It seems to me that ethical hacker would also be know as white hat hacker, as opposed to black hat hacker. Forensics would, I believe refer to data recovery, often in cases where the hardware, hardware abstraction layer or software becomes defunct, (Highly Technical Term) or has been hacked. I think forensics can also refer to finding out who the hacker is. Which was the purpose of Satan: http://en.wikipedia.org/wiki/Security_Administrator_Tool_for_Analyzing_Networks
Steve Gibson, author of spinRite has an audio collection of security issues. Although much of it you will already be familiar with, some of it, I'm sure, you will find very informative. Steve often explains, in general terms, how hackers access control of a computer through various types vulnerabilities. Also he discusses in general many of the vulnerabilities that have been discovered over time, currently and many solutions. Also he often discusses windows vulnerabilities which you may or may not be interested in understanding, but often linux SysAdmins have to deal with windows problems. http://www.grc.com/securitynow.htm Keep in mind that all security vulnerabilities are based on about 50 to 60 basic types of vulnerabilities that exist in computer architecture. Attempts have been made by hardware developers to address some of these problems, such as buffer overruns, but I don't know how successful they have been. What happens is that when programmers write Operating systems or Application programs, the vulnerabilities get written into the code. Go to the hacker sites, you know the ones from Russia and such, and get the hacker tools that they sell the second Tuesday of the month. (because that is when Microsoft releases their security patches) You can then test out their hacker tools, (on your own personal box and you may be able to discover what they are doing. Or read on their websites about what they claim to be selling. That may seem extremely difficult, but that's how the hacker in Russia, and/or other eastern European countries do it. They get the binary code from the Microsoft patches, and they have their hacker packages ready to sell the same day. Also you can look at the patches which Microsoft is releasing on the second Tuesday of the month (And I don't mean the code, because do not believe it is open source, it will just be binary I think) but if you look at what programs the patches are for, and see what Microsoft publishes about the vulnerability they are addressing (that is if Microsoft does publish release notes on the patches) then that will help you understand current real world vulnerabilities. If you open it in an assembler, you can see the hexadecimal. You can compare the hexadecimal of the Microsoft patch with the hexadecimal of the hacker tool, and you may be able to find some clues about what they are doing. Here is a website that may be able to help you decipher the hexadecimal to some point: http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm There are other sites like it, and this page probably has some good links that if you follow, you will be able to learn a lot. I'm pretty sure that reading the hex is one of the techniques that the Eastern Europeans use to find vulnerabilities. I'm also pretty sure that when those 50 to 60 types of basic computer vulnerabilities are written into the code, hackers are able to identify them in the hexadecimal. Just a little insight from my own personal research on "ethical hacking." Paul On Tue, Feb 22, 2011 at 12:00 AM, Mark Holmquist <marktrac...@gmail.com> wrote: >> Any advice on resources and reading materials videos or applications on >> ethical hacking? I am trying to avoid a $4,000.00 class in some other city >> to learn. > > http://www.catb.org/~esr/faqs/hacker-howto.html#what_is > > Start by knowing your terminology--you mean "cracking," probably. Practically > all hacking is ethical. > > -- > Mark Holmquist > Student, Computer Science > University of Redlands > marktrac...@gmail.com > _______________________________________________ > LinuxUsers mailing list > LinuxUsers@socallinux.org > http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers > _______________________________________________ LinuxUsers mailing list LinuxUsers@socallinux.org http://socallinux.org/cgi-bin/mailman/listinfo/linuxusers
