How to learn attacks and practice them?
I am a beginner and i have knowledge of python, html, and little bit about SQL also. I tried to read about attacks from OWASP Top 10 but need to understand about different types of attacks more practically.Please can someone tell me how i can learn and practice and from where i should do that or any resources.
You can practice here, there are a lot of levels like Real ones that are very similar to a real exploitation.
Hi
You must understand what’s behind those attacks. For example, if you have some knowledge in SQL, then you might be able to understand how a SQLi works. Do that with the other attacks. For XSS, learn js, learn how a browser works, etc. Then as said above, you can do the levels here, you’ll find a lot of levels that will use some of the Top 10 attacks of OWASP.
If you have a basic knowledge , I recommend you doing CEH ( Certified Ethical Hacker) Well…it is not necessary to get the certificate . It overviews and tells the basic and little advance level of hacking , If you really want to learn the REAL HACKING , You are on your own , or sites like hackthis may help you.
Hello Dragos_slayer,
Do you want to learn and detect nnew vulnerabitiy, you should try it. Not enough read,
you can check this link for vulerability find and explotation game.
https://www.checkmarx.com/2015/04/16/15-vulnerable-sites-to-legally-practice-your-hacking-skills/
You can try the following article for different hacking practice environments.
http://www.ethicalhackingtutorials.com/2017/08/01/10-vulnerable-sites-for-hacking-practice-legally/
A great one for learning Windows exploitation right now is https://practicalpentestlabs.com/
@proxy_chainer OSI Levels ? That’s more about knowledge not hacking.
I’ve never seen somewhere where OSI helped me in security.
Message me anytime!
I have to agree with DIDLx13. I even have training in Cisco networking, and other than when you’re buying a product that says layer whatever or talking to someone. Knowing the OSI model doesn’t really even help in networking. It’s kinda like knowing northbridge vs south when you’re building a computer. For the 99.99999% of the people out there. That knowledge is useless and will be forgotten anyways.
However, I think it is worth knowing there is a such thing as stuff like OSI and other things like that. If you ever end up needing it, then you know what to Google.
@dragon_slayer
First thing is first, you need to know what type of hacker you want to be and why you want to do this. If you want to just have a general understanding because you want to be a system admin or something. Other than knowing your system, I would say study stuff like the Security+ (don’t take the test). I find a Security+ is basically good for noobs, but that’s about it.
If you want to actually do the hacking like pen testing, then you need to study bug bounties.
If you actually want to be a pen tester or something like that. First thing is first, make sure you can pass a security check. If you can’t, then don’t even try because it is a waste of your time. If you can, then find what the job requires. Some pen testers only test things like mobile apps. Some test a bit of everything. It highly depends on the company.
Just a quick warning, some jobs have a high travel rate. I’ve seen one with a 92% travel. You will know there is a high travel time when putting in for the job.
Anyways, saying you want to go into cyber security is like saying you want to go into med. Just as there is thousands of different types of doctors, there is plenty of different type of hackers.
But there is plenty of resources on YouTube that will help you
@crua9 I disagree with you, the OSI layer is far from useless to understand when learning about networking. It teaches very imporant stuff about encapsulation, and it is wrong to say that you never encounter it in practice. It’s quite common for documentations to explain a protocol by referring to the OSI later it sits in. You can’t be a network administrator or a good pentester without understanding what TCP (transport control protocol) stands for and what transport means in this case. An other example is SSL (secure socket layer), the layer word in it refers to the whole encapsulation idea of the OSI layer. As a haclet, you need to understand the philosophy and concepts behind the technologies you deal with, and all modern networking ideas derives from the OSI layer.
Do you mean useful?
Also, other than talking with others or buying stuff. I never really sat down and wonder which OSI level something is. Like knowing data link is layer 2, and knowing session is layer 5 I never seen how that would help in any real way. Like knowing layer 3 & layer 4 is highly important. But other than that, I never seen how remembering the entire OSI has actually helped. In places like Cisco, unless if you’re building the next thing. They tend to use the OSI model to say where is the problem (hence talking with others). Like you kinda need to know what is being said when you hear we have a layer 1 problem.
There is a joke about layer 8 btw. If you have a layer 8, then the end user is an idiot.
I agree knowing how it is put together helps with pen testing. Even more so there to a point. But if I gave you a quiz and asked what is layer 1, how is that going to help outside of the write ups? Since you need to have a CCNP to work at Cisco, I haven’t seen it there. But outside of those places, I seen people having to look up the OSI model when doing a write up. Hell I even have to look it up when needed.
Basically what I was getting at is having to remember this in detail is about pointless. As long as you know it’s there and what it is about. You will be good for the most part. Now if you’re working with the stuff day in and out, and you still got to look it up each time. Then there might be some problems there.
I heard something a while back. Einstein was interviewed by 3 reporters. They all could ask them whatever to test his knowledge. I forgot what they asked, but reporter 1 and 2 he couldn’t answer. The reporters said I know these things, so you can’t be the smartest person in the world if you don’t know it. He replied, what is important isn’t that I know something, but that I know where and how to look it up.
Obviously I butcher that, but still.
Last thing I want to mention. Depending on what this person wants to do, they might not get into networks. Like there is a good chance they will. But I have a feeling this is about as far as it goes. Normally when people need to put years of work under them, they move on. Thinking it’s an easy buck. And even if they did get into it. Depending on what they are doing. They might not be too heavy into networks. I seen people in pen testing who just do social engineering. Normally they are women, but you can get people who have a given skill. Like breaking in, bypassing heat cameras, and things like that. However, most of the time these types come from the military or were cops. So they know the tricks around security.
Do you really need a good reason to learn stuff ? If there’s no reason of learning OSI then you won’t learn it ?
In my opinion, you’re forgetting something important about learning and knowledge ; you don’t always need a reason to learn. Learning to learn is a damn good thing.
Weren’t you, once, interested in how networks work ? I was, and I then learned about it. And not being able to remember 100% of it is not a big deal since I understood the whole thing.
Anyway, this conversation is just a matter of mentality, on how you see knowledge and learning.
For me, the more you know the better.
@dragon_slayer, do some challenging and find something you really like. Then learn everything you can about it and you you can practice it with challening or anything you find good to practice on. If someday you’re lost with this whole knowledge that need to be known, just do some challenges about it and you’ll be able to gain some knowledge and experience a good way. If you need some help for something or need advices, feel free to PM me !
Have a nice day :)
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘\’‘ at line 1