Starting out can be a daunting task, there are so many operating systems (OS’s), tools, in the form of hardware, software, and different methodologies based on numerous certifications around the world.
Hacker: Someone who breaks things apart, understands how it works, identifies flaws and improves upon – sometimes alone but usually as a community.
So before you start out you need to ask a few questions. Do you want to focus on a particular discipline, technology or have a broad overview as an ethical hacker/penetration tester?
Well, the truth is, only you know the answer to that question because you know where your interests are, but no matter what you want to learn, there is one fundamental thing you need to do:
Practice, practice, practice
Depending on your goals, whether that be for a future career in cyber security, maybe you’ve been asked to step into this role, or is it just for fun?
Practice makes perfect. It might sound like a cliche but if you want to be good at any type of hacking, then you have to put in the hard work.
80% Reconnoissance, 20% at your keyboard
One of the most important things to know about hacking is, 80% of the work consists of reconnoissance, understanding your target. The other 20% is sat your keyboard building your attack and deploying it. I can’t convey enough, the elation you get, when your hard work pays off and you compromise your targets.
Start researching and you’ve already started your hacker journey
When I first started out, I was overwhelmed by the scale of the cyber security industry and the number of disciplines it actually has under its umbrella. I was also filled with joy when I discovered; 1) how big the community was, and 2) the amount of learning resource there is out there.
Again, this is down to you as an individual, especially the time you have available, and your learning style. Are you someone who likes to watch videos? Are you a practical person who like to read and learn as you go?
No matter what your style is, here are a few learning resources I can’t recommend enough:
Another option is to find a few online class sessions. Udemy has a great selection, and is where I first started. Keep an eye out for cheap deals.
If your deadly serious and dont mind spending some coin there are a few books I’d recommend.
- The Hacker Playbook 2 – has some great tools to learn, including getting to grips with PowerShell and has a great methodology to follow
- Attacking Network Protocols – Two things I started to learn and understand was network protocols, both WiFi and on network
- Metasploit – The most used, if not No. 1, tool in a hackers box of tricks is Metasploit. Learn it, master it
By starting this ‘research journey‘ you’re already starting to building a mindset similar to the first stages of hacking which is RECONNAISSANCE.
Find your hacking hero
When you start your research you’ll undoubtable come across the first of many high profile people in the hacking community. For me it was Kevin Mitnick, then Chris Hadnagy both amazing social engineers. Over time you’ll build up a fantastic social media resource, following some great community members, who will also help you to keep-up-to-date on current techniques, and breaking news within the industry and community.
Operating System (OS)
This one is completely down to personal preference. Linux is the usually OS of choice, but many tools can also be used on Windows and Macs which can also run other distributions within its own desktop, called a virtual machine (VM).
Kali Linux, which is specifically designed as a ‘penetration testing’ platform that comes pre-built with hundreds of hacking tools and is my own personal favourite.
Parrot OS is another specifically designed pen-testing’ platform with loads of tools, but there are some advanced OS versions like BlackArch and Redteam. But in the end it’s your choice, there is no wrong system to use, because it’s up to you how you configure them.
NOTE: Understand VM(s) because it will become one of your first steps into understanding system files and how computer partitions are configured. You’ll be spending our installing, trying different versions of OS distributions until you find the one that is right for you.
cli: Command Line Interface
While considering your OS you’ll start to become familiar with the terminal which is your Command Line Interface (CLI).
Now this is the important bit, the CLI is, and will always be, your number one skillset in your arsenal. This is where my first point comes in, practice, practice and practice. It’s taken me years to become efficient in executing code and navigating around a network of devices.
Like anything, the more you do it, the easier it gets.
Here are some of the basics to start with:
ls – To list directory contents, type ls in the terminal
- -l: will display a long list with additional useful information like permissions, file size and last modification time.
- -a: will show hidden files or sub directories
pwd – The pwd command stands for “print working directory and will show you the name of your current working directory – that means “where you are” right now
cd – With the cd command, which stands for “change directory”, you can change your current working directory
rm – The command rm is used for deleting files or directories
clear – The clear command will clear the terminal screen
mv – You can move your files or directories to somewhere else with the command mv
mkdir – The command <i>mkdir<i> means “make directory” and allows for the creation of new directories
cp – cp is a command used to copy files or directories
su and sudo – The su command can help you to switch to superuser
poweroff and reboot – The command poweroff shuts down the running system, while the command reboot cares for a reset of your system. Both commands require superuser privileges.
man – The man command displays the manual of the command you provided
apt-get / apt:
- apt update – checks for updates your current OS distribution and highlight the number of upgrades are available
- get upgrade – install all the updated tools
- get install <tool-name> – will installs specific tools you discover
git clone – this is one I use all the time for pulling tools down your OS and installing from github
Remember them, master them and you’ll be deploying instructions in no time.
Lastly, get yourself a notebook, and obviously a pen! Take it everywhere with you, it’ll become your best friend – especially if your memory is as bad mine.
I’ve lost count of the number of times I’ve forgotten a simple command, and quickly taken out my notebook for a quick refresher. Maybe you’ve watched a quick video or listening to a podcast with some invaluable advise. Make a note and review as often as you can.
You don’t need qualifications to enjoy something!
Why have I left qualifications till the end?
Well, truth be told, I think it’s one of the most off putting questions/requirements you don’t need to worry about when starting out in this field. Just have fun with it, without stepping over ethical barriers. I’ve seen people in this business who go after a certificate or qualification, straight off the bat, which, I think, limits any potential!
Doing Crest, CISSP, CEH or anything else could potentially put you into a single frame of mind. Looking down one avenue of cyber security, instead of, you, discovering all the various disciplines that make up this fantastic profession.
I started off with wireless network techniques, then data exfiltration and finally fell in love with the less technical side; social engineering. Understanding human behaviour and deploying that on engagements because it saves hours of attacking.
Yes, once you know what your skillset is, then start looking at various qualifications but it’s definitely not where you should start.
I hope this was helpful, if you have any questions please feel free to reach out on social media or email.