I really want to be a proffesional ethical hacker. Where do i start? I've started to learn python.

What do you want to hack? Networks? Games? Other software?
General things you should learn:
1) How networks work and are structured, etc.
2) How programs are loaded into memory (Thanks Space Worm)
3) Windows programming (Most systems are windows based)
4) A script language like python would help (Yes I am pro Python :D )
5) Any topic that relates or links to any of the above topics

That's all I have atm, if I come up with more, I will post.

First, you need to learn about Pen-testing so about website hacking and PC hacking.

For website hacking I suggesting you learn PHP , HTML , ASP.NET as the SQL injections for these are quite different.

Learn SQLi , LFI , RFI , XSS in those attack vectors there are few branches such as persistent and non-persistent then in SQLi there is UNION SELECT and String and few more branches. There are other attack vectors but these are most used. It is advised to know how to use Google Search Engine such as using Google Dorks.

There are few 0days I have about FEW website servers such as apache but I never sell them I use them for reasons.

For PC hacking learn C++\C in those learn Shell-coding and also ASM x64 and x86.

The next thing is to code your own tools rather than using other people(s) hack tools as it can make you a Script Kiddie rather than elite hacker.

Of course I made a tool of mine:
http://i.imgur.com/gJj3Cs6.png


This way after you make a tool you can automate your job.

Also learn to use Metasploit Tool , BackTrack and other famous Pen-testing tools as they will help you a LOT trust me.

GL

PM me If you want it. It has few bugs but it did find few Government sites vulnerable to SQLi attack so it is good in standalone form.

EDIT: NO PROBLEM SCRIPT CODER

Other Thing Python is bad Pentesting Language as the Stub size is massive and when making Military level backdoor's , it will be a problem and yes I do make them.

Is that C#, or VC++'s form designer?

"Professional Ethical Hacker"? Isn't that a conflict of interest? If you are hacking professionally, then there are no ethics to it. You hack what you are paid to hack.

@BHX Someone pays you to hack into their own systems. So that they can be sure that their system has no vulnerabilities.

Hi Fredbill30 it is C#

I only program in C++ and C for Drivers (also Hardware Interaction) and Test Malwares and AV because they have way less dependencies and for me better.

But for hack tools I find I can automate them using C# much more effectively.

Actually BHX is kinda right becuase some Hackers I know are Grey hats who help companies also deface companies.

But also Script is right because some White hats ask for proof that it is they're system before starting they're tests.

well the people above alot of good stuff here i have the same object as well

education is everything man you have to learn about everything that can helps you alot of people told me that "Networking is a must" and btw dont pay god damn $$ for books get a vpn and start torrenting books and academic video that will help you and watch also dont forget to watch shows like Hak5 darren does alot of work teaching people

sites that you might find interesting:-

http://www.security-tube.net <--- they have alot of great academic videos that you can pay for or either go http://torrentz.eu or on TBP and get them for free lol

http://www.expect-us.net <<< free ebooks and links to other website that helps you + testing sites to test your skills

http://hackthissite.org << contains war games etc but this site is not like it used to be fore :/


http://www.enigmagroup.org << i think you will find this site the most interesting one


and also you might have other questions etc so you should go to irc chats

go on freenode http://webchat.freenode.net

register and join ##security channel there alot of humble people overthere will give you tips advises and help (as long you are not asking them the wrong way or showing you are doing illegals stuff ) btw hdm is HD moore there you can ask him all your questions regarding his project metasploit and you will find people like mubix if u heard of him on the same channel and also the channel #metasploit good luck bro

i hope will success :)

am student here start college this year in well of Allah and have the same interests it has been a while since i have been on any forums

Also if you really want to learn PM me, I did discover a 0day in Windows so I can help really. If you need.

And no dont get a VPN cuz look VPN keeps logs and getting one which does not is incredible rare. I suggest using a Proxy then a VPN that way you have 2 protections.

I buy my Proxies like 10,000 for maybe $0.70 to $1.00, so it is fairly cheap.

I heard Security-Tube is currently not available

Thanks for the advice guys, what do u think of python for ethical hacking?

NOPE, NOT A CHANCE! C\C++ are only real languages useful for Hacking as you can interact much lower than in Python thus C\C++ is much better.

sam dhillon wrote:
what do u think of python for ethical hacking?

It has its place and its uses.

education is everything man you have to learn about everything that can helps you alot of people told me that "Networking is a must" and btw dont pay god damn $$ for books get a vpn and start torrenting books and academic video that will help you and watch also dont forget to watch shows like Hak5 darren does alot of work teaching people

SO much for Ethical.. It is fine if he wants to do hacking since it can be ethical and I will give him the benefit of the doubt but recommending someone to torrent copyrighted material so they don't have to pay for it I draw the line at.

I am surprised to see how many people pirate their stuff specially since we are in a programmers forum. I won't go into chiding you like a child but I will say that I hope whenever you release some software for others to buy you go bankrupt on that project because everyone just decided to pirate your software instead of buying it.

So many projects are destroyed because of Pirating these days and as developers we should not be supporting it!

No offense, I just found this really ironic.

I won't go into chiding you like a child....(he continues, chiding him like a child)

But I do agree with Zereo, we are the type of people who loose from software piracy.

NOPE, NOT A CHANCE! C\C++ are only real languages useful for Hacking as you can interact much lower than in Python thus C\C++ is much better.

Your experience is showing with a comment like that. You need scripting languages like Python or Ruby, you need to know web development languages like HTML, PHP, CSS, Javascript, you need to know low level aspects like C/C++ and some assembly. Just locking yourself into using C/C++ is a very bad decision.

No offense, I just found this really ironic. I won't go into chiding you like a child....(he continues, chiding him like a child)

I wouldn't really say it was chiding him (Ok maybe it was ;p) but I just wanted to say I hope his projects fail and karma comes back to bite him in the ass.

Hi,

Zereo, as I already said if you use Python for Desktop it would be crap but for Web it would be good.

Thanks

Well the OP did not really say what area of "ethical hacking" he wanted to go into. Also, I think knowing many programming languages is very good for almost every area in programming. You may not use them at all, but it stretches your mind to think differently and to learn new things.

Thanks for the comments and i don't download stuff illegally. I know someone who is training to be an ethical hacker and she says to learn python.

Script Coder wrote:
@BHX Someone pays you to hack into their own systems. So that they can be sure that their system has no vulnerabilities.

That is the problem. I recall a few times guys were paid to hack into their companies systems and the later found out they had been hacking into another companies systems. You are only as ethical as the company paying you as they don't have to prove you are trying to hack their systems.

@BHXSpecter I get your point, but that is not the ethical hacker's fault. If you work for a nuclear research company and they tell you the government has given orders for a new atomic bomb, meanwhile the bomb is for the boss' terrorist attack. It is not the fault of the engineers/researchers.