We all saw this, black hoodie, green text on the screen, and what not and after a second the person says “i’m in”. Well, hold your horses and your computers, that is not actual hacking. well in a sense, you could wear a black hoodie and have a black and green terminal and sit in dark and wear a mask and stare at your screen, but you might hurt your eyes and your mum might yell at you. mine did, so just a warning!
Well enough of that Let’s have a look into what the hacking means; hacking is the process of finding a vulnerability in a system, and then exploiting that vulnerability to gain something you wouldn’t otherwise have. a vulnerability can be a mis-configuration, an error, or improper use of existing functionality. the exploitation is the method you use to access that vulnerability. you then get something in return — say, more access, or a list of passwords, or simply a crash in the system.
Whoa, wait, wait, what’s this?
Well, that’s just a technical definition, to put it in simple terms — to make things work they are not supposed to! Did you find a way to open coca-cola without the opener? congrats, you *hacked *it! yay! p.s — i am not sponsored by coca-cola :D or am i? (vsause theme plays)
Hacking is generally assumed to be hitting keys on your keyboard but it’s not just that, it’s reading code, documentation, researching, and well lots of reading! It’s thinking out of the box.
Now that we know what actual hacking is, let’s dive deeper into it! hacking is a really broad term. numerous things come under it, like really a lot of stuff, you can get lost in it, if you just go here and there and look and try out things without knowing what to do and what to learn, it can be overwhelming and you might get disheartened. have a look at this image which briefly covers the network of cyber security.
image courtesy : linkedin
whoa whoa, that’s a lot and it’s not green text :p
well, it’s okay if you don’t know any of these terms, trust me you will learn, just be curious and ask the right questions! well, how do i ask the right questions? ask questions first, don’t be afraid to ask, you will realize which questions are wrong and which are right, but the important part is to ask.
there are only two things you need to be good hacker; will to learn and curiosity
okay, i got that much! now what?
warning : you might read some terms now which you never heard before, don’t stress out, google about them, see if it vibes with what you love, and learn googling, it’s a really important skill!
no one knows everything and in cyber-security where the amount of data is being increased every day, you won’t know everything. so don’t be ashamed to google stuff if you don’t know stuff or if you just forgot something.
well now let’s have a look at what are major domains there in information security
1. security engineer. — this includes network designing, security architecture design, and review, cloud security, secure application development. so basically making secure stuff
2. security operations — this domain mainly includes all the operations right from the prevention of cyber attack to dealing with as well as eradicating it.
3. threat intelligence — the people in this domain are cyber threat analysts and they have immense knowledge of information security as well as knowledge in networking administration.
4. risk assessment — here is the spicy part which you mostly see, the red teaming(attacking) and blue teaming(defense)
5. governance — it’s basically like the government which sets and controls laws, administration, auditing, etc, it comprises of auditing, laws, policies and procedures, compliance, etc
well okay, i understand who are hackers and what roles they have, but why do we need them? well, we are humans, we progress and we make mistakes, no one or nothing is perfect. there will be flaws and imperfections. that’s where hackers come into the picture, we protect systems, we test systems to know where the flaws are, we govern the networks, we architect them, we find information, we use it. we are anon…um we are hackers.
this is why we need people who will secure the device or browser which you are reading this article on. but wait, i heard there are bad people too, who use the knowledge of hacking for their benefits, those are called unethical hackers, who do things without anyone’s permissions and then there is a nice part which is ethical hacking, people who do ethical hacking are called ethical hackers and they prevent and test systems so that unethical ones won’t be able to bring your systems down. there is also a spectrum which might help you understand a bit better
image courtesy: spectrum
so i got that much, but how do i proceed? where are the resources? how do i do this and that? how do i learn is there like a road-map? well yes but no! there is no definitive road-map here, as i said the industry is constantly evolving and growing and moving, so things change. but! yes, there is a but! but, you can start in this way, which i found helpful and easy to grab things onto. let’s have a look at what you might need to get started.
everything is connected, so you must know how things work and how data is being transferred from one place to another, what is ip and mac, and what is that and this. it will show you a new perspective to look at the world and the internet. you can pick up any good resource love, i found professor messer’s network+ to be a good start, you don’t have to give the exam if you don’t want to but learn and always keep on learning. some people did find it too long or over the top for learning security, so i have linked one more small youtube playlist which will work decently good.
link: network+ & link: playlist
now, wait, what is linux again? that penguin? well, it’s technically a kernel but let’s not get into technicality. if you are going to hack, you will eventually end up at a terminal, a window with nothing but text, and getting familiar with it helps, master it! linux journey takes you from basics to good enough understanding of linux fairly well. so install a virtual machine and get set go! wait after completing the article maybe.
link: linux journey
now, i know i said we were hacking, so why do we even need to learn to program? well to break something you must understand how it is built. don’t be scared we don’t need to learn every language out there, just learn one and you can move the concepts and knowledge from there to another. so which one should i start with? i found python to be a real good start. it’s easy to get hold of and you can make fun tools and projects with it (maybe i am making one, just maybe). i found the book automate boring stuff with python a real good resource to learn. it takes you from no knowledge about programming to good enough that is needed. i also suggest learning bash for good automation, why? because automation is fun and it reduces the time needed for our tasks
link: automate boring stuff with python, bash guide (basics), shell script (little advance)
now that you know the basics and fair enough, it’s time to play and gamify your hacking. there are resources like hack the box(htb) and try hack me(thm) which let you test your skill and much more! what and how they work? well, i’ll leave the introduction of them to themselves! thm and htb feels a little overwhelming to me to directly dive into, so i suggest to try out overthewire first and then picoctf, again you will know what they are when you visit their respective websites i suggest the order as otw and parallelly picoctf then thm then htb.
once you feel comfortable sprinkle in ctfs in between from ctftime
link: overthewire, tryhackme, hackthebox, picoctf, ctftime
phew, that was a lot!
wait, wait i forgot (not actually) a really important thing! communities!! yes, get into a community, a discord server, or a telegram group or irc or whatever you love! even if you don’t understand anything, in the beginning, you will! you will learn and improve and you will fail too, but that’s the proof that you are trying. so start getting active into communities! and don’t get into rabbit holes of certification. the important part is to keep learning and growing and asking questions! also a tip, that you don’t have to learn this one by one, you can learn parallely too, which in my opinion is better as you don’t get a burn out i have mashed up all resources and much more interesting stuff into a sweet github repository called pandora and along with that a supplementary gitbook — texts of athena
have a look ^^
special thanks to my fellow friends for encouraging and helping me with the article-
thewhiteh4t shane jiab77 starry-lord aditya
and oh, if you want to reach out to me, feel free to do so at avantika(@iamavu)
get set and pwn and happy hacking :D
references :
https://netsec.ws/?p=468#more-468
https://netsec.ws/?p=536#more-536
https://docfate111.github.io/cybersecclub/roadmap.html
https://medium.com/@rana.miet/information-security-what-why-how-462a1ae8fa61
https://medium.com/@tarun.n/cyber-security-for-beginners-5936020f91d6