Learn TCP/IP, Basic Information
gathering, Proxies, Socks, SSL, VPN, VPS, RDP,
FTP, POP3, SMTP, Telnet, SSH.
Learn Linux, Unix, Windows - You can do
this using vmware or any virtual desktop
Learn a programming language that's
compatible with all OS - Perl, Python, C, ASM
XSS, SQLI, RFI, LFI
Learn Reverse engineering and crack
some programs for serials easy ones like
mirc, winzip, winrar or old games.
Code a fuzzer for common protocols - ftp,
pop3, 80, 8080 - Pick some free software
like ftp server, mail server, apache or iis
webserver or a webserver all-in-one pack,
or teamspeak, ventrilo, mumble.
Code a tool that uses grep to sort out
unique code in source codes.
Make a custom IPtable, IPsec firewall that
blocks all incoming traffic and out going
traffic and add filters to accept certain ports
that your software or scripts use.
Pick a kernel in linux or unix, also pick a
Microsoft OS version lets say Winxp pro sp2
put them on the virtual desktops (vmware)
and find and code a new local exploit in
those versions, then install a Apache
webserver on the Linux/Unix and a IIS
webserver on the winxp pro and attempt to
find and code a new local reverse_tcp_shell
Learn Cisco Router and Switch
configuration and setup.
Learn Checkpoint Setup and Config
Learn Wifi scanning, cracking, sniffing.
Pick a person in you phonebook for the
area code you live in or city then ring the
person on a anonymous line like skype or a
payphone or a carded sim and attempt to
social engineer the person for his name,
address, data of birth, city born, country
born, ISP connected with, Phone company
connected with, What bank he/she uses
and anything else you can get. Then
Attempt to ring using a spoof caller ID
software with the person's phone number -
call the ISP and try reset the password to
his/her internet connection/web-mail, get
access to bank account or ask them to send
out a new * to a new address (drop)
with a new pin, reset of phone company
Use your information gathering skills to
get all the information off a website like a
shop then use the spoof caller-id software
or hack your phone to show a new number
of the Webserver's Tech Support number
then ring the shop owner and try get the
shop site password.
Do the same thing but attempt to use a
web attack against a site or shop to gain
Once got access upload a shell and
attempt to exploit the server to gain root
using a exploit you coded not someone else
Make your own Linux Distro
Use your own Linux Distro or use a
vanilla Linux gnome (not kde) keep itwith
not much graphics so you can learn how to
depend on the terminal and start from
scratch install applications that you will only
need for a blackbox (Security test box),
make folders for fuzzers, exploits,
scanners..etc Then load them up with your
own scripts and other tools ( By this stage
you shouldn't need to depend on other
Learn macosx and attempt to gain
access to a Macosx box whether it be your
own or someone's else.
Create a secure home network and
secure your own systems with your own
Security policies and firewall settings.