[a / b / c / d / e / f / g / gif / h / hr / k / m / o / p / r / s / t / u / v / vg / vr / w / wg] [i / ic] [r9k / s4s / vip / qa] [cm / hm / lgbt / y] [3 / aco / adv / an / asp / bant / biz / cgl / ck / co / diy / fa / fit / gd / hc / his / int / jp / lit / mlp / mu / n / news / out / po / pol / qst / sci / soc / sp / tg / toy / trv / tv / vp / wsg / wsr / x] [Settings] [Search] [Home]
Board
Settings Home
/g/ - Technology



Thread archived.
You cannot reply anymore.




File: !!.jpg (124 KB, 689x795)
124 KB
124 KB JPG
how long would it take to become a decent haxxor?
>>
>>68017316
6 years of hard work. 20 years if you don't work hard
>>
>>68017316
Companies train high-IQ dropouts to become "ethical hackers" in a matter of weeks.
>>
>>68017316
>>68017387
If you just want to be one of those "ethical hackers" who only know how to use cain.exe, sure that'll take u a month or so.

if you don't want to be a script kiddy, then it'll take u a little longer.
>>
>>68017316
Three years...maybe.
Probably less if you already have a basic understanding of routers.
>>
>>68017316
over 10000 hours
>>
>>68017316
I want to learn too, I guess I'm gonna start reading networking on the /gentoomen/ library. Use vm to test shit and eventually be up to date with shit, i mean it doesn't sound complicated is just that it's a lot of work and to learn by heart how stuff is written to work. Then if you are not a retard, intuition will tell you how to make your way between the cracks? SQL, network protocols, ftp, dns, programming languages used for those protocols, pajeetscript, what else? I mean I don't want to be anything crazy I just want to be some ethical hacker, work as a consultant of security or something, also I'm curious if I could set up people to give information away with just tech
>>
so wait this thing was a scam and not real?

was the idea so that amazon could stock expensive items that would have a risk of theft? like designer shit/handbags/watches etc?
>>
>>68017316
Hacking is such a broad topic these days that you can't hack everything you have to really narrow down your expertise to hacking specific things, there is some cross domain knowledge but many fields are so complex now that if you want to find and contribute original exploits no one else has found before you need to be deep into 1 subject.

My rule of thumb is that if you want to say become a web app hacker, you'd first need to actually understand how to develop web apps to a professional level, so that's maybe 5 years on the job day to day. And then a couple of years researching, tinkering to take that skill and start finding unique exploits, so maybe 7 years until you're proficient at 1 specfic subset of hacking.
>>
1337 days
>>
File: 1538195881006.png (24 KB, 558x614)
24 KB
24 KB PNG
>>68017423
>t. brainlet nigger
industry standard is almost all script kiddie shit
>>
>>68017764
>5 years
hardly
Do CTF's, challenges, vulnerable VM's, write code, re-write exploits, re-fuzz vulnerabilities.
OSCP/OSCE + red team (I focus in exploit dev) here AMA
>inb4 $$$
didn't pay for it
>>
>>68017804
>leet hacker larp
stfu kid, you know you have to be 18 to post here right?
>>
>>68017556
>literally locking your employees in cages so they won't steal your clients luxury goods
I'm beginning to think that maybe the communists were right. Too bad modern american communists always lump it in with racial/women/gay shit
>>
>>68017782
It is, and it's so sad.
>>68017804
I take back what I said, I've been doing this for 7 years and I'm still not as good as some of the guys on my team.
There's just so much to learn.
I know almost nothing about hardware and signals 802.x
>>
File: boris.jpg (15 KB, 250x250)
15 KB
15 KB JPG
>>68017316
>connect to your neighbor's open router
>update it's firmware
>password protect it
You are a hacker in the eyes of all normans.
>>
File: kys.jpg (43 KB, 612x574)
43 KB
43 KB JPG
>>68017811
I mean, suck my dick, anon
>>
>>68017804
how did you not have to pay for it?
>>
>>68017836
implying normans know anything past "my wifi isn't working"
>>
>>68017860
are you employed in infosec?
>>
>>68017363
I can't handle reality, sugarcoat it so I'm more likely to do it
>>
>>68017860
>someone fell for that scam
LMAO
>>
>>68017894
I paid for OSCP, work paid for OSCE.
The OSCE is not worth it by much.
"Here's how you bypass DEP, oh look an egghunter, this is winxp exploit dev"
My advice, recreate everything on corelan's blogs and do the damn vulnerable windows driver.

>>68017906
Yep, I absolutely love my job. Watch for a tplink RCE exploit next month.

>>68017921
Hey man, at least I didn't have to get a CEH like those poor dumb DoD bastards.
It was free so I did it.
>>
>>68017939
how's the $$$?
>>
>>68017860
>Displaying a card to validate their credentials.
>>
>>68017944
I mean, he was implying I didn't have it so...
>>68017943
Money is good. First job out of university and I make ~$115k with bonus. I could make more elsewhere, but I've been here for so long I can basically pick what I work on and it's remote so it's /comfy/
>>
>>68017895
implying that's not the point. Basic knowledge makes you magic people voodoo people.
>>
>>68017960
To add on to that, it was a big shock hearing all of the ME/EE's talk about staying at a place for years and then seeing a lot of people in the industry rotate jobs every two years.
>>
>>68017960
nice. maybe I shouldn't have given up on wanting to be an 31337 haxorer.
>>
>>68017977
true

>>68017984
There is a lot of cancer in this industry. Beware. I agree with everyone who says showing off certs is gay as fuck, but breaking into the industry they can be very helpful.
Defcon is cancer.
>>
Ok here we go again...

1. You need to know at least c/c++ both of them.
2. Learn ASM like it's your best firend.
3. Start watching videos from defcons also find some good articles about security and how it's done.
4. You need solid base that you will start building on.
5. Linux,linux annnnnd linux start nerding linux and master terminal or you are done.
6. Read books and learn how internet is working if u don't know how it's done and how it works and be good at understanding current protocols can be hard shit to done.
7. You can start with Capture the flag competition's and try to start there.

Basically this is just start be solid hacker doesn't mean be like the guys in movies "Here i am connecting to some shits and unlocking them within two minutes" this only works if the thing that you are hacking is just complete shit from security side.

Usually it takes months/years to done something solid, preparations being able to get your material for study then learn how to be untraceable... there are plenty and plenty things to do. You wanna start with that ? Start now and maybe in 10-15 years you will be able to achieve something smaller if you are normal guy with IQ little bit above 100.
>>
It'll depend on how much you already know about the basics (Operating systems/networking). Hacking people is probably the easiest. What is it exactly that you want to do?
>>
>>68017960
im an IT noob with just a network+, security+ cert and CCNA. id like to go the pentesting route and try for CySA, am i on the right track? what do i do to work my way up to OSCE? how long would it take a person like me to acquire that title?
from your previous posts ive noticed CTFs and writing code but can you elaborate on that advice and perhaps provide links/resources that personally helped you
>>
>>68017939
>It was free
I guess that's not as bad.
>>
>>68017804
Almost everything you list there is basically using tools other people have written, which is script kiddy level stuff.

Re-writing exploits is not actually contributing anything new to the community. I'm talking about if you want to do original security work and contribute new exploits and new code then you'll need to be professional in those fields before you have a hope of discovering something new.

At the core of how hackers do what they do is having an extremely deep understanding of technology and/or specific products, typically you need a deeper understanding of the things than the people who build and use them.

>>68017860
The hacker community in general disaproves of credentials, you don't need credentials to be a hacker, if you hang out and speak to people at events like Defcon and Blackhat, mentioning credentials, especially in talks given on new hacks, it's a de-merit, it's seriously frowned upon. Mostly because all it tells people is that you've learned what other people have already done.
>>
>>68017860
the big oof
>>
Is there a book that covers the OCSE?

Also does the 48 hour exam take place in one sitting?
>>
>>68018002
Some of the best dudes I know (wymyn heckers lel) don't even work in infosec. They're software engineers and $ysadmins. The "ethical hacker" job is a meme. No one gives a fuck about your work history really. It's super easy to go from a very low level programming job to RE or Malware Analysis.
Also if you have guy fawkes anything kill yourself immediately.

>>68018082
yeah that's what I'm saying though, you need to be able to write your own tools.
you need to be able to execute if a tool you're using isn't working. you need to be able to write your own or fix the broken tool.
Relatively speaking though, like I'm not starting from scratch every time, that's retarded.
I'm not going to sit there and re-write tools day 0.
If you can't continue an attack chain because the tool isn't working, find a different job.
I've never met anyone I've respected or learned from that only talked about their certs.
The only reason I brought them up in the first place is because you can't ignore that the OSCP will get you at least in the door of somewhere if you're breaking into the workforce.
It is not the end all be all.
I've met some fucking retards with their OSCP I wouldn't trust to lock a fucking cabinet.
>>
>>68018154
>is there a book
look more for shit online like exploit-exercises
books are cool and all but if you can't do it, you can't do it. Spend more time actually fucking with things.
>one sitting
Yes. Don't take it. It's outdated and I regret the time I lost during the exam.
>>
>>68018064
What the fuck are you doing? You have the certs just get the experience. Start a youtube channel, a local group a github repo and a blog. Document your projects, have your local newsstations and newspapers write about you and then go apply for whatever job you want. Obviously your projects are just marketing fodder how big your security cock is, and why your future employer should suck on it.
>>
>>68018201
If I was an employer who knew nothing about this looking at https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/ it seems to lack an in depth list of whats covered. Is there an in depth syllabus somewhere? By comparison the LPIC site goes into good amount of detail of whats covered.
>>
>>68018088
the exam:
>heap spray on win2k3
>no dep/nx
>no *nix exploit development

>>68018064
exploit-exercises
cryptopals by nccgroup
rop emporium
crackmes
damn vulnerable windows driver
anything DFIR or forensics related

some of the evasive stuff you just really need to have experience working with to do well, and that takes exposure over time or just massive amounts of tinkering on your own but you'll learn it on the job faster.
anti-attribution is key when you're working against an active blue team, not a dude that's just got splunk open on their second monitor.

I think a lot of people underestimate how low the barrier of entry really is. So many faggots run nessus and responder and call themselves hackers.

>>68018312
That's because it is lacking very much so. Everything I've learned has been on the job or tinkering or CTFs.
>>
>>68018082
>re-writing exploits is not actually contributing anything new to the community.
>muh community when you don't know what it means to exploit a vuln

You are a dumbass. Making a newbie retrace the steps of giants before him will make him learn AND be valuable contribution to community. Think about how much newbie potential there is to adding old exploits to metasploit.
>>
>>68018312
Oh, misunderstood your question. As far as I know and remember, no there's no syllabus.

>>68018369
Exactly. Getting into the rhythm of dealing with bugs, fuzzing, and writing something more robust than a static bind shell payload is definitely going to come in handy. Especially when dealing with memory constraints. It's a great puzzle and challenge when you have memory constraints.
So further on down the line, you can more easily spot functions, patterns, and behavior you can exploit.
It would suck to find something cool and then spend 1000000000 years finishing it because you've never exploited X before.
>>
>>68018433
Seriously how much time does it take for someone who is on a skiddy level (that watched lots of defcon and technical papers like KRACK and rowhammering but doesn't have enough coding experience)

How much did it take for you and where did you start from?
>>
>>68018482
Nonstop tinkering.
Seriously.
I hardly have a life outside of this and I don't mind.
To get familiar and comfortable, it didn't take long. It was stressful because I felt like a retard when I struggled, but half the battle is getting over that mindset.
Now I think I'm a retard because I am socially inept.
>>
>>68018524
Make a cryptomining botnet already and leave the bizz
>>
>>68018551
Honestly, I've thought about it.
The stress is just way too high all the time, I want to go into research.
I'm just tired, burnt out, and light weight depressed, anon.
It's a rush but holy fuck. Last week I put in 70 hours and stayed up two nights. Just give me my CISSP and a beer so I can sit in a room and pretend to work for $200k a year.
>>
>>68017770
underrated
>>
Im a sys/network admin college graduate with only network protocols and linux basics, probably even below that. If I want to pursue career in IT what should I try to specialize in? Pentesting sounds fun, but it requires so fucking much experience. Currently Im thinking about learning how to code (python), linux, networking. What should I pick first?
>>
File: 1533978593143.jpg (1.33 MB, 1080x1920)
1.33 MB
1.33 MB JPG
>>68018031
Not him, but assume I'm decently knowledgeable in a few languages including C, have autism, have an IQ upwards of 150, been into system tampering since I first touched a computer. How long would that take me?
>>
be really intelligent to begin with
have a growth mindset
constantly be hacking / experimenting
still will take you a few years man
>>
now that I think about it
is technology progressing as such an extreme pace now that somebody just starting out can never catch up?
>>
>>68017316
>decent haxxor?
you mean 15 level?
35Y minimum
>>
>>68017836
>connect to neighbors wifi
>install OpenWRT
>feeling leet
>
> waiting
>router not coming back online
>check download
>fuck, downloaded rev2 firmware, but this model was rev1
Now your' hacking with portalsTM
>>
>>68017556
Wasn't this thing meant to be used as a safety cage for operating a robot?
>>
>>68017316
Don't do it, The shit I have seen.. it's just not worth it.
>>
>>68017316
depends on how you do it. Hacking isn't like it is in the movies. Most of the time the user is the vulnerability to be exploited. So if you live in a low IQ shit hole like India or Africa probs a day or so
>>
2 seconds
[spoiler]http://hackertyper.com/[/spoiler]
>>
>>68017316
Dude I am a h4x0r and very 1337
I have several pseudonyms but I will use
the name "ALAN", here. I have hacked several high profile computer systems. I can tell you that if you want to be good at this you will spend 10 years learning not to be an egotistical douchebag. In other words work alone, quietly, never tell anyone else what you do. Then you must learn everything about computers and systems that you can. I started off by hacking my own computers and locking myself out just for a laugh. I would trash my hard drive just to see the look on my face. The most high profile computers I have ever hacked was my dads laptop. Man that was hard work but it's worth it in the end. Keep working at it and you should be even more 1337 in the hacking world than me. I am now working on becoming the emperor of the world by hacking my granddads iphone
>>
>>68018369
>will make him learn AND be valuable contribution to community
>valuable contribution to community
>community

Muh s3krit klub
>>
>>68017316
This is all you have to do to be a hacker.
Read some books about networks
hack some networks
feel smug
tell everyone how great you are at hacking
>>
>>68017316
So you want to be a hacker? It ain't no easy task kiddo. You should just stop now. Don't even try.
The most you can probably ever do is click buttons on LOIC and buy crypter packs on Nulled. Even
Cain is going to fly over your brain. Do you know how fucking hard hacking is? Pentesting is not for
the light-hearted. Are you willing to learn and understand a bunch of programming langauges? Python, Ruby,
and Javascript can probably be learned in days. Maybe a few months for Java. But C++? Haskell? C? Assembly?
And those probably are not even enough. On top of that, are you willing to get comfortable in a Linux system?
It's quite different from the clicky pictures you have on your RGB covered Windows gaming system. Are you
willing to learn sofftware engineering, OS development, networking, reverse-engineering, malware analysis,
exploit-writing, fuzzing, data structures, and all the other topics required to become a proficient pentester? Are you
smart enough to know how to perform a social engineering attack? Are you willing to learn Mestasploit, Aircrack,
Hashcat, Ettercap, and all the other tools a pentester needs to know? Or are you just going to download and run
wifiHAX_n0t_V1RuS.exe? Are you willing to understand computers to the hardware level? Are you willing to spend
years mastering and perfecting your skills? Are you willing to spend time everyday to stay updated with current
pentesting news? Just stay in your little gaming world, kiddo. Go show off to your friends and DDOS some minecraft
servers or click on open IPs in Shodan. You don't have the drive to become a real hacker. You never will.
>>
>>68020739
He's not talking about a s3kret club you projecting autist, the "community" out there for publishing research is a very real thing.
Please know what you're talking about before you talk.
>>
>>68017821
>literally believing everything you see on the internet
>>
>>68018592
what did you have to do for 70 hours?
>>
>>68021022
Yeah, but if you're not on the right side of the law, participating in those communities is dangerous.
>>
>>68017782
proper report writing has gone to shit. Seems only posting the CVE and recommend patching is acceptable these days.
>>
Can somebody help me out and answer my questions above?
>>
>>68018903
What do people who study for sysadmin or IT even learn in college?

I've making websites, hosting servers and automating shit for years. And everytime I see someone coming out of college they still have to learn the basics. But you don't need college to learn those basics. So what are those degrees even for, if you aren't into advanced algorithms?
>>
>>68021773
Learn how technology works. Hacking is like lock picking, you'd never learn to lockpick without learning how locks work first.
>>
>>68021863
To get a job
>>
>>68017316

start with iot and hackmes and you'll be hacking stuff in days or weeks. start with native code bugs in well audited software and you'll need things like aflfast markov chains for path analysis.

honestly? just cheat and go through hackme walk-throughs and examine existing exploit code that you can test on old versions of software. the more you pattern your brain to look for vulnerabilities the easier it will be for you to understand and find them.

most "hackers" are part timers who do cybercrime for monero. they buy kits from the deep web and deploy them by hacking crappy low tier websites. even the talented hackers do this so it looks like some skidiot did it.





Delete Post: [File Only] Style:
[Disable Mobile View / Use Desktop Site]

[Enable Mobile View / Use Mobile Site]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.