Showing posts with label learn. Show all posts
Showing posts with label learn. Show all posts
Friday, October 13, 2017
Become A Hacker Top Books To Learn Ethical Hacking
Become A Hacker Top Books To Learn Ethical Hacking
Hacking is considered to be a two-way tool the place in a computer system is penetrated both to make it extra secure or to create a mischief. Ethical hacking is defined as making use of programming abilities, in order to penetrate a computer system and decide its vulnerabilities. The ethical hacker is skilled specialists, usually referred to as the “white hats”. As towards non-ethical hacker or “black hats” that penetrate into a computer system and exploit it for their very own private gain or mischief, the “white hats” consider and point out the vulnerabilities of system software, and recommend system changes to make it less penetrate.
The word hacking can sound a bit frighting and trigger some negative responses from people around you. A common misunderstanding is that all hackers are criminals. They use their skills to break in to your computer and steal valuable information. Of course there are people that use their skills for criminal actions but far from all of them.
A lot of hackers work as security-consultants or penetration-testers. They are hired by companies and organizations that wants to investigate what vulnerabilities they have in their systems. That way they can be ahead of the criminals.
You can also work with bug-bounties. Companies and organizations can sign up to organized bug-bounty programs. They allow hackers to try and break their systems such as their website. If the hacker finds a vulnerability he or she then reports back to the company. If you find something you get a reward, usually in the form of money.
BEST HACKING BOOKS
Their are two types of hacking books. If you are new to programming and computer science you should read at least one of each.The first type gives you a good understanding of how stuff works. If you want to learn how to hack web applications for example you need to have a good understanding of how the web works. You also want to know what the common vulnerabilities are for different systems and how you prevent attacks today.
The second type is for hands on practice. You can read and follow the examples.
BEST HACKING BOOKS FOR GENERAL UNDERSTANDING
I always encourage people to develop a general understanding of the subject that they want to learn. That way you have a good base to build on. In the long run this will save time. In hacking that means reading about security. I have picked out my two favorite books about security for you to look at. Both of them will do just fine.
- Computer and Information Security Handbook Second Edition
- The InfoSec Handbook: An Introduction to Information Security
Number 1 is my choice. If you have the patience to read through a thousand pages of highly technical content this book will make it well worth your time. You will get a great overview of all computer related security and an understanding of why certain parts of the technology is more vulnerable than others.
If you want something on a more basic level I would go with number 2. You will find it easier to read. Be aware that hacking and security are complex topics. You wont come far with just basic knowledge. So be prepared to spend hours on learning.
BEST HACKING BOOKS FOR HANDS ON PRACTICE
The best way to learn is by doing. You will find this to be true whatever the subject might be. When it comes to hacking you might be a bit scared to start out. Luckily for us there are good resources that help you get started in a legal way. The best hacking books to help you with this that I have read is the following:
- The Hacker Playbook 2: Practical Guide To Penetration Testing
- Black Hat Python: Python Programming for Hackers and Pentesters
- Metasploit: The Penetration Testers Guide
The one that offer the most practical practice is as you might have guessed the first one. It is also a little bit easier to read if you dont have any prior experience. In any case all of these books are some of the best in the area. If you want more hands on practice you should turn to the internet. There are sites that offer catch the flag exercises which is a great way to develop your skills.
BEST HACKING BOOKS FOR DIFFERENT TARGETS
If you have some technology that you are interested in you might want to find a book related to that. It can be anything from mobile applications to IoT systems. Everything technological have some security issue. You might find it easier to learn security if it relates to a technology that you know.A great book-series for new hackers with an interest in web technologies is the Hackers Handbook series. It consists of a number of books, all of them with a certain attacking-target. The most popular books in the series are:
- The Web Application Hackers Handbook
- The Browser Hackers Handbook
- The Mobile Application Hackers Handbook
- iOS Hackers Handbook
- Android Hackers Handbook
Since these technologies are similar to each other reading one of these books will help you with the next one. So you can pick which ever you find the most interesting and then continue from there. They are all well written and contains good examples and explanations. My personal favorite is number one. Mostly because it contains the most information. It is a bit more general than the others.
CONCLUSION
You dont need to be a professional programmer to be a hacker, but it will help you. Hacking is a complex topic. You have to spend time on learning. What makes it even more difficult is that security always changes. If you learn a way to attack a web application today that might not work tomorrow. To be a great hacker you need to keep your skills updated at all times.Learning about security is very important for developers as well. You need to create secure applications. The best way to learn security is to take the attackers perspective. Having knowledge in hacking will make you a better developer.
What ever your reason for learning hacking might be I hope you will use it for good.
Source: http://www.bestprogrammingresources.com/
Also Read:
- What You Should Do To Become A Hacker!
- Penetration Testing: Basic Guide For Beginners
- Python For Hackers And Learn It From Top 5 Web Resources
Available link for download
Sunday, May 7, 2017
Become A Hacker Learn the Basics of Networking
Become A Hacker Learn the Basics of Networking
After published a post How To Become A Hacker - Guide For Beginners, there have been some questions regarding networking skills, It is very important topic to become a hacker, so this article will explain the basic networking a Ethical hacker or Penetration tester must learn.
Here is a list of basics:- DHCP
- NAT
- Subnetting
- IPv4
- IPv6
- Public vs Private IP
- DNS
- Routers and switches
- VLANs
- OSI model
- MAC addressing
- ARP
1. DHCP
DHCP is at the heart of assigning you (and everyone) their IP address. The key word in DHCP is protocol—the guiding rules and process for Internet connections for everyone, everywhere. DHCP is consistent, accurate and works the same for every computer. Remember that without an IP address, you would not be able to receive the information you requested. As youve learned (by reading IP: 101), your IP address tells the Internet to send the information that you requested (Web page, email, data, etc.) right to the computer that requested it.
- Protocols
There are more than one billion computers in the world, and each individual computer needs its own IP address whenever its online. The TCP/IP protocols (our computers built-in, internal networking software) include a DHCP protocol. It automatically assigns and keeps tabs of IP addresses and any "subnetworks" that require them. Nearly all IP addresses are dynamic, as opposed to "static" IP addresses that never change.
DHCP is a part of the "application layer," which is just one of the several TCP/IP protocols. All of the processing and figuring out of what to send to whom happens virtually instantly.
- Clients and servers
The networking world classifies computers into two distinctive categories: 1) individual computers, called "hosts," and 2) computers that help process and send data (called "servers"). A DHCP server is one computer on the network that has a number of IP address at its disposal to assign to the computers/hosts on that network. If you use a cable company for Internet access, making them your Internet Service Provider, they likely are your DHCP server.
- Permission slips
Think of getting an IP address as similar to obtaining a special permission slip from the DHCP server to use the Internet. In this scenario, you are the DHCP client—whenever you want to go on the Internet, your computer automatically requests an IP address from the networks DHCP server. If theres one available, the DHCP server sends a response containing an IP address to your computer.
- How DHCP works
The key word in DHCP is "dynamic." Because instead of having just one fixed and specific IP address, most computers will be assigned one that is available from a subnet or "pool" that is assigned to the network. The Internet isnt one big computer in one big location. Its an interconnected network of networks, all created to make one-on-one connections between any two clients that want to exchange information.
One of the features of DHCP is that it provides IP addresses that "expire." When DHCP assigns an IP address, it actually leases that connection identifier to the users computer for a specific amount of time. The default lease is five days.
Here is how the DHCP process works when you go online:
- Your go on your computer to connect to the Internet.
- The network requests an IP address (this is actually referred to as a DHCP discover message).
- On behalf of your computers request, the DHCP server allocates (leases) to your computer an IP address. This is referred to as the DHCP offer message.
- Your computer (remember—youre the DHCP client) takes the first IP address offer that comes along. It then responds with a DHCP request message that verifies the IP address thats been offered and accepted.
- DHCP then updates the appropriate network servers with the IP address and other configuration information for your computer.
- Your computer (or whatever network device youre using) accepts the IP address for the lease term.
Typically, a DHCP server renews your lease automatically, without you (or even a network administrator) having to do anything. However, if that IP addresss lease expires, youll be assigned a new IP address using the same DHCP protocols.
Heres the best part: You wouldnt even be aware of it, unless you happened to check your IP address. Your Internet usage would continue as before. DHCP takes place rather instantly, and entirely behind the scenes. We, as everyday, ordinary computer users, never have to think twice about it. We just get to enjoy this amazing and instantaneous technology that brings the Internet to our fingertips when we open our browsers. I guess you could say DHCP stands for "darn handy computer process"...or something like that.
2. NAT
Stands for "Network Address Translation." NAT translates the IP addresses of computers in a local network to a single IP address. This address is often used by the router that connects the computers to the Internet. The router can be connected to a DSL modem, cable modem, T1 line, or even a dial-up modem. When other computers on the Internet attempt to access computers within the local network, they only see the IP address of the router. This adds an extra level of security, since the router can be configured as a firewall, only allowing authorized systems to access the computers within the network.
Once a system from outside the network has been allowed to access a computer within the network, the IP address is then translated from the routers address to the computers unique address. The address is found in a "NAT table" that defines the internal IP addresses of computers on the network. The NAT table also defines the global address seen by computers outside the network. Even though each computer within the local network has a specific IP address, external systems can only see one IP address when connecting to any of the computers within the network.
To simplify, network address translation makes computers outside the local area network (LAN) see only one IP address, while computers within the network can see each systems unique address. While this aids in network security, it also limits the number of IP addresses needed by companies and organizations. Using NAT, even large companies with thousands of computers can use a single IP address for connecting to the Internet. Now thats efficient.
NAT has many forms and can work in several ways:
- Static NAT - Mapping an unregistered IP address to a registered IP address on a one-to-one basis. Particularly useful when a device needs to be accessible from outside the network.
- Dynamic NAT - Maps an unregistered IP address to a registered IP address from a group of registered IP addresses.
- Overloading - A form of dynamic NAT that maps multiple unregistered IP addresses to a single registered IP address by using different ports. This is known also as PAT (Port Address Translation), single address NAT or port-level multiplexed NAT.
- Overlapping - When the IP addresses used on your internal network are registered IP addresses in use on another network, the router must maintain a lookup table of these addresses so that it can intercept them and replace them with registered unique IP addresses. It is important to note that the NAT router must translate the "internal" addresses to registered unique addresses as well as translate the "external" registered addresses to addresses that are unique to the private network.
- This can be done either through static NAT or by using DNS and The internal network is usually aLAN (Local Area Network), commonly referred to as the stub domain. A stub domain is a LAN that uses IP addresses internally. Most of the network traffic in a stub domain is local, so it doesnt travel outside the internal network. A stub domain can include both registered and unregistered IP addresses. Of course, any computers that use unregistered IP addresses must use Network Address Translation to communicate with the rest of the world.
3. Subnetting
A subnet is a logical grouping of connected network devices. Nodes on a subnet tend to be located in close physical proximity to each other on a LAN.
Network designers employ subnets as a way to partition networks into logical segments for greater ease of administration. When subnets are properly implemented, both the performance and security of networks can be improved.
In Internet Protocol (IP) networking, devices on a subnet share contiguous ranges of IP address numbers.
A mask (known as the subnet mask or network mask) defines the boundaries of an IP subnet. The correspondence between subnet masks and IP address ranges follows defined mathematical formulas. IT professionals use subnet calculators to map between masks and addresses.
4. IPv4
The Internet Protocol version 4 was designed to be allocated to approx. imately 4.3 billion addresses. At the beginning of Internet this was considered a much wider address space for which there was nothing to worry about.
The sudden growth in internet users and its wide spread use has exponentially increased the number of devices which needs real and unique IP to be able to communicate. Gradually, an IPS is required by almost every digital equipment which were made to ease human life, such as Mobile Phones, Cars and other electronic devices. The number of devices (other than computers/routers) expanded the demand for extra IP addresses, which were not considered earlier.
Allocation of IPv4 is globally managed by Internet Assigned Numbers Authority (IANA) under coordination with the Internet Corporation for Assigned Names and Numbers (ICANN). IANA works closely with Regional Internet Registries, which in turns are responsible for efficiently distributing IP addresses in their territories. There are five such RIRS. According to IANA reports, all the IPv4 address blocks have been allocated. To cope up with the situation, the following practices were being done:
- Private IPs: Few blocks of IPs were declared for private use within a LAN so that the requirement for public IP addresses can be reduced.
- NAT: Network address translation is a mechanism by which multiple PCs/hosts with private IP addresses are enabled to access using one or few public IP addresses.
- Unused Public IPs were reclaimed by RIRs.
5. IPv6
IETF (Internet Engineering Task Force) has redesigned IP addresses to mitigate the drawbacks of IPv4. The new IP address is version 6 which is 128-bit address, by which every single inch of the earth can be given millions of IP addresses.
Today majority of devices running on Internet are using IPv4 and it is not possible to shift them to IPv6 in the coming days. There are mechanisms provided by IPv6, by which IPv4 and IPv6 can co-exist unless the Internet entirely shifts to IPv6:
- Dual IP Stack
- Tunneling (6to4 and 4to6)
- NAT Protocol Translation
6. Public Vs Private IP
Available link for download
Read more »
Subscribe to:
Posts (Atom)