Hacker News new | comments | show | ask | jobs | submit login
nirmalkant 7 months ago | hide | past | web | favorite

This isn't a great article IMO, heavy on the theory and light on the practical. Doesn't mention general tools like dnsmap, or shodan.

It's all very well knowing what you should do in theory, but that's pretty useless if you don't know how.

I've also never heard it be called "enumeration theory" before.

I feel like most content labeled as "ethical hacking" is less than stellar.

hmm this content seems pretty dated. If they're looking at internal network enumeration, then it's missing most of the modern tools, if it's looking at external enumeration then it's not great as most of the ports they refer to are unlikely to be exposed externally...

If you want more up to date material in this kind of field, something like the Red Team Field Manual (https://www.amazon.co.uk/Rtfm-Red-Team-Field-Manual/dp/14942...) or "Advanced penetration testing" https://www.amazon.co.uk/gp/product/B06XCKTKK8/ref=oh_aui_d_... could be worth looking at.

How did this got to the frontpage? The content is complete rubish.

And the floating modal on the center of the screen further proves my point.

I am tempted to take a course like this (Certified Ethical Hacker seems the industry leading one) simply to get an idea of what I am missing

But I fear finding a lack of practical hands on stuff (I would want to bring up an aws instance that is vulnerable in ways x y and z and have to find them. Or something)

Does such a course exist

Offensive Security[1] seems to offer some good introductory as well as advanced courses. They start at $800 though, so that may be a deterrant. But folks who I know have gone through it and the tests and exams seem to be pretty comprehensive.

[1] https://www.offensive-security.com/

Don't do CEH :) It's focused (or at least was , last time I looked at the syllabus) on learning long lists of stuff about security testing tools, this is not a good way to learn about security testing/penetration testing/whatever people want to call it this year.

OSCP is a useful entry point in terms of what it teaches.

But there are also loads of free resources which can provide some hands on examples

https://pentesterlab.com/ is one example which has some good free examples as well as paid for additional content.

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact