
Resources for Learning Ethical Hacking - mashpy
https://www.onlinebooksreview.com/articles/best-resources-for-learning-ethical-hacking
======
saagarjha
> Basic Computer Skills (not just MS Word but using the command line, editing
> the registry and setting up a network.

I don't want to sound like a gatekeeper but you're really not going to get
very far as a "hacker" unless you know how to program. Honestly, this article
just looks like a list of paid courses and a somewhat basic list of buzzwords
:/

------
renholder
> _...editing the registry..._

and

> _...Linux Skills (non-negotiable)..._

Why not just say "dump Windows"? It's a good OS, if you want someone to hand-
hold you, but as somoene once elegantly put it: " _Trying to hack in Windows
is like trying to dance in bodycast._ "

> _Reverse Engineering._

They list scripting but, as saagarjha notes, knowing how to program is a
pivotal quality. Otherwise, when you reverse engineer something, how do you
_know_ what the feck you're looking at?

For example (I'm aware of the irony of this example), it does me no good to
reverse engineer something in ILDASM[0], if I haven't the faintest idea of
what it is I'm looking at.

[0] - [https://docs.microsoft.com/en-
us/dotnet/framework/tools/ilda...](https://docs.microsoft.com/en-
us/dotnet/framework/tools/ildasm-exe-il-disassembler)

------
golergka
Honest question: is there any skill difference between ethical and black-hat
hacking?

~~~
molticrystal
I'll take a shot at this and try to reason and figure it out, if you think my
conclusions or reasoning stray to far, feel free to point it out.

The first thing I'll do though is replace the term black-hat with non-ethical
hacker to avoid confusion and keep the comparison balanced, as there are
black-hat conventions and that muddies the terms. Then it seems it is
different specializations and how long you can practice your trade.

For example, ethical means you are willing to stay within defined lines to
accomplish the goal. By being ethical you will often ask for permission before
you do something in many domains/fields. Depending on how narrow the
restrictions and parameters, you might have to be really creative or attentive
to overcome things to accomplish your goals. This applies mainly to website
hacking and such, but with permission you could do some of the same things a
non-ethical hacker could do as described below. For software and hardware the
skill set has a lot of overlap. You would concern yourself in learning or even
developing and creating many defense measures since as when possible you would
try to come up with a mitigation or fix for any issues you find in any domain.

For a non-ethical hacker, you wouldn't ask permission to use subterfuge or
social engineering. You would have no problem ddosing a place for extortion,
or leaving usb thumb drives in parking lots with malware on them hoping
somebody would pick them up and put them in their computer. So your skills in
those areas would be higher. You would probably be just as good at software
and hardware skills to find bugs, but your purpose and usage would be selling
them on the black market and using what you find for ransoming. You would
focus on obfuscation and attacking domains. Your motivations being different
will lead you to different places.

As far as long term, the ethical hacker will remain out of jail, while the
non-ethical hacker as time goes on will have the probability they will be
targeted by one or more governments and captured increase as time goes on. So
due to selection factors some non-ethical hackers might end up with higher
skill levels than their ethical counterparts, but many will be caught and lose
their temporary advantage, and have their skills atrophy in prison, if they
were to go long enough without getting caught to develop those skills. The
ethical hacker will be able to use their knowledge as long they are interested
in the field and can keep up.

