Become a Hacker - Complete Guide

Getting started

What is Hacking?

 

Hacking is about identifying weaknesses and vulnerabilities of systems and gaining access to it.

A Hackers gets unauthorized access by targeting system while ethical hackers have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s).

The goal of an ethical hacker is to reveal the system weaknesses and vulnerabilities for a company to document and fix them accordingly.

What Hacking is NOT?

 

There’s a few things we would like to clarify before you delve into becoming the next best hacker. This might burst your bubble especially if you are not fully motivated to pursue this career/hobby but, hacking is simply put, not something you can learn in a few days or even in a few months.

Yes, you will learn a lot in those days but to become a really good hacker or even one of the best, (and we’re not talking about showing a few awesome tricks to your friends for them to believe you are hacker) you will need to dedicate at least several years to be even worthy of being called a hacker.

Hacking is also not a “press one button” and somehow you got into a system or cracked a facebook account like in the movies. It takes weeks or even months to gather information about one company or target and exploit in the best possible way. Keep note that the more research you do, the more likely you will be able to pwn the target. (the same applies for learning for an exam. If you missed 2 chapters because you were lazy or didn’t double check that there’s additional information. That can cost you to fail, and in the hacking world that could mean you’re either busted or you didn’t present the correct information to your client).

Hacker Types

Just like there are good and bad guys in the real world with different shades of their personality, the types of hackers vary by their agenda, methodologies and skill practice.

White Hat Hacker

Meet the right guys on the dark web. White hat hackers, also known as ethical hackers are the cybersecurity experts who help the Govt and organizations by performing penetration testing and identifying loopholes in their cybersecurity. They even do other methodologies and ensure protection from black hat hackers and other malicious cyber crimes.

Simply stated, these are the right people who are on your side. They will hack into your system with the good intention of finding vulnerabilities and help you remove virus and malware from your system.

Black Hat Hacker

Taking credit for the negative persona around “hacking,” these guys are your culprits. A black hat hacker is the type of hacker you should be worried. Heard a news about a new cybercrime today? One of the black hat hackers may be behind it.

While their agenda may be monetary most of the time, it’s not always just that. These hackers look for vulnerabilities in individual PCs, organizations and bank systems. Using any loopholes they may find, they can hack into your network and get access to your personal, business and financial information.

Gray Hat Hacker

Gray hat hackers fall somewhere in between white hat and black hat hackers. While they may not use their skills for personal gain, they can, however, have both good and bad intentions. For instance, a hacker who hacks into an organization and finds some vulnerability may leak it over the Internet or inform the organization about it.

It all depends upon the hacker. Nevertheless, as soon as hackers use their hacking skills for personal gain they become black hat hackers. There is a fine line between these two. So, let me make it simple for you.

Because a gray hat hacker doesn’t use his skills for personal gain, he is not a black hat hacker. Also, because he is not legally authorized to hack the organization’s cybersecurity, he can’t be considered a white hat either.

Script Kiddies

A derogatory term often used by amateur hackers who don’t care much about the coding skills. These hackers usually download tools or use available hacking codes written by other developers and hackers. Their primary purpose is often to impress their friends or gain attention.

However, they don’t care about learning. By using off-the-shelf codes and tools, these hackers may launch some attacks without bothering for the quality of the attack. Most common cyber attacks by script kiddies might include DoS and DDoS attacks.

Green Hat Hacker

These hackers are the amateurs in the online world of hacking. Consider them script kiddies but with a difference. These newbies have a desire to become full-blown hackers and are very curious to learn. You may find them engrossed in the hacking communities bombarding their fellow hackers with questions.

You can identify them by their spark to grow and learn more about the hacking trade. Once you answer a single question, the hackers will listen with undivided attention and ask another question until you answer all their queries.

Blue Hat Hacker

These are another form of novice hackers much like script kiddies whose main agenda is to take revenge on anyone who makes them angry. They have no desire for learning and may use simple cyber attacks like flooding your IP with overloaded packets which will result in DoS attacks.

A script kiddie with a vengeful agenda can be considered a blue hat hacker.

Red Hat Hacker

Red Hat Hackers have an agenda similar to white hat hackers which in simple words is halting the acts of Blackhat hackers. However, there is a major difference in the way they operate. They are ruthless when it comes to dealing with black hat hackers.

Instead of reporting a malicious attack, they believe in taking down the black hat hacker completely. Red hat hacker will launch a series of aggressive cyber attacks and malware on the hacker that the hacker may as well have to replace the whole system.

State / Nation Sponsored Hacker

State or Nation sponsored hackers are those who have been employed by their state or nation’s government to snoop in and penetrate through full security to gain confidential information from other governments to stay at the top online.

They have an endless budget and extremely advanced tools at their disposal to target individuals, companies or rival nations.

Hacktivist

If you’ve ever come across social activists propagandizing a social, political or religious agenda, then you might as well meet hacktivist, the online version of an activist. Hacktivist is a hacker or a group of anonymous hackers who think they can bring about social changes and often hack government and organizations to gain attention or share their displeasure over opposing their line of thought.

Malicious Insider / Whistleblower

A malicious insider or a whistleblower may be an employee with a grudge or a strategic employee compromised or hired by rivals to garner trade secrets of their opponents to stay on top of their game.

These hackers may take privilege from their easy access to information and their role within the company to hack the system.

Getting your mindset right

Hackers solve problems and build things, and they believe in freedom and voluntary mutual help. To be accepted as a hacker, you have to behave as though you have this kind of attitude yourself. And to behave as though you have the attitude, you have to really believe the attitude.

But if you think of cultivating hacker attitudes as just a way to gain acceptance in the culture, you’ll miss the point. Becoming the kind of person who believes these things is important for you — for helping you learn and keeping you motivated. As with all creative arts, the most effective way to become a master is to imitate the mind-set of masters — not just intellectually but emotionally as well.

Or, as the following modern Zen poem has it:

    To follow the path:
    look to the master,
    follow the master,
    walk with the master,
    see through the master,
    become the master.

Repeat the following until you believe them:

1. The World is full of fascinating problems waiting to be solved.

Being a hacker is lots of fun, but it’s a kind of fun that takes lots of effort. The effort takes motivation. Successful athletes get their motivation from a kind of physical delight in making their bodies perform, in pushing themselves past their own physical limits. Similarly, to be a hacker you have to get a basic thrill from solving problems, sharpening your skills, and exercising your intelligence.

If you aren’t the kind of person that feels this way naturally, you’ll need to become one in order to make it as a hacker. Otherwise you’ll find your hacking energy is sapped by distractions like sex, money, and social approval.

(You also have to develop a kind of faith in your own learning capacity — a belief that even though you may not know all of what you need to solve a problem, if you tackle just a piece of it and learn from that, you’ll learn enough to solve the next piece — and so on, until you’re done.)

2. No problem should ever have to be solved twice.

Creative brains are a valuable, limited resource. They shouldn’t be wasted on re-inventing the wheel when there are so many fascinating new problems waiting out there.

To behave like a hacker, you have to believe that the thinking time of other hackers is precious — so much so that it’s almost a moral duty for you to share information, solve problems and then give the solutions away just so other hackers can solve new problems instead of having to perpetually re-address old ones.

Note, however, that “No problem should ever have to be solved twice.” does not imply that you have to consider all existing solutions sacred, or that there is only one right solution to any given problem. Often, we learn a lot about the problem that we didn’t know before by studying the first cut at a solution. It’s OK, and often necessary, to decide that we can do better. What’s not OK is artificial technical, legal, or institutional barriers (like closed-source code) that prevent a good solution from being re-used and force people to re-invent wheels.

(You don’t have to believe that you’re obligated to give all your creative product away, though the hackers that do are the ones that get most respect from other hackers. It’s consistent with hacker values to sell enough of it to keep you in food and rent and computers. It’s fine to use your hacking skills to support a family or even get rich, as long as you don’t forget your loyalty to your art and your fellow hackers while doing it.)

3. Boredom and drudgery are evil.

Hackers (and creative people in general) should never be bored or have to drudge at stupid repetitive work, because when this happens it means they aren’t doing what only they can do — solve new problems. This wastefulness hurts everybody. Therefore boredom and drudgery are not just unpleasant but actually evil.

To behave like a hacker, you have to believe this enough to want to automate away the boring bits as much as possible, not just for yourself but for everybody else (especially other hackers).

(There is one apparent exception to this. Hackers will sometimes do things that may seem repetitive or boring to an observer as a mind-clearing exercise, or in order to acquire a skill or have some particular kind of experience you can’t have otherwise. But this is by choice — nobody who can think should ever be forced into a situation that bores them.)

4. Freedom is good.

Hackers are naturally anti-authoritarian. Anyone who can give you orders can stop you from solving whatever problem you’re being fascinated by — and, given the way authoritarian minds work, will generally find some appallingly stupid reason to do so. So the authoritarian attitude has to be fought wherever you find it, lest it smother you and other hackers.

(This isn’t the same as fighting all authority. Children need to be guided and criminals restrained. A hacker may agree to accept some kinds of authority in order to get something he wants more than the time he spends following orders. But that’s a limited, conscious bargain; the kind of personal surrender authoritarians want is not on offer.)

Authoritarians thrive on censorship and secrecy. And they distrust voluntary cooperation and information-sharing — they only like ‘cooperation’ that they control. So to behave like a hacker, you have to develop an instinctive hostility to censorship, secrecy, and the use of force or deception to compel responsible adults. And you have to be willing to act on that belief.

5. Attitude is no substitute for competence.

To be a hacker, you have to develop some of these attitudes. But copping an attitude alone won’t make you a hacker, any more than it will make you a champion athlete or a rock star. Becoming a hacker will take intelligence, practice, dedication, and hard work.

Therefore, you have to learn to distrust attitude and respect competence of every kind. Hackers won’t let posers waste their time, but they worship competence — especially competence at hacking, but competence at anything is valued. Competence at demanding skills that few can master is especially good, and competence at demanding skills that involve mental acuteness, craft, and concentration is best.

If you revere competence, you’ll enjoy developing it in yourself — the hard work and dedication will become a kind of intense play rather than drudgery. That attitude is vital to becoming a hacker.

Understanding the Attack Process

Attackers follow a fixed methodology. To beat a hacker, you have to think like one, so it’s important to understand the methodology. The steps a hacker follows can be broadly divided into five phases, which include pre-attack and attack phases:

  1. Performing Reconnaissance
  2. Scanning and enumeration
  3. Gaining access
  4. Maintaining access
  5. Covering tracks and placing backdoors

Let’s look at each of these phases in more detail so that you better understand the steps.

Phase 1: Passive and Active Reconnaissance

 

Passive reconnaissance involves gathering information about a potential target without the targeted individual’s or company’s knowledge. Passive reconnaissance can be as simple as watching a building to identify what time employees enter the building and when they leave. However, most reconnaissance is done sitting in front of a computer.

When hackers are looking for information on a potential target, they commonly run an Internet search on an individual or company to gain information. I’m sure many of you have performed the same search on your own name or a potential employer, or just to gather information on a topic. This process when used to gather information regarding a TOE is generally called information gathering. Social engineering and dumpster diving are also considered passive information-gathering methods. 
 
Sniffing the network is another means of passive reconnaissance and can yield useful information such as IP address ranges, naming conventions, hidden servers or networks, and other available services on the system or network. Sniffing network traffic is similar to building monitoring: a hacker watches the flow of data to see what time certain transactions take place and where the traffic is going. Sniffing network traffic is a common hook for many ethical hackers. Once they use some of the hacking tools and are able to see all the data that is transmitted in the clear over the communication networks, they are eager to learn and see more.
 
Active reconnaissance involves probing the network to discover individual hosts, IP addresses, and services on the network. This process involves more risk of detection than passive reconnaissance and is sometimes called rattling the doorknobs. Active reconnaissance can give a hacker an indication of security measures in place (is the front door locked?), but the process also increases the chance of being caught or at least raising suspicion. Many software tools that perform active reconnaissance can be traced back to the computer that is running the tools, thus increasing the chance of detection for the hacker.
 
Both passive and active reconnaissance can lead to the discovery of useful information to use in an attack. For example, it’s usually easy to find the type of web server and the operating system (OS) version number that a company is using. This information may enable a hacker to find a vulnerability in that OS version and exploit the vulnerability to gain more access.
 

Phase 2: Scanning

 
Scanning involves taking the information discovered during reconnaissance and using it to examine the network. Tools that a hacker may employ during the scanning phase include
 
  • Dialers
  • Port scanners
  • Internet Control Message Protocol (ICMP) scanners
  • Ping sweeps
  • Network mappers
  • Simple Network Management Protocol (SNMP) sweepers
  • Vulnerability scanners
 
Hackers are seeking any information that can help them perpetrate an attack on a target, such as the following:
 
  • Computer names
  • Operating system (OS)
  • Installed software
  • IP addresses
  • User accounts

 

Phase 3: Gaining Access

 

Phase 3 is when the real hacking takes place. Vulnerabilities exposed during the reconnaissance and scanning phase are now exploited to gain access to the target system. The hacking attack can be delivered to the target system via a local area network (LAN), either wired or wireless; local access to a PC; the Internet; or offline. Examples include stack-based buffer overflows, denial of service, and session hijacking. Gaining access is known in the hacker world as owning the system because once a system has been hacked, the hacker has control and can use that system as they wish.

Phase 4: Maintaining Access

 
Once a hacker has gained access to a target system, they want to keep that access for future exploitation and attacks. Sometimes, hackers harden the system from other hackers or security personnel by securing their exclusive access with backdoors, rootkits, and Trojans. Once the hacker owns the system, they can use it as a base to launch additional attacks. In this case, the owned system is sometimes referred to as a zombie system.
 

Phase 5: Covering Tracks

 
Once hackers have been able to gain and maintain access, they cover their tracks to avoid detection by security personnel, to continue to use the owned system, to remove evidence of hacking, or to avoid legal action. Hackers try to remove all traces of the attack, such as log files or intrusion detection system (IDS) alarms. Examples of activities during this phase of the attack include
 
  • Steganography
  • Using a tunneling protocol
  • Altering log files
 

Hacker Terminology and Attack Types

A

Attribution

Attribution is the process of establishing who is behind a hack. Often, attribution is the most difficult part of responding to a major breach since experienced hackers may hide behind layers of online services that mask their true location and identity. Many incidents, such as the Sony hack, may never produce any satisfactory attribution.

B

Backdoor

Entering a protected system using a password can be described as going through the front door. Companies may build “backdoors” into their systems, however, so that developers can bypass authentication and dive right into the program. Backdoors are usually secret, but may be exploited by hackers if they are revealed or discovered.

Black hat

A black hat hacker is someone who hacks for personal gain and/or who engages in illicit and unsanctioned activities. As opposed to white hack hackers (see below), who traditionally hack in order to alert companies and improve services, black hat hackers may instead sell the weaknesses they discover to other hackers or use them.

Botnet

Is your computer part of a botnet? It could be, and you might not know it. Botnets, or zombie armies, are networks of computers controlled by an attacker. Having control over hundreds or thousands of computers lets bad actors perform certain types of cyberattacks, such as a DDoS (see below). Buying thousands of computers wouldn’t be economical, however, so hackers deploy malware to infect random computers that are connected to the internet. If your computer gets infected, your machine might be stealthily performing a hacker’s bidding in the background without you ever noticing.

 

Brute force

A brute force attack is arguably the least sophisticated way of breaking into a password-protected system, short of simply obtaining the password itself. A brute force attack will usually consist of an automated process of trial-and-error to guess the correct passphrase. Most modern encryption systems use different methods for slowing down brute force attacks, making it hard or impossible to try all combinations in a reasonable amount of time.

Bug

You’ve probably heard of this one. A bug is a flaw or error in a software program. Some are harmless or merely annoying, but some can be exploited by hackers. That’s why many companies have started using bug bounty programs to pay anyone who spots a bug before the bad guys do.

C

Cracking

A general term to describe breaking into a security system, usually for nefarious purposes. According to the New Hacker’s Dictionary published by MIT Press, the words “hacking” and “hacker” (see below) in mainstream parlance have come to subsume the words “cracking” and “cracker,” and that’s misleading. Hackers are tinkerers; they’re not necessarily bad guys. Crackers are malicious. At the same time, you’ll see cracking used to refer to breaking, say, digital copyright protections—which many people feel is a just and worthy cause—and in other contexts, such as penetration testing (see below), without the negative connotation.

Crypto

Short for cryptography, the science of secret communication or the procedures and processes for hiding data and messages with encryption (see below).

 

Chip-off

A chip-off attack requires the hacker to physically remove memory storage chips in a device so that information can be scraped from them using specialized software. This attack has been used by law enforcement to break into PGP-protected Blackberry phones.

D

Dark web

The dark web is made up of sites that are not indexed by Google and are only accessible through specialty networks such as Tor (see below). Often, the dark web is used by website operators who want to remain anonymous. Everything on the dark web is on the deep web, but not everything on the deep web is on the dark web.

DDoS

This type of cyberattack has become popular in recent years because it’s relatively easy to execute and its effects are obvious immediately. DDoS stands for Distributed Denial of Service Attack, which means an attacker is using a number of computers to flood the target with data or requests for data. This causes the target—usually a website—to slow down or become unavailable. Attackers may also use the simpler Denial of Service attack, which is launched from one computer.

Deep web

This term and “dark web” or “dark net” are sometimes used interchangeably, though they shouldn’t be. The deep web is the part of the internet that is not indexed by search engines. That includes password-protected pages, paywalled sites, encrypted networks, and databases—lots of boring stuff.

DEF CON

One of the most famous hacking conferences in the US and the world, which started in 1992 and takes place every summer in Las Vegas.

 

Digital Certificate

A digital passport or stamp of approval that proves the identity of a person, website or service on the internet. In more technical terms, a digital certificate proves that someone is in possession of a certain cryptographic key that, traditionally, can’t be forged. Some of the most common digital certificates are those of websites, which ensure your connection to them is properly encrypted. These get displayed on your browser as a green padlock.

E

Encryption

The process of scrambling data or messages making it unreadable and secret. The opposite is decryption, the decoding of the message. Both encryption and decryption are functions of cryptography. Encryption is used by individuals as well as corporations and in digital security for consumer products.

End-to-end encryption

A particular type of encryption where a message or data gets scrambled or encrypted on one end, for example your computer or phone, and get decrypted on the other end, such as someone else’s computer. The data is scrambled in a way that, at least in theory, only the sender and receiver—and no one else—can read it.

Evil maid attack

As the name probably suggests, an evil maid attack is a hack that requires physical access to a computer—the kind of access an evil maid might have while tidying his or her employer’s office, for example. By having physical access, a hacker can install software to track your use and gain a doorway even to encrypted information.

 

Exploit

An exploit is a way or process to take advantage of a bug or vulnerability in a computer or application. Not all bugs lead to exploits. Think of it this way: If your door was faulty, it could be simply that it makes a weird sound when you open it, or that its lock can be picked. Both are flaws but only one can help a burglar get in. The way the criminal picks the lock would be the exploit.

F

Forensics

On CSI, forensic investigations involve a series of methodical steps in order to establish what happened during a crime. When it comes to a hack, however, investigators are looking for digital fingerprints instead of physical ones. This process usually involves trying to retrieve messages or other information from a device—perhaps a phone, a desktop computer or a server—used, or abused, by a suspected criminal.

G

GCHQ

The UK’s equivalent of the US’ National Security Agency. GCHQ, or Government Communications Headquarters, focuses on foreign intelligence, especially around terrorism threats and cybersecurity. It also investigates the digital child pornography trade. “As these adversaries work in secret, so too must GCHQ,” the organization says on its website. “We cannot reveal publicly everything that we do, but we remain fully accountable.”

H

Hacker

This term has become—wrongly—synonymous with someone who breaks into systems or hacks things illegally. Originally, hackers were simply tinkerers, or people who enjoyed “exploring the details of programmable systems and how to stretch their capabilities,” as the MIT New Hacker’s Dictionary puts it. Hackers can now be used to refer to both the good guys, also known as white hat hackers, who play and tinker with systems with no malicious intent (and actually often with the intent of finding flaws so they can be fixed), and cybercriminals, or “black hat” hackers, or “crackers.”

 

Hacktivist

A “hacktivist” is someone who uses their hacking skills for political ends. A hacktivist’s actions may be small, such as defacing the public website of a security agency or other government department, or large, such as stealing sensitive government information and distributing it to citizens. One often-cited example of a hacktivist group is Anonymous.

Hashing

Say you have a piece of text that should remain secret, like a password. You could store the text in a secret folder on your machine, but if anyone gained access to it you’d be in trouble. To keep the password a secret, you could also “hash” it with a program that executes a function resulting in garbled text representing the original information. This abstract representation is called a hash. Companies may store passwords or facial recognition data with hashes to improve their security.

HTTPS/SSL/TLS

Stands for Hypertext Transfer Protocol, with the “S” for “Secure.” The Hypertext Transfer Protocol (HTTP) is the basic framework that controls how data is transferred across the web, while HTTPS adds a layer of encryption that protects your connection to the most important sites in your daily browsing—your bank, your email provider, and social network. HTTPS uses the protocols SSL and TLS to not only protect your connection, but also to prove the identity of the site, so that when you type https://gmail.com you can be confident you’re really connecting to Google and not an imposter site.

 

I

Infosec

An abbreviation of “Information Security.” It’s the inside baseball term for what’s more commonly known as cybersecurity, a term that irks most people who prefer infosec.

J

Jailbreak

Circumventing the security of a device, like an iPhone or a PlayStation, to remove a manufacturer’s restrictions, generally with the goal to make it run software from non-official sources.

K

Keys

Modern cryptography uses digital “keys”. In the case of PGP encryption, a public key is used to encrypt, or “lock”, messages and a secret key is used to decrypt, or “unlock”, them. In other systems, there may only be one secret key that is shared by all parties. In either case, if an attacker gains control of the key that does the unlocking, they may have a good chance at gaining access to.

L

Lulz

An internet-speak variation on “lol” (short for “laughing out loud”) employed regularly among the black hat hacker set, typically to justify a hack or leak done at the expense of another person or entity. Sample use: y did i leak all contracts and employee info linked to Sketchy Company X? for teh lulz

M

Malware

Stands for “malicious software.” It simply refers to any kind of a malicious program or software, designed to damage or hack its target. Viruses, worms, Trojan horses, ransomware, spyware, adware and more are malware.

Man-in-the-middle

A Man-in-the-Middle or MitM is a common attack where someone surreptitiously puts themselves between two parties, impersonating them. This allows the malicious attacker to intercept and potentially alter their communication. With this type of attack, one can just passively listen in, relaying messages and data between the two parties, or even alter and manipulate the data flow.

 

Metadata

Metadata is simply data about data. If you were to send an email, for example, the text you type to your friend will be the content of the message, but the address you used to send it, the address you sent it to, and the time you sent it would all be metadata. This may sound innocuous, but with enough sources of metadata—for example, geolocation information from a photo posted to social media—it can be trivial to piece together someone’s identity or location.

N

NIST

The National Institute of Standards and Technology is an arm of the US Department of Commerce dedicated to science and metrics that support industrial innovation. The NIST is responsible for developing information security standards for use by the federal government, and therefore it’s often cited as an authority on which encryption methods are rigorous enough to use given modern threats.

Nonce

A portmanteau of number and once, nonce literally means “a number only used once.” It’s a string of numbers generated by a system to identify a user for a one-time-use session or specific task. After that session, or a set period of time, the number isn’t used again.

O

OpSec

OpSec is short for operational security, and it’s all about keeping information secret, online and off. Originally a military term, OpSec is a practice and in some ways a philosophy that begins with identifying what information needs to be kept secret, and whom you’re trying to keep it a secret from. “Good” OpSec will flow from there, and may include everything from passing messages on Post-Its instead of emails to using digital encryption. In other words: Loose tweets destroy fleets.

 

OTR

What do you do if you want to have an encrypted conversation, but it needs to happen fast? OTR, or Off-the-Record, is a protocol for encrypting instant messages end-to-end. Unlike PGP, which is generally used for email and so each conversant has one public and one private key in their possession, OTR uses a single temporary key for every conversation, which makes it more secure if an attacker hacks into your computer and gets a hold of the keys. OTR is also generally easier to use than PGP.

P

Password managers

Using the same, crummy password for all of your logins—from your bank account, to Seamless, to your Tinder profile—is a bad idea. All a hacker needs to do is get access to one account to break into them all. But memorizing a unique string of characters for every platform is daunting. Enter the password manager: software that keeps track of your various passwords for you, and can even auto-generate super complicated and long passwords for you. All you need to remember is your master password to log into the manager and access all your many different logins.

Penetration testing or pentesting

If you set up a security system for your home, or your office, or your factory, you’d want to be sure it was safe from attackers, right? One way to test a system’s security is to employ people—pentesters—to purposely hack it in order to identify weak points. Pentesting is related to red teaming, although it may be done in a more structured, less aggressive way.

 

PGP

“Pretty Good Privacy” is a method of encrypting data, generally emails, so that anyone intercepting them will only see garbled text. PGP uses asymmetric cryptography, which means that the person sending a message uses a “public” encryption key to scramble it, and the recipient uses a secret “private” key to decode it. Despite being more than two decades old, PGP is still a formidable method of encryption, although it can be notoriously difficult to use in practice, even for experienced users.

Phishing

Phishing is really more of a form of social engineering than hacking or cracking. In a phishing scheme, an attacker typically reaches out to a victim in order to extract specific information that can be used in a later attack. That may mean posing as customer support from Google, Facebook, or the victim’s cell phone carrier, for example, and asking the victim to click on a malicious link—or simply asking the victim to send back information, such as a password, in an email. Attackers usually blast out phishing attempts by the thousands, but sometimes employ more targeted attacks, known as spearphishing (see below).

Plaintext

Exactly what it sounds like—text that has not been garbled with encryption. This definition would be considered plaintext. You may also hear plaintext being referred to as “cleartext,” since it refers to text that is being kept out in the open, or “in the clear.” Companies with very poor security may store user passwords in plaintext, even if the folder they’re in is encrypted, just waiting for a hacker to steal.

 

Pwned

Pwned is computer nerd jargon (or “leetspeak”) for the verb “own.” In the video game world, a player that beat another player can say that he pwned him. Among hackers, the term has a similar meaning, only instead of beating someone in a game, a hacker that has gained access to another user’s computer can say that he pwned him. For example, the website “Have I Been Pwned?” will tell you if your online accounts have been compromised in the past.

R

RAT

RAT stands for Remote Access Tool or Remote Access Trojan. RATs are really scary when used as malware. An attacker who successfully installs a RAT on your computer can gain full control of your machine. There is also a legitimate business in RATs for people who want to access their office computer from home, and so on. The worst part about RATs? Many malicious ones are available in the internet’s underground for sale or even for free, so attackers can be pretty unskilled and still use this sophisticated tool.

Ransomware

Ransomware is a type of malware that locks your computer and won’t let you access your files. You’ll see a message that tells you how much the ransom is and where to send payment, usually requested in bitcoin, in order to get your files back. This is a good racket for hackers, which is why many consider it now an “epidemic,” as people typically are willing to pay a few hundred bucks in order to recover their machine.

 

Rainbow table

A rainbow table is a complex technique that allows hackers to simplify the process of guessing what passwords hide behind a “hash” (see above).

Red team

To ensure the security of their computer systems and to suss out any unknown vulnerabilities, companies may hire hackers who organize into a “red team” in order to run oppositional attacks against the system and attempt to completely take it over. In these cases, being hacked is a good thing because organizations may fix vulnerabilities before someone who’s not on their payroll does. Red teaming is a general concept that is employed across many sectors, including military strategy.

Root

In most computers, “root” is the common name given to the most fundamental (and thus most powerful) level of access in the system, or is the name for the account that has those privileges. That means the “root” can install applications, delete and create files. If a hacker “gains root,” they can do whatever they want on the computer or system they compromised. This is the holy grail of hacking.

Rootkit

A rootkit is a particular type of malware that lives deep in your system and is activated each time you boot it up, even before your operating system starts. This makes rootkits hard to detect, persistent, and able to capture practically all data on the infected computer.

S

Salting

When protecting passwords or text, “hashing” (see above) is a fundamental process that turns the plaintext into garbled text. To make hashing even more effective, companies or individuals can add an extra series of random bytes, known as a “salt,” to the password before the hashing process. This adds an extra layer of protection.

 

Script kiddies

This is a derisive term for someone who has a little bit of computer savvy and who’s only able to use off-the-shelf software to do things like knock websites offline or sniff passwords over an unprotected Wi-Fi access point. This is basically a term to discredit someone who claims to be a skilled hacker.

Shodan

It’s been called “hacker’s Google,” and a “terrifying” search engine. Think of it as a Google, but for connected devices rather than websites. Using Shodan you can find unprotected webcams, baby monitors, printers, medical devices, gas pumps, and even wind turbines. While that’s sounds terrifying, Shodan’s value is precisely that it helps researchers find these devices and alert their owners so they can secure them.

Signature

Another function of PGP, besides encrypting messages, is the ability to “sign” messages with your secret encryption key. Since this key is only known to one person and is stored on their own computer and nowhere else, cryptographic signatures are supposed to verify that the person who you think you’re talking to actually is that person. This is a good way to prove that you really are who you claim to be on the internet.

Side channel attack

Your computer’s hardware is always emitting a steady stream of barely-perceptible electrical signals. A side-channel attack seeks to identify patterns in these signals in order to find out what kind of computations the machine is doing. For example, a hacker “listening in” to your hard drive whirring away while generating a secret encryption key may be able to reconstruct that key, effectively stealing it, without your knowledge.

 

Sniffing

Sniffing is a way of intercepting data sent over a network without being detected, using special sniffer software. Once the data is collected, a hacker can sift through it to get useful information, like passwords. It’s considered a particularly dangerous hack because it’s hard to detect and can be performed from inside or outside a network.

Social engineering

Not all hacks are carried out by staring at a Matrix-like screen of green text. Sometimes, gaining entry to a secure system is as easy as placing a phone call or sending an email and pretending to be somebody else—namely, somebody who regularly has access to said system but forgot their password that day. Phishing (see above) attacks include aspects of social engineering, because they involve convincing somebody of an email sender’s legitimacy before anything else.

Spearphishing

Phishing and spearphishing are often used interchangeably, but the latter is a more tailored, targeted form of phishing (see above), where hackers try to trick victims into clicking on malicious links or attachments pretending to be a close acquaintance, rather than a more generic sender, such as a social network or corporation. When done well, spearphishing can be extremely effective and powerful. As a noted security expert says, “give a man a 0day and he’ll have access for a day, teach a man to phish and he’ll have access for life.”

Spoofing

 

Hackers can trick people into falling for a phishing attack (see above) by forging their email address, for example, making it look like the address of someone the target knows. That’s spoofing. It can also be used in telephone scams, or to create a fake website address.

Spyware

A specific type of malware of malicious software designed to spy, monitor, and potentially steal data from the target.

State actor

State actors are hackers or groups of hackers who are backed by a government, which may be the US, Russia, or China. These hackers are often the most formidable, since they have the virtually unlimited legal and financial resources of a nation-state to back them up. Think, for example, of the NSA. Sometimes, however, state actors can also be a group of hackers who receive tacit (or at least hidden from the public) support from their governments, such as the Syrian Electronic Army.

T

Threat model

Imagine a game of chess. It’s your turn and you’re thinking about all the possible moves your opponent could make, as many turns ahead as you can. Have you left your queen unprotected? Is your king being worked into a corner checkmate? That kind of thinking is what security researchers do when designing a threat model. It’s a catch-all term used to describe the capabilities of the enemy you want to guard against, and your own vulnerabilities. Are you an activist attempting to guard against a state-sponsored hacking team? Your threat model better be pretty robust. Just shoring up the network at your log cabin in the middle of nowhere? Maybe not as much cause to worry.

 

Token

A small physical device that allows its owner to log in or authenticate into a service. Tokens serve as an extra layer of security on top of a password, for example. The idea is that even if the password or key gets stolen, the hacker would need the actual physical token to abuse it.

Tor

Tor is short for The Onion Router. Originally developed by the United States Naval Research Laboratory, it’s now used by bad guys (hackers, pedophiles) and good guys (activists, journalists) to anonymize their activities online. The basic idea is that there is a network of computers around the world—some operated by universities, some by individuals, some by the government—that will route your traffic in byzantine ways in order to disguise your true location. The Tor network is this collection of volunteer-run computers. The Tor Project is the nonprofit that maintains the Tor software. The Tor browser is the free piece of software that lets you use Tor. Tor hidden services are websites that can only be accessed through Tor.

Tails

Tails stands for The Amnesic Incognito Live System. If you’re really, really serious about digital security, this is the operating system endorsed by Edward Snowden. Tails is an amnesic system, which means your computer remembers nothing; it’s like a fresh machine every time you boot up. The software is free and open source. While it’s well-regarded, security flaws have been found.

 

V

Verification (dump)

The process by which reporters and security researchers go through hacked data and make sure it’s legitimate. This process is important to make sure the data is authentic, and the claims of anonymous hackers are true, and not just an attempt to get some notoriety or make some money scamming people on the dark web.

VPN

VPN stands for Virtual Private Network. VPNs use encryption to create a private and secure channel to connect to the internet when you’re on a network you don’t trust (say a Starbucks, or an Airbnb WiFi). Think of a VPN as a tunnel from you to your destination, dug under the regular internet. VPNs allow employees to connect to their employer’s network remotely, and also help regular people protect their connection. VPNs also allow users to bounce off servers in other parts of the world, allowing them to look like they’re connecting from there. This gives them the chance to circumvent censorship, such as China’s Great Firewall, or view Netflix’s US offerings while in Canada. There are endless VPNs, making it almost impossible to decide which ones are the best.

Virus

A computer virus is a type of malware that typically is embedded and hidden in a program or file. Unlike a worm (see below), it needs human action to spread (such as a human forwarding a virus-infected attachment, or downloading a malicious program.) Viruses can infect computers and steal data, delete data, encrypt it or mess with it in just about any other way.

 

Vuln

Abbreviation for “vulnerability.” Another way to refer to bugs or software flaws that can be exploited by hackers.

W

Warez

Pronounced like the contraction for “where is” (where’s), warez refers to pirated software that’s typically distributed via technologies like BitTorrent and Usenet. Warez is sometimes laden with malware, taking advantage of people’s desire for free software.

White hat

A white hat hacker is someone who hacks with the goal of fixing and protecting systems. As opposed to black hat hackers (see above), instead of taking advantage of their hacks or the bugs they find to make money illegally, they alert the companies and even help them fix the problem.

Worm

A specific type of malware that propagates and replicates itself automatically, spreading from computer to computer. The internet’s history is littered with worms, from the Morris worm, the first of its kind, and the famous Samy worm, which infected more than a million people on MySpace.

Z

Zero-day

A zero-day or “0day” is a bug that’s unknown to the software vendor, or at least it’s not patched yet. The name comes from the notion that there have been zero days between the discovery of the bug or flaw and the first attack taking advantage of it. Zero-days are the most prized bugs and exploits for hackers because a fix has yet to be deployed for them, so they’re almost guaranteed to work.

Methodologies/Attack Types being used by hackers and ethical hackers. Know what the attack does and try implement in your own test lab.

Account Checkers (Bruteforce)
ARP Spoofing
Backdoor Persistence
Bait and Switch
Blue Keep Vulnerability
Botnet
Bruteforce Attack
Buffer Overflow
Carding
Carriage Return Line Feed – CRLF Injection
Clickjacking
Command Injection
Cookie Theft
Credential Stuffing
Cross Site Request Forgery – CSRF Injection
Cross Site Scripting – XXS Injection
Cryptography – AES, SHA, Blowfish, Hash Algorithms etc
CSV Injection
CVE Vulernabilities
Deep Dive
Defacement
Denial of Service
Directory Traversal Attack
DLL Injection
DNS Rebinding Attack
Doxing
Drive-by Attack
Dumpster Diving
E-whoring
Eavesdropping
Encoders & Encrypters
Evading Firewalls Honeypots and Intrusion Prevention Systems
Evil Maid Attack
Evil Twin Attack
Footprinting and Reconnaissance
FUD Crypter
Fuzzing
Google Hacking
Hacking Web Servers
Hash Cracking
Heartbleed Bug
IDN Homograph Attack
Input Validation
Kernel Exploits
Keylogger
Krack Attack
Local File Inclusion
Malicious Payloads
Malvertising
Malware – Trojan / Worms / Adware
Memory Leak
Mobile Hacking – IMSI Catcher, APK payloads
NTLMv2 Hashes
OS Command Injection
OSINT – Opensource Intelligence
Packet Generator
Pass the Hash
Pentesting
Phishing
Post Exploitation
Privilege Escalation
QRLjacking
RadioRF – Signal Intelligence
Redirect Manipulation
Remote Access Trojan
Remote Code Execution
Remote File Inclusion
Reverse Engineering
Rootkits
Session Hijacking
Session Variable Overloading
Shellcode
SMS & Bluetooth Spoofing
Sniffing
Social Engineering
SOCKS5 Proxy
Spear Phishing
SQL Injection
Stack – Heap Overflow
Steganography
Token Generation and Manipulation
Undefined Behaviour
Vulernability Research
Wardriving
Waterhole Attack
Web Application Attacks
Web Scraper
Webshells
Whaling
Wireless Hacking WEP/WPA/WPA2/WPA3
XML External Entity
Zeroday Exploit

 

 

Coding/Programming - The Hackers Language

The hacker attitude is vital, but skills are even more vital. Attitude is no substitute for competence, and there’s a certain basic toolkit of skills which you have to have before any hacker will dream of calling you one.

This (coding), of course, is the fundamental hacking skill. Without programming you will never truly know what is happening behind the scenes. I mean,  ask yourself this. Do you actually know what is happening when your computer boots up? Do you know how your windows are running your microsoft word or any other application? How are you even reading this on your browser right now? That amazing website you keep visiting, how was it built?

This is where programming comes into play. These are the type of questions you need to ask yourself throughout the journey and then find the answers. Understanding programming fluently, it will start to become clearer on how everything is built together.

Hacker 101 - Simple Setup

 

Recommended Courses

Here’s a list of courses we believe you should take or read through in order to start your journey. If you are unable to attend somewhat a computer science degree at a top university the best way to go into this direction is to do the following courses which can be self taught with online classes. We have a VIP subscription that entails all major courses listed in this article which you have full access to. Grab it here!

Here’s a minimum requirement to follow, ask yourself this – Do you understand how a single computer works, know the different parts and their functions and how they interact with the operating system? If not, start with

  • CompTIA A+

If you do know how a single computer works, do you know how they talk to each other? If not, start with

  • CompTIA Network+ and Cisco’s CCNA

If you know a lot about computers and networking functionality, your next step should be

  • CompTIA Security+

Those 3 courses are critical to begin with. Additional courses to go for next are:

  • CompTIA Linux+
  • CompTIA Server+ / MCSA: Windows Server
  •  
  • Take advantage of our VIP membership which includes over 100+ courses (Above courses included as well as below) or if you would like to grab our security career bundle that includes all Comptia courses. For more information, see our Cyber Security School page and start today!
  •  

Now that you know pretty much the basics of how computers, networking and cryptography works. It’s time to learn how to code. Recommended courses to take in order.

  1. Bash/Shell
  2. Python
  3. C / C++
  4. LISP
  5. Perl
  6. Java
We have a programming course that’s perfect to start with here. You can read more about all of our courses and the cyber security school
 

Additional Information regards to the above list

If you don’t know any computer languages, we recommend starting with Python. It is cleanly designed, well documented, and relatively kind to beginners. Despite being a good first language, it is not just a toy; it is very powerful and flexible and well suited for large projects.

If you get into serious programming, you will have to learn C, the core language of Unix. C++ is very closely related to C; if you know one, learning the other will not be difficult. Neither language is a good one to try learning as your first, actually, the more you can avoid programming in C the more productive you will be.

C is very efficient, and very sparing of your machine’s resources. Unfortunately, C gets that efficiency by requiring you to do a lot of low-level management of resources (like memory) by hand. All that low-level code is complex and bug-prone, and will soak up huge amounts of your time on debugging. With today’s machines as powerful as they are, this is usually a bad tradeoff — it’s smarter to use a language that uses the machine’s time less efficiently, but your time much more efficiently. Thus, Python.

Other languages of particular importance to hackers include Perl and LISP. Perl is worth learning for practical reasons; it’s very widely used for active web pages and system administration, so that even if you never write Perl you should learn to read it. Many people use Perl in the way we suggest you should use Python, to avoid C programming on jobs that don’t require C’s machine efficiency. You will need to be able to understand their code.

LISP is worth learning for a different reason — the profound enlightenment experience you will have when you finally get it. That experience will make you a better programmer for the rest of your days, even if you never actually use LISP itself a lot. (You can get some beginning experience with LISP fairly easily by writing and modifying editing modes for the Emacs text editor, or Script-Fu plugins for the GIMP.)

It’s best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

But be aware that you won’t reach the skill level of a hacker or even merely a programmer simply by accumulating languages — you need to learn how to think about programming problems in a general way, independent of any one language. To be a real hacker, you need to get to the point where you can learn a new language in days by relating what’s in the manual to what you already know. This means you should learn several very different languages.

Moving On

Atleast completing the Comptia courses (basic ones listed above A+,N+,S+) and knowing 2 programming languages (bash & python) now its a good time to dive into the advanced courses.

Advanced Courses to take

CISSP – Certified Information Systems Security Professional

CISM/CISA – Certified Information Security Manager / Certified Information Systems Auditor

CEH – Certified Ethical Hacker

OSCP – Offensive Security Certified Professional

SANS (GSEC/GPEN/GWAPT) – Cyber Security Essentials Certification / GIAC Pentest /GIAC Web Application Penetration Testing

CREST – The Council for Registered Ethical Security Testers

Grab our Ultimate all in one IT Security Bundle which includes CISSP / CEH / CISM and CISA or take advantage of our VIP membership which includes over 100+ courses

 

Practice your Skills

Capture The Flags are one of, if not THE best way to get started in security.
 

They can be a little hard, you definitely won’t be spoonfed. You’ll probably get stuck at some point, but if you stick with it, you’ll learn more about computers than you ever thought possible.

There’s no better way to learn something than to experience it for yourself.And in the computer security world, Capture The Flag is the best way to learn by doing.

Visit our CTF page to get started

Read, read and read some more!

Books are there for a reason, references and already confirmed working methods are a great way in learning new things. We have an Ebooks collection page which we update on a daily basis, but here’s a few books we recommend you “must” read to understand the methodologies being used in today’s playground.
 
 
View our Hacking Books page for more
 

Career Pathways

Becoming a Hacker you have multiple career pathways to choose from and successfully completing our recommended courses and guidance you will most likely have to make a choice.

Below you can find title description, important resources, tools and guides about each profession. Understanding all of them will gradually improve your hacking knowledge and overall expertise.

 

 

 

What this job does:

Security auditors and compliance staff evaluate and rate security programs and check organizations’ compliance with local, national, and international laws and standards. These standards can be required by law or merely ones that the organization chooses to strive for. For example, in the US, required standards include PCI for payment processors or HIPAA for medical records storage. Most formal security standards have regularly scheduled formal and informal inspections of documentation and procedures. Auditing and compliance staff perform these inspections, ensure compliance and improvement, and report their findings to leadership or regulatory agencies as required.

Where are the jobs:

Medium to large businesses, regulatory agencies, contract-based auditing firms.

What gives a candidate an edge:

Excellent organizational and report-writing skills. The ability to communicate courteously and diplomatically with all levels of an organization. Specific knowledge of applicable standards. Good certifications to have depend on the situation, For instance, the PCI Security Standards Council offers their own assessor certification.

Avoid this trap:

Assuming these jobs aren’t technical or demanding. In fact, many of these jobs require lots of travel (for on-site inspections), and a solid working knowledge of a wide array of security devices and concepts.

 

What this job does

Working from home/ freelancing and discovering bugs on company websites/applications etc and then report your findings in a professional manner (without public disclosure). Rewarded a Bounty after a Company patched the vulnerability.

Resources

 

 

 

 

 

What this job does

Committing crime for personal gain, lulz or revenge.Taking advantage of people, misusing vulnerabilities and systems. Not giving a f**k about society and rules.(this is not hacktivism)

Resources

Psychology of Crime

Social Engineering 101

Scanning countries Public IPs for exploitation

Exploit Database

Carding Guide and Phishing Script

Creating Botnets

Darknet Buyers Bible – Selling and Buying on Dark Web

Bulletproof Hosting – Web Hosting used by Hackers

Doxing and Using OSINT

Finding Information about a Company with Zero Information

Phishing Tools

Darknet Markets

Darkweb 101 – Anonymity

 

 

 

Resources

 

 

What this job does:

Forensic analysts are best known for recovering hidden and deleted data from hard drives, but today the role often includes lots of memory, mobile device, and network forensics. As opposed to ediscovery roles where forensics is limited to recovering evidence to be used in legal proceedings, on the security side, forensic analysts make up half of the “DFIR” team and figure out and report how digital devices were compromised, infected, or abused.

Where are the jobs:

Managed security vendors who provide DFIR services, medium to large organizations and agencies, computer crime investigative services.

What gives a candidate an edge:

Curiosity and a drive to investigate. A solid understanding of how operating systems, hard drives, and memory function extremely helpful. Forensic tools are fairly specialized, so exposure to commercial tools like AccessData FTK and Guidance EnCase are a plus if possible (they’re expensive). Memory forensics is woefully under taught in forensics degree programs and is now nearly a requirement, but the associated tools are generally free (such as Volatility Framework, Rekall Framework, and Mandiant RedLine). Good certifications to have are GCFE, ENCE, GCFA, GCNA. Most of the vendors named above provide formal training programs on their products.

Avoid this trap:

Believing the hype about steganography. Even law enforcement rarely sees it. But I’ve seen it as a senior capstone or conference talk subject more times than I can count. Forensics is not CSI: Cyber. It is painstaking, time consuming work, often involving hours of reading through file indices.

What this job does:

Finally, we get to the directors and executives of the security space. This is rarely a ‘breaking in’ point for people new to infosec, but it occasionally happens as skilled people in other areas of technology or policy management are picked to lead security programs and groups. These folks develop and maintain the fundamental security posture and procedure for their organizations, taking into account international law, industry standards, and corporate requirements.

Where are the jobs:

Most organizations of moderate or large size, particularly government and those which deal with sensitive data.

What gives a candidate an edge:

Extensive experience in managing resources and people, solid understanding of a broad range of IT concepts including security.

Avoid this trap:

Losing touch with the information security community whilst relying on vendors or agencies for critical news. The fastest way to know what is going on in the security space is to attend hacking conferences, watch social media and blogs, and participate in research and training. I can’t count the times I’ve met a governance executive who still thinks Def Con and its ilk are made up entirely of criminal hackers and refuses to attend (at the expense of great training and current knowledge).

 

 

 

What this job does:

The other half of the “DFIR” team. When a breach or major security event occurs, this person coordinates the response and recovery teams, establishes a timeline of what happened, and figures out how to respond to it with the aid of other security roles, management, lawyers, and IT. Incidents can vary from data breaches to malware outbreaks, to phishing or APT response.

Where are the jobs:

Medium to large organizations, security contractors who provide DFIR services.

What gives a candidate an edge:

This job requires good analytical, organizational, and communication skills. Candidates need to be able to work well under high pressure and high stress situations at odd hours. This is not a job for people who don’t like to manage a project or a team, or report to senior leadership. Good certifications to have are GCIH and CISSP.

Avoid this trap:

Taking an incident response role when you aren’t comfortable taking charge and maintaining control of a situation, or writing extensive formal reports. You must have self-confidence and leadership skills to fulfill this role..

Resources

Most Important Cyber Incident Response Tools List for Security Professionals

What this job does:

Malware analysts figure out the nuts and bolts of how malware, adware, and hacking tools work, what their capabilities are, write signatures for them, and may attribute them to a campaign. They perform live, or heuristic analysis (meaning they run the malware in a sandbox and carefully analyze system changes and traffic), and static analysis of the code itself (which may be written, hidden, and packed in a way that purposefully makes this very confusing and time consuming.

Where are the jobs:

Larger organizations, cybercrime investigation agencies, antivirus and malware research firms.

What gives a candidate an edge:

Strong programming skills, especially scripting and assembly code. Strong network traffic analysis skills (you’ll be identifying and decoding lots of malware traffic). Experience with sysinternals tools and equivalent. Excellent analytical skills, and lots of patience. Good certifications to have are GREM or CREST CMRE. Previous exposure to writing IDS or Yara signatures may be useful.

Avoid this trap:

Assuming malware analysis is entirely heuristic or signature-based. Sandboxing alone is not adequate. You should understand assembly and programming architecture well in advance to succeed at this job.

Resources

Reverse Engineering

Compiled Resource List for Malware Analysis

 

 

 

 

 

What this job does:

Pen-testers are the folks who simulate a real network attack on a target to identify their security flaws and vulnerabilities. They can look for these vulnerabilities across a wide range of platforms and architectures – from traditional networks’ DMZs, to SCADA systems, to complex internal networks. Their job is to play the bad guy within well documented rules of engagement, and report back to their employer what was discovered. Entry level and intern pen testing is a starting point for many people moving into ‘Red Team’ roles.

 Where are the jobs:

 Medium to large organizations, smaller organizations which handle highly sensitive data, contracting firms which provide these services.

 What gives a candidate an edge:

 Extensive knowledge of multiple operating systems’ operation, including command line, authentication, and permissions. Solid knowledge of networking. Knowledge of social engineering tactics. Comfort with common hacking tools like the Kali distro and its installed packages. Experience with Metasploit / Armitage / Cobalt Strike is useful. Good certifications to have include OSCP and GPEN, with specialized certifications and experience in specific systems as required.

 Avoid this trap:

 Thinking that penetration testing will be the rock star job the media makes it out to be. This isn’t an episode of Leverage. Except for when it is, occasionally. Penetration testing is a lot of work that involves legalities, meetings, and lots of paperwork. There are usually heavy restrictions on what pen testers can attack and when. The job can also be travel heavy for contractors.

Resources

 

 

What this job does:

Today, work in a Security Operations Center is a very common entry point into Blue Team InfoSec roles. Entry-level Security Analysts (or SOC Analysts) frequently do shift work in around the clock monitoring centers, monitoring security logs, responding to SIEM events, and performing security ticket handling. In a good work environment, this role should give the analysts a solid foundation in InfoSec work to move on into a more specialized role in one to three years.

Where are the jobs:

Managed security vendors, and medium to large organizations and agencies.

What gives a candidate an edge:

Showing keen outside interest and involvement in InfoSec (especially on the resume). Good certifications to have are Security+, Network+, or GSEC. Degrees are a plus.

Avoid this trap:

Ticket farms with no opportunity to learn. A good analyst role will offer formal and informal training and the opportunity to gain certifications as part of the position. It will also clearly offer the analysts the opportunity to shadow and cross train across multiple roles.

 

 

 

What this job does:

Security engineers are what most people think of when they hear that somebody works in network security, but today the job goes far beyond firewall management. They manage and update security appliances and rulesets. They may also keep data storage, tools, and log feeds working and useful for the other security roles listed. In today’s security world, they’re usually the people who manage SIEMs and security log aggregation tools. Sometimes security engineers are even responsible for scripting new tools and API integrations.

Where are the jobs:

Today, most organizations and agencies (that do not outsource these tasks) keep security engineers or system administrators with security engineering experience on staff.

What gives a candidate an edge:

Excellent systems administration skills, in Windows, CentOS, and Linux. Strong scripting skills (such as Python or Ruby). A general knowledge of security operations, practices, and applications. Certifications and training will vary by the specific position, as security engineering roles can specialize further. Some examples are SIEM and security appliance specific training through applicable companies like Cisco, Splunk, RSA Netwitness, Juniper, Blue Coat, Palo Alto, or HP ArcSight.

Avoid this trap:

Becoming too tied to a single platform or vendor. Falling for the ‘magic black security box’ sales pitch by a vendor without proper research. Avoiding open source tools entirely, or conversely, avoiding commercial tools entirely.

 

 

 

What this job does

Installing and configuring software, hardware and networks. Monitoring system performance and troubleshooting issues. Ensuring security and efficiency of IT infrastructure.

Resources

 

 

 

What this job does:

Threat researchers study attackers and their methods, and try to quantify their tools, tactics, and procedures (TTPs). This means observing and reading reports of attacks, and not only identifying ways to better detect the attackers, but attempting to predict their next moves based on behavior or world events. In some situations, threat intelligence analysts may also be asked to attempt attribution of attacks to a specific organization or country.

Where are the jobs:

Large organizations, cybercrime investigation, threat research firms

What gives a candidate an edge:

This is one of the backgrounds that is harder to obtain. Many of the best threat intelligence analysts were prior government or military intelligence staff and were formally trained as such. In lieu of this, a strong background in political science, foreign languages, or international relations along with strong security analysis skills can be useful. As one would expect, good report writing skills are a must.

Avoid this trap:

Relying only on open source feeds of intelligence data. A good threat analyst is regularly identifying who might target their organization or customer based on current events, industry, or high value targets in their environment.

Resources

Cyber Threat Intelligence Tools List For Hackers and Security Professionals

Haxf4rall Threat Intelligence Related

Conclusion

Remember that hacking takes a lot of time but its also rewarding, so be willing to go the extra mile, always be curious and expect to make some sacrifices to your social life.

Find a person, mentor or a friend that’s also in the hacking culture and ask them questions, question their thinking and just ultimately be prepared to take in as much information as possible.

I hope this page has helped you immensely and on behalf of Haxf4rall, we wish you a happy hacking journey!

 

References

tisiphone.net/2015/11/08/starting-an-infosec-career-the-megamix-chapters-4-5/

danielmiessler.com/blog/build-successful-infosec-career/

catb.org/~esr/faqs/hacker-howto.html

malwarefox.com/types-of-hackers/

vice.com/en_us/article/mg79v4/hacking-glossary

greycampus.com/opencampus/ethical-hacking/hacking-methodology#dynamic_5

Various Github Resources – Links on this page