Where Do I Start: Learn the Fundamentals
I am very new to Null Byte but I find much of its content and community incredibly interesting. I spent quite a bit of time just chronologically going through the posts and I noticed a common theme in many of the beginner posts. Many people seem to want to know the 'secret' or a paragraph on "How to Hack" and become a hacker in a few minutes. I started off this post as a reply to a question from a beginner but thought it might be beneficial to have for those stumbling across this site.
As a certified instructor with a couple thousand classroom hours under my belt, I understand that everyone learns in a different way. This article isn't meant to be the doctrine in which all aspiring computer experts set out on their journey but as a starting point. One thing most of us have probably heard from others is: "You're so smart!" or "How did you do that?" I always respond: "Everything is easy if you know how to do it."
Learning anything new can be like peeling back the layers of an onion. You set out with a specific goal in mind like defacing a web page. You navigate to the page.... then what? How do you know how to achieve the desired results?
Once you have an understanding of how all of the technologies involved in presenting that web page function, you have access to a multitude of attacking avenues. The purpose of this article is to provide a list of technologies to learn and know inside and out so when you navigate to the page you want to deface (as an example), you know what technologies to explore for possible entry points.
Linux used to be incredibly hard to install, but because of the complexity, it forced you to learn a lot. It's gotten a lot easier today but there are still many of the same challenges present. Many of the attacking and scanning tools we have today rely on a Linux installation (such as Kali Linux). If you're brand new to Linux or have only booted from an Ubuntu (or Kali) liveCD and have no Linux experience, studying for and obtaining the Linux+ certification isn't a bad start.
Back "in the day" there was no better resource for DNS than O'Reilly's DNS and Bind. I would still recommend this book to this day as a starting place for learning the fundamentals of DNS. The next step is spinning up a Linux box and installing BIND. There is no substitution for hands on experience. Set up a BIND server, add one of your domains, forward the NS servers at your hosting provider to your IP address, and then turn it into a caching/forwarding DNS server and use it at home. Learning DNS is a very useful skill and will give you many avenues for attacking DNS once you understand how it functions.
Example Attack: Change the primary and/or secondary DNS of a target to point to a DNS server of your choosing. Hand out a record for www.fakebook.com to point to your webserver, siphon their password and forward everything else to the 'real' fakebook.com.
What is subnetting? What do firewall rules look like? How does a firewall work? What is deep packet inspection? What is NAT'ing? Why can I only see my traffic and broadcasts when I am plugged into a switch - where's the rest of the traffic?
Many networking experts focus on Network Engineering exclusively their entire careers. It's very difficult to become an expert at all of the networking technologies that are out there, but even gaining a basic understanding of some of the above technologies can not only help you gain access to a system but protect you from detection. I would again recommend that if you're starting from 0 with Network Engineering knowledge, study for and obtain your Network+.
If you already have a basic understanding of networking, you should always be working to learn more and study new technologies that are out there. I recommend studying for and obtaining your CCNA and then your CCNP. You will become most familiar with Cisco hardware, of course, but many of the technologies that you will learn translates across the network hardware spectrum. That's the real goal.
I recommend learning how certain network services function. You already have your Linux box that you spun up in #1. Install and configure an apache webserver. Install and configure an SMTP server. Install and configure a RADIUS or LDAP server. Install and configure an FTP server. The more knowledge of network services you stockpile, the more avenues of attack you have at your fingertips.
You won't learn all of these items in a day or even 6 months. Don't get discouraged. Pick one, study and learn the technology, and then start to play with the boundaries of the accepted standards. Start thinking about how you can use its intended functions in unintended ways. You may run into a system with an administrator that knows DNS very well and he leaves you no avenue for attacking DNS. But if the administration has very poor networking skills, you could find a way to rewrite DNS destination queries to a DNS server of your choosing and completely bypass the ironclad DNS server the system has in place.
So, in closing, I don't recommend you stop learning metasploit or aircrack. If you want to become more than a script kiddie, you need to learn the fundamentals. The benefit to learning the fundamentals in a method similar to the above is that you'll walk away with certifications and become more marketable in your job field, even if it isn't directly in security. If you already have, say, a Linux+, then seek out a higher level Redhat certification or specialize - get a DB certification, and so on. Even if the cert has very little worth in the real job market (ahem, Network+) it teaches you fundamentals that not only translate to becoming a talented security engineer some day, but could uncover a talent that could put you on a path to become an industry expert in a certain technology.
And to those on this site that already know the fundamentals (or wrote them)- Please comment and share your recommendations or learning resources as well.