suck-o.com

Hi guys, I'm interested in network security and hacking for the sake of security, I just don't know where to go or what to read or what to do or anything. I've read a lot of threads on here where people say to learn HTML and move up and stuff. I know HTML, I've been using it since I was 12. I've got CSS and Javascript down. I know everything about C++ that any basics tutorial could teach me, aside from the Windows API which I have yet to delve into. But where do I go from there into hacking? I've looked through some of the textfile downloads on this web site, but it all looks like it's for people who know what they're doing. Let's just say, can anyone point me to some tutorials and such for what to do starting out?

Well, you want to cover a pretty broad subject here, so let's start with networking. Wardriving is a great way to learn about networking: attacking it from the outside. You connect to someone elses wireless, and you have access to their router configuration. That's (simple) hacking of a network. DNR can surely help you more on this subject.

Hacking for the sake of security? I'm not really sure where you're going with that one.


Since you're pretty familiar with programming already, and if you're interested, you should try coding some secure web sites and applications for yourself or others.

These are some general ideas, but getting to know how things work and then finding a way to make it do something unintended, that's what you're looking for.

Raven,
Welcome to the suck-o forum, a good discussion group is one of the things you'll need to have to study hacking.
I can see that you are not exactly n00b, you have done some hard study, coding. It sounds like you need to learn more about network technology and how it works. A security consultant can be 'specialized' in the vast area of network security. I took college classes on security administration, it taught me physical security and how to prepare a security survey. Some companies need a security consult to look at their codes I am sure, but most use a technology and access control kind of survey. At the least you should know more than a fair amount about operating systems, their inherent flaws, and how to patch them. You'll find that the security business involves policies and procedures, typical employee riffraff, paranoia, and lack of common sense (or money, security is not 'cost-effective'). Security is a lot of documentation and giving presentations.
Start with the computer in front of you, it is attached to a network.
Start with basic skills you'll need to perform security analysis. Traceroute, server/computer scanning, email/IP analysis, firewalls, routers, antivirus/malware protection.
Present a specific question for help. Maybe start with "How does trace route work, and why is it important?" or "How do you block a DoS (denial of service) attack on a desktop or server?"


DNR

Thanks everyone, you've helped me get an idea of what I should start looking into. And by hacking for the sake of security, I mean, having the knowledge of a hacker of how to view vulnerable points to my computer and fixing them.

Whenever I go to college in about a year I will be going into Computer Science,(I'm trying to see if they let you double major in computer science and computer engineering), and in my later years I'm pretty sure there are some classes about networking and security. But hell, no reason not to start looking into it now.

I recently came accross a CD from the CBT-Nuggets Certified Ethical Hacker(CEH) Course.
I'm just finishing with the first video and currently downloading the Labs from the course.
If u want to learn to hack quickly then look up CEH. i could post a link for the ISO but that might get me banned sorry

But i do have a few other links that could help:

How It's Done & Tuts: The Course Objectives of CEH:

I wonder if hacking is can be 'taught' to someone.....

i mean even if you teach someone 'ways of hacking' obviously then most of people know it and they protect themselves from the known ways...that way you can only hack people which poor knowledge.. if you want to hack a smart ass admin(like b_b ) ... you need to apply your brain..i've seen some people, they say "damn we cant hack xyz coz he isnt vulnerable to sql injections or xss or buffer overflows.." can we call him certified hacker??

Actually i dont know how they certify hackers?? i dont know how they test and all.. so maybe i m underestimating CEHs, sorry guys, no offence intended...