8 replies to this topic

[Mercfh]

Hello everyone, newcomer to this site. I guess i'll give a little intro about myself.
I just Graduated about a Year ago with my B.S. in Comp Science. Right now im working an Entry level Firmware job, I like it pretty well. However i've always been interested in Network Security and all things that go with it (Maleware/etc...) not for really any other purpose than learning. Although I think it'd be great to do as a career one day (Penetration Testing, or working for an AV company perhaps?)

I have pretty good knowledge in C/C++/Java as that's what I mainly use at work. My SQL Knowledge is sub-par (Im working on it) and my ASM is pretty bottom of the barrel. Unfortunatly I know nothing about Networks/Security.....Malware/Cracking/ANYTHING of that nature. Hence why Im here. I am pretty familiar with *nix based systems....So I guess that's a plus haha.

I was a bit confused and overwhelmed where to start, it's something i've been super interested in but sadly out Uni never offered much in the way of classes (Those wargames competitions seem like they'd be awesome).

Anyways my Goal is to set up my own lab ( I have the hardware for it thankfully) and get to work learning this stuff. I have quite a few ebooks/videos but I don't know whats good/relevant and so forth. So anything to point me in the right direction for a beginner would be great, and I look forward to becoming a part of the community!

I guess some sort of "Certification" is in my future, I've been looking around an the CISSP seems like something to aim for in the future (unless someone else has any other recommendations). Network+/Sec+ seems like they are somewhat outdated, and im not sure if I feel CEH is something worthwhile, but then again I have no idea.

Edited by Mercfh, 20 February 2012 - 02:40.

[~Emperial~]

Mercfh, on 20 February 2012 - 02:17, said:

Hello everyone, newcomer to this site. I guess i'll give a little intro about myself.
I just Graduated about a Year ago with my B.S. in Comp Science. Right now im working an Entry level Firmware job, I like it pretty well. However i've always been interested in Network Security and all things that go with it (Maleware/etc...) not for really any other purpose than learning. Although I think it'd be great to do as a career one day (Penetration Testing, or working for an AV company perhaps?)

I have pretty good knowledge in C/C++/Java as that's what I mainly use at work. My SQL Knowledge is sub-par (Im working on it) and my ASM is pretty bottom of the barrel. Unfortunatly I know nothing about Networks/Security.....Malware/Cracking/ANYTHING of that nature. Hence why Im here. I am pretty familiar with *nix based systems....So I guess that's a plus haha.

I was a bit confused and overwhelmed where to start, it's something i've been super interested in but sadly out Uni never offered much in the way of classes (Those wargames competitions seem like they'd be awesome).

Anyways my Goal is to set up my own lab ( I have the hardware for it thankfully) and get to work learning this stuff. I have quite a few ebooks/videos but I don't know whats good/relevant and so forth. So anything to point me in the right direction for a beginner would be great, and I look forward to becoming a part of the community!

I guess some sort of "Certification" is in my future, I've been looking around an the CISSP seems like something to aim for in the future (unless someone else has any other recommendations). Network+/Sec+ seems like they are somewhat outdated, and im not sure if I feel CEH is something worthwhile, but then again I have no idea.

Welcome to asta

well, you want to learn networking and malware, depending on what part of it you want to start at, will depend on what i will tell you.

can you please tell me what do you already know about network security, e.g. you know how firewall hardware works or how to sniff packets, etc...

i will try and help you as much as i can


Emperial

[Mercfh]

I guess Network Security does interest me but Maleware is probably what I want to learn first since I have a decent programming background. I actually would love to work for an AV company someday. But as far as what I know about Network security.....it's pretty limited, assume I know basically nothing (although i've sniffed packets before and such but that was a LONG time ago and I basically forget most of it).

As far as maleware.....I know very little too.

Edited by Mercfh, 20 February 2012 - 14:12.

[~Emperial~]

Mercfh, on 20 February 2012 - 14:11, said:

I guess Network Security does interest me but Maleware is probably what I want to learn first since I have a decent programming background. I actually would love to work for an AV company someday. But as far as what I know about Network security.....it's pretty limited, assume I know basically nothing (although i've sniffed packets before and such but that was a LONG time ago and I basically forget most of it).

As far as maleware.....I know very little too.

and by maleware you mean learning how they are made? or what they do?

[Mercfh]

Mainly how they are made/work. Im pretty familiar with what they do at least lol.

[~Emperial~]

well, malware (correct me if i am wrong) is a script/code that is designed to exploit a computer or a data contained within it.

Knowing that you can probably guess, why people would want to creat it. Malware can be written in nearly every language, the most simplest and common is C++

People who write malware usually try and get bank details / information from your social web page e.g. facebook or to harm the users machine.


With that beeing said, malware a general word (correct me if i am wrong again) worms/trojans/adware

The above^^ is just a general lecture, if you want to know the code how to make the actuall thing, i cannot help you with it, as i do not support people who want to harm other users machines... Dont get me wrong, i can creat one too... but i wouldnt advice it.

If you still want to learn how they work, i suggest you go on any torrent website e.g. kat.ph and find any torrent that has comments next to it as a virus

Create a new folder and make sure your antivirus doesnt scan it, then download the file directly to it. After you are done with that, identify in what language it is written in and try opening it with a correct program, and view the code.

Should it try and do anything with your machine outside the folder, your untivirus soft should be able to handle it.

this is probebly as far as i am allowed to help you :/

if you have any more questions, feel free to ask

Regards



Emperial

[Lameth]

Debuggers in virtual environments.

Look at VMWare and/or VirtualBox for virtual environments.
Look at IDAPro, Immunity Debugger, and/or OllyDbg for excellent debuggers to analyze code and processes with.

And of course check out Astalavista's own source of Malware articles and eBooks: http://www.astalavis...ory/51-malware/

If you have a rediculess amount of money, then I can recommend you to look at Norman's Analyzer. It's a debugger and virutal environment in one, that can emulate network traffic and whatnot. Pretty neat, but expensive as hell...

[alstalavista]

Just got out of.... After a few yrs. I used this site n Juarez in 2003, been pcless since, I suppose c++ would be my start. I would appreciate any help to get back in. ran into a problem with this lady placing quizmoquip SMS tracker on my new galaxy s2. Please help.

[Tsabiturrijal]

cool