Linux, black/white hat hacking, etc.? | Poal: Say what you want.

851

•

Looking for advice on where to start.

In my 30's and been Mac person since like 2010.

I looked up some courses to learn Linux and downloaded Ubuntu to my Virtual Box VM.

Looking at free beginner and intro level cybersecurity programs to familiarize myself with the foundational stuff.

Downloaded Tor and have Express VPN on my phone (yes, an iPhone) and have yet to really explore Tor until I am better acclimated with the risks.

My questions are mostly around how to best and most efficiently get up to speed on what I would need to best secure my own systems as well as learn blackhat and whitehat "hacking" techniques -- both for my own defense and also for a possible career change.

Any advice from people with experience would be greatly appreciated:

Course recommended and to avoid Tools recommend and to avoid Any other tips and tricks I should know starting out.

Looking for advice on where to start. In my 30's and been Mac person since like 2010. I looked up some courses to learn Linux and downloaded Ubuntu to my Virtual Box VM. Looking at free beginner and intro level cybersecurity programs to familiarize myself with the foundational stuff. Downloaded Tor and have Express VPN on my phone (yes, an iPhone) and have yet to really explore Tor until I am better acclimated with the risks. My questions are mostly around how to best and most efficiently get up to speed on what I would need to best secure my own systems as well as learn blackhat and whitehat "hacking" techniques -- both for my own defense and also for a possible career change. Any advice from people with experience would be greatly appreciated: Course recommended and to avoid Tools recommend and to avoid Any other tips and tricks I should know starting out.

[–] • 2 pts

I'm in the software field, not cyber security specifically, but I will share what little I know.

The "golden grail" certification for the cyber security field is the CISSP. To get certified, you need to get access to a server and write a report on what you did to do so, in 24 hours. I would look for resources on getting certified, I'd imagine it would cover great security concepts. From what I read the Security+ is another good certification, but the Certified Ethical Hacker cert isn't worth much. I don't have much advice on "techniques / courses" but I think looking into how to get certified should naturally bring you to the what you seek.

If you have Express VPN on your phone you should be able to use it on your computer as well. Then you could get on Tor from there, but I've used Tor from my home IP and haven't had issues.

Re: secured systems, look into QubesOS . It's a Linux OS aimed at privacy.

On other resources, there are two Linux distributions mainly used for penetration testing (another word for hacking), Kali Linux and Parrot OS. They come prebuilt with different hacking tools, making it easy to get you up and running. Most folks use them from a live USB, but you can also install on a virtual machine to take advantage of checkpoints. They aren't recommended for doing daily task, so I would keep that Ubuntu VM and install another focused on either Kali or Parrot OS. I couldn't tell you which one is more recommended now-a-days, I know Kali has been around longer but I would imagine they both use the same hacking tools when it's all said and done.

There are sites that let you practice your skills, hackthebox.com being the most popular. IppSec on Youtube(https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) records himself hacking some retired boxes on the platform which should be helpful.

I hope someone in the field can give their input, I do development but know a little about cyber security from an intro course in college a few years back. Best of luck.

I'm in the software field, not cyber security specifically, but I will share what little I know. The "golden grail" certification for the cyber security field is the CISSP. To get certified, you need to get access to a server and write a report on what you did to do so, in 24 hours. I would look for resources on getting certified, I'd imagine it would cover great security concepts. From what I read the Security+ is another good certification, but the Certified Ethical Hacker cert isn't worth much. I don't have much advice on "techniques / courses" but I think looking into how to get certified should naturally bring you to the what you seek. If you have Express VPN on your phone you should be able to use it on your computer as well. Then you could get on Tor from there, but I've used Tor from my home IP and haven't had issues. Re: secured systems, look into QubesOS . It's a Linux OS aimed at privacy. On other resources, there are two Linux distributions mainly used for penetration testing (another word for hacking), Kali Linux and Parrot OS. They come prebuilt with different hacking tools, making it easy to get you up and running. Most folks use them from a live USB, but you can also install on a virtual machine to take advantage of checkpoints. They aren't recommended for doing daily task, so I would keep that Ubuntu VM and install another focused on either Kali or Parrot OS. I couldn't tell you which one is more recommended now-a-days, I know Kali has been around longer but I would imagine they both use the same hacking tools when it's all said and done. There are sites that let you practice your skills, hackthebox.com being the most popular. IppSec on Youtube(https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA) records himself hacking some retired boxes on the platform which should be helpful. I hope someone in the field can give their input, I do development but know a little about cyber security from an intro course in college a few years back. Best of luck.

link

[–] • 2 pts

(edited )

If you have Express VPN on your phone you should be able to use it on your computer as well.

lol You might wanna update your script, ExpressVPN is now owned by Kape (who also owns PIA), an Israeli firm known as Crossrider and for its shady past (used to silently install malware/spyware/adware in user's devices):

Kape Technologies, a relatively unknown name, has announced plans to acquire Private Internet Access, one of the most well-known names in the VPN industry. Kape Technologies was formerly called Crossrider, and the name “Crossrider” is often associated with malware and adware, as we’ll examine more below.

https://restoreprivacy.com/private-internet-access-kape-crossrider/

parent
link

[–] • 3 pts

PIA

They had some shady dealings with Voat if I remember right.

parent
link

[–] • 2 pts

Well voat was sold to PIA (the secret angel).

parent
link

Load more (1 reply)

[–] • 0 pt

The "golden grail" certification for the cyber security field is the CISSP. To get certified, you need to get access to a server and write a report on what you did to do so, in 24 hours.

I think you mean the OSCP. The CISSP is all multiple choice questions afaik.

parent
link

[–] • 0 pt

Thank you, yes I meant the OSCP.

parent
link

[–] • 1 pt

Intro level? Finding study material for the Network+ and Security+ certificates from Comptia are a decent place to start.

Want to learn Linux? You learn it by "doing" it. Find something that you don't like, start with your favourite search and and figure out how to fix it. Rinse and repeat x 1000.

link

[–] • 0 pt

Want to learn Linux? You learn it by "doing" it. Find something that you don't like, start with your favourite search and and figure out how to fix it. Rinse and repeat x 1000.

Exactly how I learned. Years of dos command line helped.

parent
link

[+] [deleted] • 0 pt

[–] [deleted] • 0 pt

Careful with TOR. Some exit nodes are honeypots.

link

[–] [deleted] • 1 pt

Assume that the majority of Tor nodes are run by the feds.

parent
link

[–] • 0 pt

I'm learning by running a Raspberry Pi as a local web and file server. It hosts a bookmark page using PHP and SQL, AdguardHome DNS filtering, and a Python / Flask server. Getting all this running made me learn a lot of the Linux command line stuff. It's not allowed on the internet outside my LAN, but I have done that before to collect attempted attacks using UFW and Apache configs. I add them to Fail2ban's ban list, then set up IP blocking for non-US non-EU IP addresses. Most attacks come from Africa, asia, and Russia.

link

[–] • 0 pt

(edited )

Try Kali Linux aka backtrack and just self-teach/YouTube tut each program that comes prepackaged

link

[–] • 0 pt

Cool thank you. Any advice on machines?

I can’t afford a new set up so I’m using my MacBook Pro 2016 with only 8gb ram and a virtual machine. It’s so slow when I use the VM.

parent
link

[–] • 0 pt

Not really, it's a pretty lightweight operating system. I never did virtualization for mine. Not sure I even had a computer that could handle it. I partition my hard drive into 2 different operating systems. One for windows and one for Linux.

parent
link

[–] • 0 pt

It depends on what your goals are tbh. Are you just trying to secure your systems or do you actually want to change careers?

link

[–] • 0 pt

Not really change careers per se. Although it may grow into that.

Right now it’s about securing my own systems, learning how malicious hackers operate, and things like that.

parent
link

[–] • 0 pt

You don’t really need to learn how to hack to be a safe computer user, you just need to learn a few rules of thumb and just use common sense.

Because I am assuming you are just using a desktop, and not running servers and other devices?

parent
link

[–] • 0 pt

Ya just using a laptop actually. No other devices yet.

The hacking thing is more of a skill I’d just like to Keene

parent
link

Load more (1 reply)

(post is archived)