For those of you who don't know me, I'm a network security analyst and project manager. I lead a team of network security analysts whose job it is to perform vulnerability assessments for the Department of Defense and to perform penetration tests for some commercial customers. Not only do I lead my team and work the contracts/business side of the house, a lot of the time I find myself on the ground at testing sites, working side by side with my employees. I am a competent tester and a very technical person, so
when scheduling conflicts arise and my team can't cover testing completely, I step in and lend a hand. Previous to this gig, I worked as a UNIX administrator for nearly fifteen years and managed a 1500
Basically, I'm a technology hound. I like to know how things work and I don't stop researching until I
find a satisfactory answer.
But I'm not a celebrity chef. And I'm not Stephen King. I'm not rich. I live day to day on a budget. And
I'm guessing that if you are reading this, then you do, too. After all, not everyone is lucky enough to have a limitless cash flow.
In essence, I have to hack on a dime budget. I tend to piece together my computers and I rarely pay for
software (I don't pirate, I simply don't buy Microsoft Windows, if, in fact, I don't need it). I like to keep my dollars where they belong—in my own wallet, not someone else's.
So, with a frugal wallet in mind, I've put together what I feel is an essential hacker's toolkit. I've
included in it a small array of hardware, some specialty, some not and I'm here to tell you from the get-go that there will, indeed, be holes in our toolkit. There are some tools that simply cost too much
to seriously think about including in a frugal hacker's toolkit. And, if I'm totally honest, there will probably be tools that pop up along the way that we'll simply add to our toolkit. (I mean, the chances
that I'll remember everything right at the time of writing are slim to none)
Since we're frugal (and not flat broke), we are going to spend a little money here and there.
However, what money we do spend, will be done for a reason: to easily get us results. Since we're hackers, we're lazy, right? And who really wants to sit and spin crucial cycles making a free/incredibly
cheap piece of hardware to work when we can spend a quick $30 and get that piece of hardware to work within a few minutes? I don't know about you, but I'll dish out a couple of bucks to save myself a headache and hack into a system faster.
So where do we start? Well, the following list is my starting point. Whenever I build a hacking toolkit, this is the checklist of equipment I usually pull together. Let's go over it, shall we?
ESSENTIAL FRUGAL HACKER'S TOOLKIT
ESSENTIAL FRUGAL HACKER'S TOOLKIT
Here's what you're going to need to amass in your collection. I've been able to piece together most of
this kit from castoffs at my job. If you're job has an IT department, you might be able to get friendly with a tech and luck into a late model in the discard pile, as well.
Let's start, shall we?
- A Late Model Laptop (Use the following specifications as a guideline. You can vary with any
particular component, but try to stick close to the specs. You'll get the best experience if you keep the hardware modern—not necessarily new or the latest and greatest, just modern)
- 80GB Hard Drive (or larger)
- 1GB – 2GB RAM
- CD/DVD ROM Drive (A writer is not
- Built-In Wireless Card capable of
being put into “monitor mode” (see below) OR
- PCMCIA slot/USB slot for wireless
card that can be put into “monitor mode”
- Ethernet Cable Port
- Multiple USB Ports
- A wireless card that is capable of being put into “monitor mode” (more on what “monitor
mode” means later, but for now, stick to any wireless card that has the following chipsets built into it). Other than the actual laptop, this is where you want to spend some actual money. Not a lot
of it, but some.
Wireless Chipsets to research:
- Atheros (AR5XXX, AR9XXX)
- Broadcom (B43XX Family)
- Intel Pro Wireless and Intel Wifi
- Ralink (RT2X00)
- Realtek (RTL8187)
- Two or three Ethernet cables – you never know when things break
- A USB Bluetooth Adapter
- A small, inexpensive hub – we're going to use this for wired network sniffing
- Two or three USB flash drives (sticks are the most preferable option here: 4GB-8GB, nothing more)
Basically, to demonstrate to you that I'm practicing what I preach, I'll be piecing together my own kit and documenting it all along the way. So, throughout these lessons, you'll see what I see and you'll learn what I learn. This will be an in-depth look at penetration testing techniques, skills that you'll need to hack a network and the tools you can use to evaluate a given network's security.
Also, some essential reading that I think you'll find interesting is listed below. I'll be drawing from a lot of reference material and some of these books will contain in-depth data for us, as hackers.
HACKING EXPOSED 6 by Stuart McClure, Joel Scambray, and George Kurtz
HACKING EXPOSED WIRELESS by Johnny Cache, Joshua Wright, and Vincent Liu
THE DATABASE HACKER'S HANDBOOK by David Litchfield, Chris Anley, John Heasman and Bill Grindlay
THE WEB APPLICATION HACKER'S HANDBOOK by Dafydd Stuttard and Marcus Pinto
OFFICIAL CERTIFIED ETHICAL HACKER REVIEW GUIDE By Steven DeFino, Barry Kaufman, Nick Valenteen and Larry Greenblatt
THE ART OF DECEPTION by Kevin Mitnick and William L. Simon
THE ART OF INTRUSION by Kevin Mitnick and William L. Simon