Download Certified Ethical Hacker 9 and more Exercises Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!
i
The Training Company
Certified Ethical Hacker 9 (CEH v9)
Certified Ethical Hacker Training Program
Most Advanced Hacking Course
What's New in CEH V9?
¢ Focus on New Attack Vectors
¢ New Vulnerabilities including Heartbleed & Poodle
* More than 40% new tools & over 1500 new labs
¢ Threats to latest operating systems and cloud computing technology
¢ Threats to mobile platforms & tablet computers
* Coverage of new case studies, trojans, viruses & backdoors
CEH Training by ATRC This CEH course puts you in the driver’s seat of a handson environment with a systematic process. Here, you will be exposed to an entirely different way of achieving optimal information security posture in their organization; by hacking it! You will scan, test, hack and secure your own systems. You will be thought the five phases of CEH and thought how you can approach your target and succeed at breaking in every time! The five phases include Reconnaissance, Gaining Access, Enumeration, Maintaining Access, and covering your tracks. Underground Cracking Tools The hacking tools and techniques in each of these five phases are provided in detail in an encyclopedic approach to help you identify when an attack has been used against your own targets. Why then is this training called the CEH Course? This is because by using the same techniques as the bad guys, you can assess the security posture of an organization with the same approach these malicious crackers use, identify weaknesses and fix the problems before they are identified by the enemy, causing what could potentially be a catastrophic damage to your respective organization. We live in an age where attacks are all susceptible and come from anyplace at any time and we never know how skilled, wellfunded, or persistent the threat will be. Throughout the CEH course, you will be immersed in a cracker's mindset, evaluating not just logical, but physical security. Exploring every possible point of entry to find the weakest link in an organization. From the end user, the secretary, the CEO, misconfigurations, vulnerable times during migrations even information left in the dumpster. could potentially be a catastrophic damage to your respective organization. Throughout the CEH course, you will be immersed in a cracker's mindset, evaluating not just logical, but physical security. What is new in version 9 This is the worlds most advanced CEH course with 18 of the most current security domains any ethical cracker will ever want to know when they are planning to beef up the information security posture of their organization. In 18 comprehensive modules, the course covers 270 attack technologies, commonly used by crackers. Real Life Scenario Our security experts have designed over 140 labs which mimic real time scenarios in the course to help you “live” through an attack as if it were real and provide you with access to over 2200 commonly used hacking tools to immerse you into the cracker world.
The CEH training course will significantly benefit security officers, auditors, security professionals,
site administrators, and anyone who is concerned about the integrity of the network infrastructure.
Certified CEH FAQs What makes the CEH and Countermeasures course different from other courses in the market? The CEH and Countermeasures course prepares candidates for the CEH exam offered by EC Council. The course focuses on hacking techniques and technology from an offensive perspective. The advanced security course is regularly updated to reflect latest developments in the domain, including new hacking techniques, exploits, automated programs as well as defensive recommendations as outlined by experts in the field. The CEH body of knowledge represents detailed contributions from security experts, academicians, industry practitioners and the security community at large. What is "Cracking techniques and technology"? Cracking techniques represent ways and means by which computer programs can be made to behave in ways they are not meant to. These techniques extend beyond the technology domain and can be applied to test security policies and procedures. Cracking technology is used to refer to those tools and automated programs that can be used by perpetrators against an organization to incur critical damage. As technology advances, the skill required to execute a hack is much lesser as precompiled programs are available to effect havoc with simple point and click. Aren't tools meant for script kiddies? Does it matter if an elite cracker writes a buffer overflow or a script kiddy runs a tool if the target system gets compromised anyway? The point of emphasis here is that the enemy may be intellectually great or small, but he requires just one port of entry to wreck damage while the organization has the entire perimeter to guard with limited time and resources. Who teaches your course? Since the CEH Course is related more to cracking, it would be apt to have a real cracker teach it. However real crackers are usually those who used to be spoiled brats who had plenty of time to explore the field. So what we have is real hackers who have system administration experience collaborating along with real crackers who used to penetrate networks as consultants for our courses at ATRC. Certainly, experience is the greatest teacher. A real hacker would not know all the tricks and techniques which are used by the crackers. Many techniques are representative of the different lama CEH. What is my level?
Congratulations on becoming a CEH. You have joined elite group of professionals around the
world. Your next level is to become a Licensed Penetration Tester (LPT).
s meant that I have been able to prove my
-testing arena to colleagues and external
-Council qualification with my ISC2 and
CISCO certifications enables me to show a broad understanding of
many of the key areas to which my job role is currently ed. I feel
that this enhances the confidence increases Wee CemomenTe oC MMn NY
those that receive my servic
Paul Humphrey, CEH
Ministry of Defense, UK
Legal Agreement CEH and Countermeasures course mission is to educate, introduce and demonstrate cracking tools for penetration testing purposes only. Prior to attending this course, you will be asked to sign an agreement stating that you will not use the newly acquired skills for illegal or malicious attacks and you will not use such tools in an attempt to compromise any computer system, and to indemnify ECCouncil and ATRC with respect to the use or misuse of these tools, regardless of intent. What is New in the CEHV9 Course This is the worlds most advanced cracking course with 18 of the most current security domains any cracker will ever want to know when they are planning to beef up the information security posture of their organization. In 18 comprehensive modules, the course covers over 270 attack technologies, commonly used by crackers. Our security experts have designed over 140 labs which mimic real time scenarios in the course to help you “live” through an attack as if it were real and provide you with access to over 2200 commonly used hacking tools to immerse you into the cracker world. As “a picture tells a thousand words”, our developers have all this and more for you in over 2200 graphically rich, specially designed slides to help you grasp complex security concepts in depth which will be presented to you in 5 day hands on class by our Instructor. The goal of this course is to help you master an CEH methodology that can be used in a penetration testing or CEH situation. You walk out the door with CEH skills that are highly in demand, as well as the globally recognized CEH certification! This course prepares you for ECCouncil CEH exam 31250. In short, you walk out the door with cracking skills that are high in demand, as well as the internationally recognized CEH cracking certification! Course Outline Version 9
CEHVv9 consists of 18 core modules designed to facilitate a comprehensive ethical hacking and
penetration testing training.
Introduction to | Footprinting and
lsiaaltet-| Maccledlare} Reconnaissance
Malware
System Hacking Threat
Denial of Session
Relay ial aU ELecals]
Scanning
Networks
aE Ta ate}
Aloe
Hacking Wireless
Networks
Prerequisites
* Basic Networking.
Hacking Mobile
Platforms
¢ Basic Knowledge of server and network components.
sSfefel||
Engineering
Hacking Web
Applications
Evading IDS,
Firewalls, and
Honeypot
CEH (312-50)Exam
Section Knowledge of: Weight a
Background A networking technologies (e.g., hardware, a 5
infrastructure)
8 webtechnologen be. webaeysigad
C systems technologies
D | communication protocols
E | malware operations
F mobile technologies (e.g., smart phones)
G | telecommunication technologies
H_ | backups and archiving (e.g., local, network)
Analysis/Assessment A | data analysis 15% 16
B | systems analysis
C risk assessments
D_ | technical assessment methods
Security A systems security controls =n a
B application/fileserver
Cc firewalls
D = cryptography
E network security
F physical security
G threat modeling
H_ | verification procedures (e.g. false
Number of
Section Knowlerlge of: Weight mamens
| positive/negative validation)
social engineering (human factors
manipulation)
J | vulnerability scanners
K | security policy implications
L_ | privacy/confidentiality (with regard to
| engagement)
M i biometrics
N | wireless access technology (e.g., networking,
_ RFID, Blue tooth)
O | trusted networks
P | vulnerabilities
Toole/Systems/Programs: | , |. ssassleshodt based intiisidin aa *
B | network/wireless sniffers (e.g., WireShark,
Airsnort)
C access control mechanisms (e.g., smart cards)
D | cryptography techniques (e.g., IPsec, SSL,
PGP)
E programming languages (e.g. C++, Java, Cit, C)
F | scripting languages (c.g., PHP, Java script)
G@ | boundary protection appliances (e.g., DMZ)
H | network topologies
subnetting
J port scanning (e.g, NMAP)
K | domain name system (DNS)
Number of
Section Knowledge of: Weight uae
L | routers/modems/switches
M | vulnerability scanner (e.g., Nessus, Retina)
N vulnerability management and protection
systems (2.g., Foundstone, Ecora)
© operating environments (e.g, Linux,
Windows, Mac)
P = antivirus systems and programs
Q__ loganalysis tools
R__ security models
S | exploitation tools
T database structures
Procedures/Methodology cxyptogrephy 20% 25
B public key infrastructure (PKI)
C | Security Architecture (SA)
D | Service Oriented Architecture (SOA)
E | information security incident management
F | N-tier application design
G | TCP/IP networking (e.g., network routing)
H_ = security testing methodology
Regulation/Policy A | security policies 4% 5
B | compliance regulations (e.g., PCI)
Bthles A | proteantonstegavoreongay an .
Submit an acceptable pen testing report based on pen testing performed over ECCouncil’s secure cyber range 2. ELIGIBILITY PROCESS Applicant will need to go to https://cert.eccouncil.org/ExamEligibilityForm.html to fill in an online request for the Eligibility Application Form. Applicant will receive an electronic Exam Eligibility Application Form and the applicant will need to complete the information required on the form. Submit the completed Exam Eligibility Application form. The Application is valid only for 60 days from the date when Application is submitted. Should we not received any update from the applicant post 60 days, the Application will be automatically rejected. Applicant will need to submit a new application form. Waiting time for processing of Eligibility Application is approximately 5 working days after receiving the verification from verifier. Should the applicant not hear from us after 5 working days, the applicant can contact For USA/Canada/LATAM applicants – applicationservices@eccouncil.org For International applicants – cehapp@eccouncil.org ECCouncil will contact applicant’s Boss/ Supervisor/ Department head, who have agreed to act as applicant’s verifier in the application form, for authentication purposes. For verification of Educational Background ECCouncil requires a written letter in physical or electronic format confirming the certification(s) earned by the candidate. If application is approved, applicant will be required to purchase a voucher from ECCouncil DIRECTLY. ECCouncil will then send the candidate the eligibility code and the voucher code which candidate can use to register and schedule the test at any Authorized Prometric or VUE Testing Center globally. Please note that Prometric and VUE Registration will not entertain any requests without the eligibility code. The Approved application stands valid for 3 months from the date of Approval, the candidate needs to test 3 months from date of Approval. An extension request will require the Approval of Cert director. If application is not approved, the application fee of USD 100 will not be refunded. Important Note: Successful applicant will be required to purchase an exam voucher DIRECTLY from ECCouncil through the webstore at www.eccouncil.org/store.aspx before the eligibility code is released to the applicant. For students who took CBT solutions through authorized partners like Specialized Solutions/Quickcert, they will need to provide proof of purchase of self-study kit from the
authorized provider when requesting for eligibility codes.
Warning:
Candidates whose eligibility code does not match the details in the eligibility application and that
bears a different voucher code than which was provided will not be certified.
EC-Council reserves the right to revoke the certification status of candidates who attempt this exam
without a valid eligibility voucher number.
Format : Classroom Duration : 56 Hours (7 Days) Classroom course fees : AED 15,000. Discounts available for groups. Format : Distance Learning Training duration : Max 120 days from date of registration. Course Fees : AED 15,000. Distance Learning introductory offer AED 5000 for the first 10 participants. Duration : 56 Hours of distance learning lectures. Course Testing Format This course contains regular assignments, quizzes and exams to assist in keeping the participant on track and focused on the topic. Contact : Mr. Khawar Nehal 971556398386, 97167443295 Email : cehv9training @atrc.net.pk Web : http://atrc.net.pk other hackers who have produced code that you use and value. Lots of small but continuing donations add up quickly, and can free the people who have given you gifts of their labor to create more value. What Is a Hacker? The Jargon File contains a bunch of definitions of the term ‘hacker’, most having to do with technical adeptness and a delight in solving problems and overcoming limits. If you want to know how to become a hacker, though, only two are really relevant. There is a community, a shared culture, of expert programmers and networking wizards that traces its history back through decades to the first timesharing minicomputers and the earliest ARPAnet experiments. The members of this culture originated the term ‘hacker’. Hackers built the Internet. Hackers made the Unix operating system what it is today. Hackers make the World Wide Web work. If you are part of this culture, if you have contributed to it and other people in it know who you are and call you a hacker, you're a hacker. The hacker mindset is not confined to this softwarehacker culture. There are people who apply the hacker attitude to other things, like electronics or music — actually, you can find it at the highest levels of any science or art. Software hackers recognize these kindred spirits elsewhere and may call them ‘hackers’ too — and some claim that the hacker nature is really independent of the particular medium the hacker works in. But in the rest of this document we will focus on the skills and attitudes of software hackers, and the traditions of the shared culture that originated the term ‘hacker’. There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end. The basic difference is this: hackers build things, crackers break them. If you want to be a hacker, keep reading. If you want to be a cracker, go read the alt.2600 newsgroup and get ready to do five to ten in the slammer after finding out you aren't as smart as you think you are. And that's all I'm going to say about crackers. The Hacker Attitude 1. The world is full of fascinating problems waiting to be solved. 2. No problem should ever have to be solved twice. 3. Boredom and drudgery are evil. 4. Freedom is good. 5. Attitude is no substitute for competence. Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude. But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you'll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mindset of masters — not just intellectually but emotionally as well. Or, as the following modern Zen poem has it: To follow the path: look to the master, follow the master, walk with the master, see through the master, become the master. So, if you want to be a hacker, repeat the following things until you believe them: 1. The world is full of fascinating problems waiting to be solved. Being a hacker is lots of fun, but it's a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence. If you aren't the kind of person that feels this way naturally, you'll need to become one in order to make it as a hacker. Otherwise you'll find your hacking energy is sapped by distractions like sex, money, and social approval. (You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you'll learn enough to solve the next piece — and so on, until you're done.) 2. No problem should ever have to be solved twice. Creative brains are a valuable, limited resource. They shouldn't be wasted on reinventing the wheel when there are so many fascinating new problems waiting out there. To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it's almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re address old ones. Note, however, that "No problem should ever have to be solved twice." does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn't know before by studying the first cut at a solution. It's OK, and often necessary, to decide that we can do better. What's not OK is artificial technical, legal, or institutional barriers (like closedsource code) that prevent a good solution from being reused and force people to reinvent wheels. (You don't have to believe that you're obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It's consistent with hacker values to sell enough of it to keep you in food and rent and computers. It's fine to use your hacking skills to support a family or even get rich, as long as you don't forget your loyalty to your art and your fellow hackers while doing it.) 3. Boredom and drudgery are evil. Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren't doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil. To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers). (There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mindclearing exercise, or in order to acquire a skill or have some particular kind of experience you can't have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.) 4. Freedom is good. Hackers are naturally antiauthoritarian. Anyone who can give you orders can stop you from solving whatever problem you're being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers. (This isn't the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that's a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.) Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and informationsharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception is (a) reading code and (b) writing code. Peter Norvig, who is one of Google's top hackers and the coauthor of the most widely used textbook on AI, has written an excellent essay called Teach Yourself Programming in Ten Years. His "recipe for programming success" is worth careful attention. Learning to program is like learning to write good natural language. The best way to do it is to read some stuff written by masters of the form, write some things yourself, read a lot more, write a little more, read a lot more, write some more ... and repeat until your writing begins to develop the kind of strength and economy you see in your models. I have had more to say about this learning process in How To Learn Hacking. It's a simple set of instructions, but not an easy one. Finding good code to read used to be hard, because there were few large programs available in source for fledgeling hackers to read and tinker with. This has changed dramatically; opensource software, programming tools, and operating systems (all built by hackers) are now widely available. Which brings me neatly to our next topic... 2. Get one of the opensource Unixes and learn to use and run it. I'll assume you have a personal computer or can get access to one. (Take a moment to appreciate how much that means. The hacker culture originally evolved back when computers were so expensive that individuals could not own them.) The single most important step any newbie can take toward acquiring hacker skills is to get a copy of Linux or one of the BSDUnixes, install it on a personal machine, and run it. Yes, there are other operating systems in the world besides Unix. But they're distributed in binary — you can't read the code, and you can't modify it. Trying to learn to hack on a Microsoft Windows machine or under any other closedsource system is like trying to learn to dance while wearing a body cast. Under Mac OS X it's possible, but only part of the system is open source — you're likely to hit a lot of walls, and you have to be careful not to develop the bad habit of depending on Apple's proprietary code. If you concentrate on the Unix under the hood you can learn some useful things. Unix is the operating system of the Internet. While you can learn to use the Internet without knowing Unix, you can't be an Internet hacker without understanding Unix. For this reason, the hacker culture today is pretty strongly Unixcentered. (This wasn't always true, and some oldtime hackers still aren't happy about it, but the symbiosis between Unix and the Internet has become strong enough that even Microsoft's muscle doesn't seem able to seriously dent it.) So, bring up a Unix — I like Linux myself but there are other ways (and yes, you can run both Linux and Microsoft Windows on the same machine). Learn it. Run it. Tinker with it. Talk to the Internet with it. Read the code. Modify the code. You'll get better programming tools (including C, LISP, Python, and Perl) than any Microsoft operating system can dream of hosting, you'll have fun, and you'll soak up more knowledge than you realize you're learning until you look back on it as a master hacker. For more about learning Unix, see The Loginataka. You might also want to have a look at The Art Of Unix Programming. The blog Let's Go Larval! is a window on the learning process of a a new Linux user that I think is unusually lucid and helpful. The post How I Learned Linux makes a good starting point. To get your hands on a Linux, see the Linux Online! site; you can download from there or (better idea) find a local Linux user group to help you with installation. During the first ten years of this HOWTO's life, I reported that from a new user's point of view, all Linux distributions are almost equivalent. But in 20062007, an actual best choice emerged: Ubuntu. While other distros have their own areas of strength, Ubuntu is far and away the most accessible to Linux newbies. Beware, though, of the hideous and nighunusable "Unity" desktop interface that Ubuntu introduced as a default a few years later; the Xubuntu or Kubuntu variants are better. You can find BSD Unix help and resources at www.bsd.org. A good way to dip your toes in the water is to boot up what Linux fans call a live CD, a distribution that runs entirely off a CD without having to modify your hard disk. This will be slow, because CDs are slow, but it's a way to get a look at the possibilities without having to do anything drastic. I have written a primer on the basics of Unix and the Internet. I used to recommend against installing either Linux or BSD as a solo project if you're a newbie. Nowadays the installers have gotten good enough that doing it entirely on your own is possible, even for a newbie. Nevertheless, I still recommend making contact with your local Linux user's group and asking for help. It can't hurt, and may smooth the process. 3. Learn how to use the World Wide Web and write HTML. Most of the things the hacker culture has built do their work out of sight, helping run factories and offices and universities without any obvious impact on how nonhackers live. The Web is the one big exception, the huge shiny hacker toy that even politicians admit has changed the world. For this reason alone (and a lot of other good ones as well) you need to learn how to work the Web. This doesn't just mean learning how to drive a browser (anyone can do that), but learning how to write HTML, the Web's markup language. If you don't know how to program, writing HTML will teach you some mental habits that will help you learn. So build a home page. But just having a home page isn't anywhere near good enough to make you a hacker. The Web is full of home pages. Most of them are pointless, zerocontent sludge — very snazzylooking sludge, mind you, but sludge all the same (for more on this see The HTML Hell Page). To be worthwhile, your page must have content — it must be interesting and/or useful to other hackers. And that brings us to the next topic... 4. If you don't have functional English, learn it. As an American and native Englishspeaker myself, I have previously been reluctant to suggest this, lest it be taken as a sort of cultural imperialism. But several native speakers of other languages have urged me to point out that English is the working language of the hacker culture and the Internet, and that you will need to know it to function in the hacker community. Back around 1991 I learned that many hackers who have English as a second language use it in technical discussions even when they share a birth tongue; it was reported to me at the time that English has a richer technical vocabulary than any other language and is therefore simply a better tool for the job. For similar reasons, translations of technical books written in English are often unsatisfactory (when they get done at all). Linus Torvalds, a Finn, comments his code in English (it apparently never occurred to him to do otherwise). His fluency in English has been an important factor in his ability to recruit a worldwide community of developers for Linux. It's an example worth following. Being a native Englishspeaker does not guarantee that you have language skills good enough to function as a hacker. If your writing is semiliterate, ungrammatical, and riddled with misspellings, many hackers (including myself) will tend to ignore you. While sloppy writing does not invariably mean sloppy thinking, we've generally found the correlation to be strong — and we have no use for sloppy thinkers. If you can't yet write competently, learn to. The Hacker/Nerd Connection Contrary to popular myth, you don't have to be a nerd to be a hacker. It does help, however, and many hackers are in fact nerds. Being something of a social outcast helps you stay concentrated on the really important things, like thinking and hacking. For this reason, many hackers have adopted the label ‘geek’ as a badge of pride — it's a way of declaring their independence from normal social expectations (as well as a fondness for other things like science fiction and strategy games that often go with being a hacker). The term 'nerd' used to be used this way back in the 1990s, back when 'nerd' was a mild pejorative and 'geek' a rather harsher one; sometime after 2000 they switched places, at least in U.S. popular culture, and there is now even a significant geekpride culture among people who aren't techies. If you can manage to concentrate enough on hacking to be good at it and still have a life, that's fine. This is a lot easier today than it was when I was a newbie in the 1970s; mainstream culture is much friendlier to technonerds now. There are even growing numbers of people who realize that hackers are often highquality lover and spouse material. If you're attracted to hacking because you don't have a life, that's OK too — at least you won't have trouble concentrating. Maybe you'll get a life later on. Points For Style Again, to be a hacker, you have to enter the hacker mindset. There are some things you can do when you're not at a computer that seem to help. They're not substitutes for hacking (nothing is) but many hackers do them, and feel that they connect in some basic way with the essence of hacking. • Learn to write your native language well. Though it's a common stereotype that programmers can't write, a surprising number of hackers (including all the most accomplished ones I know of) are very able writers. • Read science fiction. Go to science fiction conventions (a good way to meet hackers and protohackers). • Join a hackerspace and make things (another good way to meet hackers and protohackers). • Train in a martialarts form. The kind of mental discipline required for martial arts seems to be similar in important ways to what hackers do. The most popular forms among hackers are definitely Asian emptyhand arts such as Tae Kwon Do, various forms of Karate, Kung Fu, Aikido, or Ju Jitsu. Western fencing and Asian sword arts also have visible followings. In places where it's legal, pistol shooting has been rising in popularity since the late 1990s. The most hackerly martial arts are those which emphasize mental discipline, relaxed awareness, and precise control, rather than raw strength, athleticism, or physical toughness. • Study an actual meditation discipline. The perennial favorite among hackers is Zen (importantly, it is possible to benefit from Zen without acquiring a religion or discarding one you already have). Other styles may work as well, but be careful to choose one that doesn't require you to believe crazy things. • Develop an analytical ear for music. Learn to appreciate peculiar kinds of music. Learn to play some musical instrument well, or how to sing. • Develop your appreciation of puns and wordplay. The more of these things you already do, the more likely it is that you are natural hacker material. Why these things in particular is not completely clear, but they're connected with a mix of left and rightbrain skills that seems to be important; hackers need to be able to both reason logically and step outside the apparent logic of a problem at a moment's notice. Work as intensely as you play and play as intensely as you work. For true hackers, the boundaries between "play", "work", "science" and "art" all tend to disappear, or to merge into a highlevel creative playfulness. Also, don't be content with a narrow range of skills. Though most hackers self describe as programmers, they are very likely to be more than competent in several related skills — system administration, web design, and PC hardware troubleshooting are common ones. A hacker who's a system administrator, on the other hand, is likely to be quite skilled at script programming and web design. Hackers don't do things by halves; if they invest in a skill at all, they tend to get very good at it. Finally, a few things not to do. • Don't use a silly, grandiose user ID or screen name. • Don't get in flame wars on Usenet (or anywhere else). • Don't call yourself a ‘cyberpunk’, and don't waste your time on anybody who does. • Don't post or email writing that's full of spelling errors and bad grammar. The only reputation you'll make doing any of these things is as a twit. Hackers have long memories — it could take you years to live your early blunders down enough to be accepted. The problem with screen names or handles deserves some amplification. Concealing your identity behind a handle is a juvenile and silly behavior characteristic of crackers, warez d00dz, and other lower life forms. Hackers don't do this; they're proud of what they do and want it associated with their real names. So if you have a handle, drop it. In the hacker culture it will only mark you as a loser. Historical Note: Hacking, Open Source, and Free Software When I originally wrote this howto in late 1996, some of the conditions around it were very different from the way they look today. A few words about these changes may help clarify matters for people who are confused about the relationship of open source, free software, and Linux to the hacker community. If you are not curious about this, you can skip straight to the FAQ and bibliography from here. The hacker ethos and community as I have described it here long predates the emergence of Linux after 1990; I first became involved with it around 1976, and, its roots are readily traceable back to the early 1960s. But before Linux, most hacking was done on either proprietary operating systems or a handful of quasiexperimental homegrown systems like MIT's ITS that were never deployed outside of their original academic niches. While there had been some earlier (preLinux) attempts to change this situation, their impact was at best very marginal and confined to communities of dedicated true believers which were tiny minorities even within the hacker community, let alone with respect to the larger world of software in general. What is now called "open source" goes back as far as the hacker community does, but until 1985 it was an unnamed folk practice rather than a conscious movement with theories and manifestos attached to it. This prehistory ended when, in 1985, archhacker Richard Stallman ("RMS") tried to give it a name — "free software". But his act of naming was also an act of claiming; he attached ideological baggage to the "free software" label which much of the existing hacker community never accepted. As a result, the "free software" label was loudly rejected by a substantial minority of the hacker community (especially among those associated with BSD Unix), and used with serious but silent reservations by a majority of the remainder (including myself). Despite these reservations, RMS's claim to define and lead the hacker community under the "free software" banner broadly held until the mid1990s. It was seriously challenged only by the rise of Linux. Linux gave opensource development a natural home. Many projects issued under terms we would now call opensource migrated from proprietary Unixes to Linux. The community around Linux grew explosively, becoming far larger and more heterogenous than the preLinux hacker culture. RMS determinedly attempted to coopt all this activity into his "free software" movement, but was thwarted by both the exploding diversity of the Linux community and the public skepticism of its founder, Linus Torvalds. Torvalds continued to use the term "free software" for lack of any alternative, but publicly rejected RMS's ideological baggage. Many younger hackers followed suit. In 1996, when I first published this Hacker HOWTO, the hacker community was rapidly reorganizing around Linux and a handful of other opensource operating systems (notably those descended from BSD Unix). Community memory of the fact that most of us had spent decades developing closedsource software on closedsource operating systems had not yet begun to fade, but that fact was already beginning to seem like part of a dead past; hackers were, increasingly, defining themselves as hackers by their attachments to opensource projects such as Linux or Apache. The term "open source", however, had not yet emerged; it would not do so until early 1998. When it that make the world a richer and more humane place? But a note of caution is in order here. The hacker community has some specific, primarily defensive political interests — two of them are defending freespeech rights and fending off "intellectualproperty" power grabs that would make open source illegal. Some of those longterm projects are civilliberties organizations like the Electronic Frontier Foundation, and the outward attitude properly includes support of them. But beyond that, most hackers view attempts to systematize the hacker attitude into an explicit political program with suspicion; we've learned, the hard way, that these attempts are divisive and distracting. If someone tries to recruit you to march on your capitol in the name of the hacker attitude, they've missed the point. The right response is probably “Shut up and show them the code.” The third test has a tricky element of recursiveness about it. I observed in the section called “What Is a Hacker?” that being a hacker is partly a matter of belonging to a particular subculture or social network with a shared history, an inside and an outside. In the far past, hackers were a much less cohesive and selfaware group than they are today. But the importance of the socialnetwork aspect has increased over the last thirty years as the Internet has made connections with the core of the hacker subculture easier to develop and maintain. One easy behavioral index of the change is that, in this century, we have our own Tshirts. Sociologists, who study networks like those of the hacker culture under the general rubric of "invisible colleges", have noted that one characteristic of such networks is that they have gatekeepers — core members with the social authority to endorse new members into the network. Because the "invisible college" that is hacker culture is a loose and informal one, the role of gatekeeper is informal too. But one thing that all hackers understand in their bones is that not every hacker is a gatekeeper. Gatekeepers have to have a certain degree of seniority and accomplishment before they can bestow the title. How much is hard to quantify, but every hacker knows it when they see it. Q: Will you teach me how to hack? A: Since first publishing this page, I've gotten several requests a week (often several a day) from people to "teach me all about hacking". Unfortunately, I don't have the time or energy to do this; my own hacking projects, and working as an opensource advocate, take up 110% of my time. Even if I did, hacking is an attitude and skill you basically have to teach yourself. You'll find that while real hackers want to help you, they won't respect you if you beg to be spoonfed everything they know. Learn a few things first. Show that you're trying, that you're capable of learning on your own. Then go to the hackers you meet with specific questions. If you do email a hacker asking for advice, here are two things to know up front. First, we've found that people who are lazy or careless in their writing are usually too lazy and careless in their thinking to make good hackers — so take care to spell correctly, and use good grammar and punctuation, otherwise you'll probably be ignored. Secondly, don't dare ask for a reply to an ISP account that's different from the account you're sending from; we find people who do that are usually thieves using stolen accounts, and we have no interest in rewarding or assisting thievery. Q: How can I get started, then? A: The best way for you to get started would probably be to go to a LUG (Linux user group) meeting. You can find such groups on the LDP General Linux Information Page; there is probably one near you, possibly associated with a college or university. LUG members will probably give you a Linux if you ask, and will certainly help you install one and get started. Your next step (and your first step if you can't find a LUG nearby) should be to find an opensource project that interests you. Start reading code and reviewing bugs. Learn to contribute, and work your way in. The only way in is by working to improve your skills. If you ask me personally for advice on how to get started, I will tell you these exact same things, because I don't have any magic shortcuts for you. I will also mentally write you off as a probable loser because if you lacked the stamina to read this FAQ and the intelligence to understand from it that the only way in is by working to improve your skills, you're hopeless. Another interesting possibility is to go visit a hackerspace. There is a burgeoning movement of people creating physical locations maker's clubs where they can hang out to work on hardware and software projects together, or work solo in a cogenial atmosphere. Hackerspaces often collect tools and specialized equipment that would be too expensive or logistically inconvenient for individuals to own. Hackerspaces are easy to find on the Internet; one may be located near you. Q: When do you have to start? Is it too late for me to learn? A: Any age at which you are motivated to start is a good age. Most people seem to get interested between ages 15 and 20, but I know of exceptions in both directions. Q: How long will it take me to learn to hack? A: That depends on how talented you are and how hard you work at it. Most people who try can acquire a respectable skill set in eighteen months to two years, if they concentrate. Don't think it ends there, though; in hacking (as in many other fields) it takes about ten years to achieve mastery. And if you are a real hacker, you will spend the rest of your life learning and perfecting your craft. Q: Is Visual Basic a good language to start with? A: If you're asking this question, it almost certainly means you're thinking about trying to hack under Microsoft Windows. This is a bad idea in itself. When I compared trying to learn to hack under Windows to trying to learn to dance while wearing a body cast, I wasn't kidding. Don't go there. It's ugly, and it never stops being ugly. There is a specific problem with Visual Basic; mainly that it's not portable. Though there is a prototype opensource implementations of Visual Basic, the applicable ECMA standards don't cover more than a small set of its programming interfaces. On Windows most of its library support is proprietary to a single vendor (Microsoft); if you aren't extremely careful about which features you use — more careful than any newbie is really capable of being — you'll end up locked into only those platforms Microsoft chooses to support. If you're starting on a Unix, much better languages with better libraries are available. Python, for example. Also, like other Basics, Visual Basic is a poorlydesigned language that will teach you bad programming habits. No, don't ask me to describe them in detail; that explanation would fill a book. Learn a welldesigned language instead. One of those bad habits is becoming dependent on a single vendor's libraries, widgets, and development tools. In general, any language that isn't fully supported under at least Linux or one of the BSDs, and/or at least three different vendors' operating systems, is a poor one to learn to hack in. Q: Would you help me to crack a system, or teach me how to crack? A: No. Anyone who can still ask such a question after reading this FAQ is too stupid to be educable even if I had the time for tutoring. Any emailed requests of this kind that I get will be ignored or answered with extreme rudeness. Q: How can I get the password for someone else's account? A: This is cracking. Go away, idiot. Q: How can I break into/read/monitor someone else's email? A: This is cracking. Get lost, moron. Q: How can I steal channel op privileges on IRC? A: This is cracking. Begone, cretin. Q: I've been cracked. Will you help me fend off further attacks? A: No. Every time I've been asked this question so far, it's been from some poor sap running Microsoft Windows. It is not possible to effectively secure Windows systems against crack attacks; the code and architecture simply have too many flaws, which makes securing Windows like trying to bail out a boat with a sieve. The only reliable prevention starts with switching to Linux or some other operating system that is designed to at least be capable of security. pointers to where to get the most commonly used free Unix. To be a hacker you need
motivation and initiative and the ability to educate yourself. Start now...