Perhaps you had better start from the beginning…..
Hacking in the cybersecurity sense requires a few things to be successful. In the case of operating system (OS) hacking there are a few skills and tools that will be necessary. Unless we are going to just grab some programs and let them run. (I’m not really into that sort of thing.)
First tool: A computer. There’s not really too many requirements here to just get started. 8GB+ of RAM for reasons that will become clear a little later, and a fairly decent size hard drive or external hard drive. The base OS is negotiable.
Many who use computers for more than just surfing the internet have personal biases when it comes to OS choice. I know I am not immune to that. I spent many years avoiding Windows like the plague. I have backed off on that standpoint as I’ve moved to a cybersecurity focus. I started to avoid Windows because it made many things I was trying to do more complicated and frustrating. So I moved to Linux, which I still use a lot, and then to OS X once Apple started using Intel processors and switched to a Unix based system. OS X is now the Pen Testing standards recommendation for a base operating system.
That said, over 70% of the non-mobile computing world uses some version of a Windows OS. So if you’re going to exclude knowing Windows then you are cutting out the majority of your targets, which is just foolish.
Second set of Tools: Some software. We will need to run various operating systems. The free way of doing that is to install Virtualbox from Oracle. The non-free and industry used VMware player is another way of doing that. Which you prefer is up to you and dependent on if you want to spend money or not. I have been using Virtualbox for a while and have not had any issues. I just started using VMware player so I’m not that experienced with it yet. You can also convert images between the two so you don’t have to be restricted to one. Parallels is also available but I have only heard of that software and am not familiar at all as to its functionality. I know it allows running Windows on Mac but I’m not sure if that’s it.
This is where we need the memory and the decent size hard drive. I have tried running virtual machines on a box with only 4 GB of memory and it didn’t work out well. There’s just not enough memory. When it comes to running things from a laptop I tend to use a solid state drive coupled with an external drive. I keep most of my virtual machines on the external. There can be a bit of a slow down in information transfer but it hasn’t been an issue for anything I’m doing.
Choice of Linux OS is mostly a personal thing. I would recommend getting a few different distros. The first would be a standard distro: Fedora, Debian, OpenSUSE, or something similar. I use a 64 bit distro for my regular use version of Linux, get a 32 bit version as well. I would recommend getting something 32 bit that doesn’t use a lot of kernel hardening out of the box, that will become useful when going through some topics like buffer overflows. The 32 bit stack and 64 bit stack are different, and Hacking the Art of Exploration was written in 2008 for the second edition and was using a 32 bit OS, you can even go and download the OS that came with the book still if you’d like. Rather than download the book OS I am configuring a more modern distro to run the exploits in the book. Configuring the modern system to allow the exploits to work correctly shows what kind of countermeasures are being deployed. Also books like the Rootkit Arsenal 2nd edition focuses on Windows 32 bit as well.
Next I would recommend getting Arch Linux. The reason is that you will get a crash course in Linux system administration just from the install process. If you keep going and use it for experimenting and breaking/fixing you will be well on your way to being very good with Linux. After using Arch for several months I love it and am wary of it at the same time. If I have something that is critical and has to be there when I need it I will generally use a different distro. But I definitely keep Arch and Antergos around.
Notice that I made no mention of getting Kali, Blackarch, or any other pentesting distro. These are great distro’s and I am a big fan of Parrot as well, but they aren’t really necessary starting out. When we need one of the tools available we can get it and install it. Learning to read documentation is important as well.
The next thing you need are programming tools. A text editor, I like gvim and Atom. I’m not that big a fan of IDE’s but I use IntelliJ for Java and Scala programming. These are all personal preference. Get and use whichever you are most comfortable with.
Tomorrow I’ll move on to some basic knowledge that is necessary to get started. If you’re starting from scratch don’t worry. Just make generous use of Google to find out what everything is and learn what you need as we go.
99 days left.