everything you need to get at least a few basic certs (probaby more advanced as I swiped a copy of the CEH exam and it was actually uite easy, and this was right after finishing about half of those )
Oh and take lots of breaks, I actually play games, I find if Im absorbing knowledge for hours on end, I usually dont retain it.
Skip anything you feel you are knowledged enough in, but do so at your discretion.
I feel it is better to be a jack of all trades and a master of it all as well
Besides in the context of the thread it was hilarious.
@OP There is a lot of good information here, as may have been stated on the forums. The biggest thing is deciphering what is useful and what is not. Not to mention there is a good thread with maybe a billion links to books and other resources on the web, to further you along.