Cyber Security / Ethical Hacking Questions

thisdudehenrythisdudehenry Member Posts: 33 ■■□□□□□□□□
New to this and wanting to get into this side of security.icon_study.gif
  • Are languages like C++, Java, or Python worth while to compliment ethical hacking? So far from research it seems you should know a bit of C++ and Python. I believe Linux commands is a must but then you can use Python and C++ to compliment your needs? Not much is found about Java.

  • Currently school either offers a major with cyber security or programming(C++,Java) and neither over lap. So would I be able to learn C++, Java or Python on my own on the side?

  • I believe the OS system of choice is Kali Linux? But is there a difference if I want to work for business and they require RHEL? Or is it basically the same thing just different pre-installed software?

  • Last question is RHCSA/RHCE a good certificate to pursue to compliment cyber security / ethical hacking / penetration testing etc.?

Comments

  • Danielm7Danielm7 Member Posts: 2,304 ■■■■■■■■□□
    - You can always learn programming/scripting languages (or anything) yourself on the side.

    - Kali is built on a different distro, but it has a lot of the tools you'd want all together and handy. With that said you can load the ones you need on a a different linux distro too. If your workplace uses RHEL, you can use that as your daily driver and boot into Kali when needed too. Kali isn't an OS for everyday use.

    - It's good to know a lot of that material, probably not needed for a pure security role though.
  • thisdudehenrythisdudehenry Member Posts: 33 ■■□□□□□□□□
    Danielm7 wrote: »
    - You can always learn programming/scripting languages (or anything) yourself on the side.

    - Kali is built on a different distro, but it has a lot of the tools you'd want all together and handy. With that said you can load the ones you need on a a different linux distro too. If your workplace uses RHEL, you can use that as your daily driver and boot into Kali when needed too. Kali isn't an OS for everyday use.

    - It's good to know a lot of that material, probably not needed for a pure security role though.


    - Understood that seems to be understandable, but which to focus on the side? C++, Python, both?

    - Ah understood so Kali is your arsenal not from which you work on everyday.

    - Hmm so Im assuming it would be up to me to learn the ins and outs of Linux.I found they actually have a class called CIS255 Operating Systems.

    Covers the development and execution of structured shell programs including scripts, menus, I/O redirection, pipes, variables, and other UNIX and Windows commands. Operating systems administration techniques also are covered including electronic mail, editors, online help, and file and directory techniques.

    They do however offer a discount on exam voucher for Linux+, CEH. I searched around this forum and it seems it has a bad name. So I assumed having a RHCSA/RHCE would be a bit better and beneficial instead? It shows I know my ways around Linux?


    Some of my questions were answered but I would like to hear more opinions.
  • dmoore44dmoore44 Member Posts: 646
    1. Programming is definitely a useful skill to have. There are a lot of times I've had to modify an existing tool, or roll my own, to work in an environment. Some organizations have completely ignored best practices when it came to implementing an enterprise architecture, or have become giant spaghetti monsters as they've grown, and so there's a need for a bit of development work.

    2. Once you've learned the object-oriented principles taught in Java or C++, picking up another language (like Python) isn't all that difficult. The biggest hurdle is keeping track of the syntactical differences.

    3. Kali is based on Debian, and RHEL is obviously Red Hat. Package management systems are the biggest technical difference (Debian using advanced packaging tool [apt] and RHEL using Yellowdog updater,modified [yum]). There are also some minor differences where config files are stored, minor differences in systemd, and a few others, but they're not insurmountable.

    4. If you're wanting to work in a DFIR position, it certainly wouldn't hurt. It would provide good foundational knowledge on a popular OS used in many enterprise networks.
    Graduated Carnegie Mellon University MSIT: Information Security & Assurance Currently Reading Books on TensorFlow
  • beadsbeads Senior Member Member Posts: 1,511 ■■■■■■■■■□
    To be good at PenTesting you really need the hard programming skill in addition to DBA, scripting and networking knowledge. Otherwise your going to be handing someone much better, senior and over themselves a report that reads: Someone with actual skill may be able to exploit this as a vulnerability on your network but that person is not the author of this report. Sincerely, your pentester.

    This is why I disagree with colleges trying to teach 'security' as an undergraduate program with no background in business based IT. They never have any clue why or what they are doing without years of practice in the basics.

    - b/eads
  • ananth234ananth234 Member Posts: 10 ■□□□□□□□□□
    Programming surely helps
  • ChinookChinook Member Posts: 206
    OP

    1. RHCE. I would get your LPIC 1, 2 and 3. Why: You'll be using Linux for it's tool but you may also be doing web based penetration testing. You'll find that Ubuntu based Linux is the chosen distro for internet stuff. The Red Hat certs are more geared toward corporate/enterprise Linux operations.

    2. Programming: Focus on scripting languages that are web based. If you are interested in doing security work in a MS environment (and yes, there is lots of that), learn PowerShell. Learning programming often helps you understand how things work.

    3. Kali Linux is a Linux Distribution. It's not really any different from other versions of Linux just it comes with hundreds of hacking tools built in. You can get multimedia Linux distributions too. You could make your own copy of Kali.

    B/eads is right on the money. The path to becoming a good security guy is a good understanding of the underlying technology. It really helps to be a good generalist. You need a decent understanding of networking, scripting & overall computing. It is POINTLESS to take the CISSP if you don't know much about computing in general.

    There is a saying "hack to learn" and I agree. Once you get in a security mindset you will start living there. You'll be introduced to new technology and think "how can I abuse this". I'll go into a network & I'll look for ways to exploit it. And a WHOLE bunch of the low hanging fruit (easy hacks) are because the network doesn't follow best practice. For example, admins might patch windows servers, but don't update firmware in routers or on VMware. Or they have a PSK on wireless yet their wireless gives full access to network shares. Hell, I don't need to come in the building man, I just sit in my car.

    One final thing: Security is a big word. It encompasses many things. There are defensive security guys who harden corporate networks (half of this is just following best practice and being a good architect). There are pen testers. There is digital forensics (criminal and civil). It's not just a case of learning technology. What I would recommend is that as you learn technology look at it from the "security standpoint". So I might learn Windows Server, but I'll put the emphasis on say DNS or System Health than I would say..WDS.

    And think about of the box. I recently worked with a guy who was a digital forensics guy. He focused on stuff like Encase, etc. And he had earned his Private Investigator license. It made sense. If you're in the business of doxing guys as part of the pen test having a PI training is a great way to dig up dirt on people to exploit them. People..are the biggest exploits (with thanks to Mr Robot).

    Security is not a job. It is a way of thinking and living. I walk down the street and I look for ways to break into buildings. I look for dead camera zones. I look at convenience stores whose windows are covered with posters and I think "I could rob that without being seen". It's just my mind in "security mode".

    PS. A good link Tools - ForensicsWiki
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    You do not need programming skills to be a hacker. You do need programming and scripting skill, esp. Python nowadays, if you want to be a good professional hacker. Start with Windows & *nix scripting (a few books out there) and at least pick up Python basics (more good books out there) if you plan on actually selling your skills as a whitehat hacker.

    OS system of choice is Kali and Windows. Now that PowerShell is going open source you'll be seeing a lot less Windows I think. Anything that works on Kali will work on Red Hat. Kali's mostly just a framework of pre-compiled and collected tools

    Red Hat is useless as a cert to boost your infosec resume. You'll learn good skills to help with infosec, so it IS a good cert to have, but it isn't going to help you get an infosec job.
Sign In or Register to comment.