Vault

From the earliest days of software technology, the term hacker has been used to describe someone who was particularly proficient with technology.  While the term “hacker” has come to mean something malicious to those with only a cursory understanding of geek culture, it is still held as a term of high regard among those who know otherwise.  Lately I have gotten the question from students in my IT/IS classes concerning how best to become a “hacker”.  While the question they are asking is not precisely the information they want to know, I have decided to answer the question correctly.

While this may seem like a silly exercise, it actually has a long and storied tradition inside of hacker communities.  There are a number of well known “guides” that have circulated the halls of old Usenet and dusty Jargon files from many years back with contributions from such luminaries as Bruce Parens, Eric S. Raymond, and Larry Wall.  Basically I am going to offer a stupidly basic outline of what I would like to have learned, in the order I would like to have learned it in, to have developed my skill-set (or lack thereof) in the quickest fashion possible.

*One caveat is that I have changed this list 8 times in the last 3 weeks (which is why it has taken so long to post) and added another step just minutes before posting again.  My point is that I will probably continue making updates for a while and I would encourage anyone comments or suggestions on how it can be improved.

• Step 1: Start by visiting/read these websites, mailing lists, & newsgroups.. everyday!  ArsTechnica,  Phrack, SecList, Schneier on Security, OWASP, ITSecurity, cDc, and the LiquidMatrix Blog.  For extra credit read everything you can handle from the SANS Reading Room.  If you don’t understand what you are reading, Google it!
• Step 2: Build your own computer.  Check out the ArsTechnica System Guide to make sure you have compatible hardware that will actually be cost effective and then purchase the parts at PriceWatch (be sure to check the vendor ratings before you buy.)  Yes, you could actually buy a system “kit” from someplace like NewEgg but the value of this exercise is in learning the hows and whys of each component.
• Step 3: Install a Unix style OS on your newly built system… and/or every other system you can get your hands on.  I recommend either Fedora or Ubuntu to start with as they are the easiest to begin using but in reality any *nix style will work (i.e. FreeBSD, Linux mint, OpenSuse, OpenSolaris, etc.)  No hacker I know lives in Windows (well… unless they are gaming.)  Linux OSes provide access to a system on a level you simply will NEVER get on Windows.  This is partly because of the power of the Unix system model and partly because hackers develop for hackers on Linux/Unix.  After you install your new OS, use it, everyday, as your primary OS.
• Step 4: Make your own website… from scratch.  Go get a $6.00/month HostMonster account, decide on a domain name, learn FTP, setup an email account, and start making a website!  It is a cheep way to get some direct experience doing many of the most common web task.  Finally, got get a copy of the Lama, Pythonista, or Rails Tutorial and go through the ENTIRE tutorial thus creating your first dynamic website content.
• Step 5: Continue building your library.  Nobody can know everything there is to know about technology.  Having quick access to information that you have (at the very least) read before is a HUGE help.  Additionally, going through the programming and hacking literature will give you the best hands-on experience necessary to take the next steps.  You should own/have read as many of these as possible:
• Programming:  CC2,  SICP, the Camel, Design Patterns, Refactoring, K&R, the Dragon Book, The Little Schemer, and if your are really brave the “Art of Computer Programming.”
• IS Management: Peopleware and MMM.
• Networking: Computer Networking, Computer Networks, Unix Network Programming, and Hacking.
• Hacking: The Basics of Hacking and Penetration Testing, The Art of Intrusion, and Hacking (again.)
• Hacker Culture: The Hacker Crackdown, The Hacker Handbook, the updated Jargon File, Open Sources, Underground, and Stealing the Network.
• Others:  If you have any specific technology interests (say Cisco switches or MS SQL Server) find the appropriate user forums for those groups and ask their users which books are MUST reads.  One good technology book is better than 10 mediocre books.
• Step 6: Download the Linux From Scratch book and build your very own custom operating system from source code.  You will more about how operating systems work 99.9% of IT professionals do.  Doing your own OS build will change the way you see systems and how to protect them.  The results of a LFS build is not the system itself (you will probably go back to using Fedora shortly after finishing) but that you will NEVER go back to be just a technology user…